Need help with privacy design?

Hello community! I am looking for use cases to understand how GDPR may require changes to your app UI. What design/flow/usability challenges are you facing in relation to privacy? Ultimately, i’m developing best practices around user privacy design. Some topics:

  • Do you need to request consent for user data?
  • Do you need help designing an experience with partial user data?
  • Do you need to handle “right to be forgotten” in your UI?
  • Do you know how to design a privacy policy that mortals can understand easily?

As always, thanks for any feedback on this topic.

1 Like

We are developing a feature in which a user can send an email to other users within the same Jira instance. Our initial idea was to use a multi-select component in which you can select one or more users.


With the new privacy settings, some users will not allow us to see their email address. During the ecosystem design meetup you gave us some interesting examples on how to solve this. (unfortunately I can’t find the recording anywhere, so I’m not sure if we’re taking the same approach)

I believe it looked something like this, which allows you to see which user has opened up their email address to the Jira instance:


Since we are designing functionality that requires the email address of the user, I’m wondering what the best approach would be to alert the user at this moment. Using @bmorgan in the example above is not possible, since we don’t know this person’s email address.

I can come up with a number of approaches:

  1. Only show users that have an email address available. This could be confusing when you’re looking for someone and kind find them. You have no way of knowing why this person is not in the list.

  2. Disable the selection and show a message explaining why it’s disabled. This seems like the best approach since it explains what’s going on. If you know the email address of this user, you could enter the email address manually.

  3. Show some kind of error message when you select a user that does not have an email address. Similar to the 2nd option, but less elegant.

My main question here is: How does Atlassian deal with this situation? The best solution is usually the one that users are familiar with.

This also answers your question “Do you need help designing an experience with partial user data?”. It would be very helpful to get an idea of how Atlassian is handling these use cases, so we can take it from there. If we all take different approaches, it will become frustrating for the end-user.

1 Like

@akassab and I are working on an answer for you. This is a good case for internal teams to consider.
In the meantime, you can find the recording on this shared google drive.


@Maarten some thoughts on your feature - for users that hide their email, we do have a model that allows them to be searchable in a list, just not selectable for action.

Atlassian is thinking and designing for the following cases (added my note on display-ability):

  • A Active Account - displayable
  • B Deactivated Account - displayable with status indicator
  • C Pending Deletion - displayable with status indicator
  • D Deleted (with nickname) - displayable with status indicator
  • E Deleted (without nickname) - not displayable/searchable. worst case scenario.

Here is the model with examples.

Also, if this really diminishes functionality on the system, it seems like an appropriate place to ask users to consent to email notifications from your app?

1 Like

Thank you for your response @ksnow. I’m not sure if you want to discuss this here or if we should start a new thread (and focus on your questions here). We can move it if you want.

Your example focuses on active vs inactive accounts. I’m more interested in active accounts with different privacy settings, which were discussed in the Ecosystem Design Meetup around GDPR and Privacy.

If I understand it correctly, this is the same account with different privacy settings. All three versions are active, but only the third one does not hide information such as email address.

Our use case is about selecting email addresses. To make this process easier we make it possible to select users. But when a user has hidden their email address in their privacy settings, they cannot be selected. We want to make this clear in the select component.

One way to do this would be the following:


Also, if this really diminishes functionality on the system, it seems like an appropriate place to ask users to consent to email notifications from your app?

Yes definitely. But this is part of a process before we have had the option to ask the user for consent. We basically want to allow users to invite their team-members to the app. This can be done by typing email addresses, but it’s much easier if you can just search for your team-members by name.

@Maarten - apologies for the delay here. If it helps I’m told that there may be a special case lookup for email matches where an exact match can be used to find a user by email address. Otherwise, a user cannot search for fields they do not have access to.

Thanks for getting back to me @akassab. Do you have any idea how Atlassian is going to make this clear in the UI? When I search for my colleague and can’t find her, how is the UI explaining to me that it might be because of security settings and that I have to search for her @handle instead?