5 (compliant) consent and preference gamification strategies

It may go without saying: people engage in behaviors that are fun and provide rewards.

Though what is fun and rewarding varies across individuals, demographic groups, and generations, activities that provide tracking and feedback, friendly competition, engaging interactions, and social connections usually fall into the category of ‘fun and rewarding.’

To take advantage of this truism, companies began to intentionally design ‘fun and rewarding’ into interactions that otherwise might not fall into the ‘fun’ category, with the goal of increasing positive customer and employee engagement. The field of gamification was born. 

What is gamification?

Gamification is “a strategy that integrates entertaining and immersive gaming elements into  nongame contexts to enhance engagement and motivate certain behaviors.” Gamification may involve setting up competition through leaderboards, rewards through points and badges, and plain fun through games, fun graphics, and other experiences.

For example, many training/learning platforms use gamification techniques to motivate learners and have found increases in engagement, though not always in learning outcomes, as a result. Examples of gamified learning platforms include Duolingo and Coursera. 

The gamification strategy can be particularly effective to motivate and engage participants in activities that may not be intrinsically motivating for all users – not only for learning, but also exercise, diet and weight management, and other health practices like meditation. The applications do not stop there, of course, as there are many things we ‘should’ be doing, know that we ‘should’ be doing, but sometimes lack the intrinsic motivation to start doing and keep doing. Gamification can help keep us on the path.  

How does consent gamification work?

Research shows that consumers are concerned about privacy, but fewer take the time and energy to engage with companies about their personal data. Privacy professionals may not feel that privacy is an intrinsically boring or unmotivating activity that falls into the ‘should do’ category – but many consumers would disagree.

The legal compliance aspect pushes some organizations to present complicated, legalese-sounding experiences, especially related to privacy notices and consents. However, privacy-related engagement from data subjects directly benefits organizations in the form of enhanced and granular data collection/uses/sharing opportunities, reduced volume for individual rights requests, and enhanced trust and brand perception.  

Some organizations have turned to privacy-related gamification as part of the solution to spur data subject interest in privacy. For example, Zynga, a game development company, created PrivacyVille. Site visitors can ‘play’ at privacy by traveling through PrivacyVille, receive points, and can achieve Certified PrivacyVille Tour Guide status as rewards. Other organizations use gamification techniques internally to spur interest and engagement in privacy across cross-functional stakeholders, such as Privacy Advocates within various areas of the business.  

Other brands use consent gamification tactics to get users to provide first-party data. For example, a brand might create a ‘free to play’ game of some kind in return for providing your name, email address or preferences. Rather than asking for this data in a form, they might use surveys or quizzes to collect this type of information. Organizations can also offer unique product incentives or add-ons that can encourage people to download their app or log in, providing further access to data sources.

The challenge, of course, lies in the details of how to gamify privacy. First, there are some tips to consider that apply to any gamification application: 

• Think about gamification as part of a longer-term strategy. Avoid forcing participants to go too deeply too quickly and plan for updates and events over time. Though there may be some short-lived gamification applications in which participants will engage for a limited time, most use cases involve months or years of participation, so long term planning is essential.  
• Provide rewards but do not overemphasize them. Rewards are great but sometimes the journey is as exciting as the destination. After all, a “5K Run” badge received through an Apple Watch does not have any tangible benefit but is still rewarding to many users tracking fitness and activity goals.  
• Create a level playing field. Remember that “to participate is to win.” Individuals should feel successful with all levels of engagement, while still feeling motivated to do more. The goal is to encourage everyone and not to discourage anyone. Also, not all individuals are motivated by the same things, so taking a “something for everybody” approach will help make sure that different participants with different goals are able to experience rewards and motivation.  

Always consider the potential legal ramifications

There are also some special challenges and considerations associated with privacy-specific gamification. For example, privacy is, in part, a legal compliance motion. Organizations cannot lose site of the gravity and compliance aspect of privacy. Gamification techniques should never hide or minimize the potential outcome of privacy terms, decisions, and activities. Striking the right balance between seriousness and fun is critical in the privacy context.  

Also, regulator interest in “dark patterns,” or user interfaces that subvert or impair an individual’s autonomy, choice, or decision-making may create a special concern for privacy-oriented gamification. It is possible to create fun while not unduly influencing an individual in the direction of a particular choice, but designers will want to pay special attention that the gamification does not interfere with the clarity, straightforwardness, and fairness of the privacy interaction.  

Ironically, there are some potential conflicts between privacy and gamification. For instance, gamification often involves asking users to establish a public online presence and share results – awards, points, activities, badges, etc. – in the form of a leaderboard. The ‘game’ links behaviors, locations, and activities with each online presence and makes those public, degrading privacy as a result.

Especially when employed in the privacy context, how ironic it is to design a privacy-specific gamified experience that reduces privacy! However, these privacy challenges in gamification are usually solvable. Setting up leaderboards, for example, so that participants select avatars in a pseudonymous way instead of actual profiles can both help protect privacy and increase the level of fun.  

In summary, it is useful to recognize that privacy activities that fascinate privacy professionals may not equally fascinate data subjects. Gamification techniques can encourage those data subjects to consider their privacy more deeply, engage more with the organization, and make more and better decisions about their personal data. Especially in privacy, though, gamification can present a tricky balance between the fun and the serious, and even between social engagement and privacy itself. An organization can achieve these balances, though, by carefully considering its short- and long-term goals, how to build privacy by default into gamified experiences, and how to create win-win experiences for data subjects while presenting clear, fair, and unbiased experiences for everyone.  

Call-out for 5 consent gamification tips:

1. Think about gamification as a long-term strategy. 
2. Provide rewards but do not overemphasize them. 
3. Create a level playing field. 
4. Do not lose sight of the compliance aspect of privacy. 
5. Beware of dark patterns.