It’s clear that trust in digital is broken. Brands are trying to regain that faith and authenticity to truly connect with their customers. Here’s my ideas on how to face that tricky challenge through a UX process. I was invited to share these ideas at a keynote at SXSW this year as part of the Department for International Trade’s ‘Make Britain Great’ initiative. 


My audience at the SXSW Department for International Trade’s ‘Make Britain Great’ initiative. 

Thanks to the World Wide Web and the Internet, information spreads rapidly. More than this, the Internet now powers many products, services and even entire economies. But something’s gone wrong.  

The increasing centralisation of the Web within silos, walled gardens and controlling parties defies the spirit of the original web. This follows the original inventor, Tim Berners Lee’s insights below. He spoke in the wake of Internet scandals such as the Russian interference in the US election and the now notorious data use by Cambridge Analytica. 

SXSW Tim Berners Lee

The big tech giants dominate global media. They thrive off the personal data on a scale that we unwittingly give away, personalising our adverts to a T. As users, we haven’t benefited from security, privacy or robust news sources. 

Ultimately, many organisations have failed to focus on the user and their wants and needs. And more Governments are planning tough regulation to rebuild that trust, such as the much-lauded GDPR.

Following the model of persuasion

Before we talk about trust, let’s talk about its two best friends. For trust to be established, brands have to key into users’ emotion and subconscious as well as providing a utility, like relevant information.

The “power of persuasion” (diagram below) is a timeless staple coined by Aristotle. He said that all communication with people should follow the three principles of ethos, pathos and logos. Together, they persuade a user that the communication is trustworthy, convincing and informative. 

SXSW Relationships

There could be a lack of faith in the product if a user doesn’t believe that the brand is authentic and authoritative (ethos) and lacks emotion or relevance (pathos). In addition to that users will certainly walk away if the product, service or brand lacks rationale or logic (logos).

Introducing trust

What’s the good news? Broken trust between people and brands or governments isn’t a new thing. Trust has always been a staple for some brands. Over the last decade, Apple have always emitted trust throughout every single user touchpoint. In 2016, Apple posted an open letter to the FBI refusing to unlock the iPhone of the San Bernardino terrorist. Unlocking the iPhone would be the easy thing to do. For Apple however, there were wider trust considerations. Unlocking the device would compromise regulation, security and the design of its entire ecosystem. It had a point. 

But what can other brands do to fix it? I developed 10 trust pillars that brands can use to score and guide their success.

SXSW Trust Pillars

This blog will focus on the first five pillars, as they are the most important and more businesses don’t get them quite right.

Put the human first

Brands that embrace sustainability and are social at heart are winning in the long term. A good example of this is Bulb. The energy company’s founder was inspired by his own struggles to understand his home energy bills. Focusing on renewable energy, sustainability and community was a real USP for them. They state:

At Bulb, we put members first. Which means empowering our customers. Listening to them. Inviting them to build our company with us… Simpler, cheaper, greener. We’ve got three values that run through our company like the words in a stick of the rock.

Instead of spending money on advertising, they have a robust referral program where each user who introduces another wins £50 for each of them. In just three years, Bulb has signed up over 300,000 households in the UK; more than the city of Leeds. 

Contrast this with Facebook’s mission. They aim to ‘connect the world’ and ‘bring the world closer together’. Whilst its mission sounds noble, it is flawed in many ways. If we look at their purpose, it could bring a lot of the wrong people together. They can now assemble far more effectively.

I tried to find Facebook’s values and only found their Careers one. The most relevant was to build social value. The issue with this is that it doesn’t say anywhere that it is putting the human first. There’s nothing about protecting the user or acting in their best interests. No wonder why they just got fined a whopping $5bn!

The synergies were incredible when we worked with the Bank of England. They wanted to put the user at the heart of everything they do; their website only exists to serve their users. They promoted how all decisions must focus on their needs, via research.

Undecided Brexit voters trust the Governor, Mark Carney to give an honest view of the pros and cons of Brexit more than senior politicians. In a separate LBC survey, he was even called more patriotic than senior UK-born politicians.

Overall, put the user before your brand and work around what is moral and right for them.

Welcome regulation

Due to the misuse of data, lack of privacy, and poor security, the EU introduced the GDPR. GDPR focuses on three things: transparency, control and privacy. 

Interestingly, across the pond the California Act contains similar provisions to the GDPR. It’s due to come into force at the start of next year. But technology companies have been lobbying heavily for a federal bill to overrule this. One of the four senators drafting the bill, Richard Blumenthal told the Financial Times he wanted to ensure technology companies didn’t see this as an opportunity to water down its measures. He said: 

“We need strong, federal privacy rules…not a weak set of carve-outs written by industry”.

In fact, constraint is good. It helps us to build better products and be more creative within these limitations. Follow what regulatory bodies are debating to ensure you remain ahead. Use our handy checklist to understand how your organisation needs to comply with GDPR.

Privacy is a human right

Companies can follow standards and improve the UX at the same time. Privacy by Design is a framework that bakes customer protection into products and services.

SXSW Privacy by Design

As brands and organisations, it is our moral duty to protect our users from potential misuse. For example, if your staff converse with users, utilise secure and moderated messaging functionality to protect users.

The Monzo messaging system is moderated and private. This contrasts with the UK’s largest takeaway service that was giving each customer’s mobile phone number to delivery drivers. Naturally, this created a lot of problems around privacy and even resulted in harassment.

Be secure

Organisations that follow the latest security standards are trusted more. As a design agency, our independently accredited user-centred design process via the ISO standards increases our trust from banks, pharma and government organisations.

Defend your brand with an attacker’s mindset. By being data-aware and proactive, organisations can protect their customers. An example of this last year is from Monzo. In April, 50 Monzo customers reported fraudulent transactions on their accounts. They conducted analysis to identify any trends that could help others. 

This investigation unearthed a pattern: 70% had used their cards on Ticketmaster. They reached out to Ticketmaster which started to conduct an internal investigation. Meanwhile, as Monzo were so confident something was wrong and they wanted to protect their customers, they replaced their cards within a week. It wasn’t until two months later that Ticketmaster warned their customers.

At Cyber-Duck, we have a handy set of security principles that offers brands a practical model to implement safeguards throughout the digitised customer experience.

SXSW Brand Protection Security

This covers tasks like using HTTPS, especially if you’re handling sensitive data. This provides a SEO bonus, as Google announced it’s a ranking factor. Apply security patches and updates to the server operating system, any third-party software (e.g. CMS) and any software dependency management tools rapidly. Test your website security via penetration testing and once complete, focus on the critical issues first. 

From a user perspective, enforce password requirements such as an eight-character minimum, uppercase letter and number. 2FA can be used as another layer to protect users, if the nature of the data is very personal. Store them as encrypted values (e.g. a one-way hashing system) and use many CMS user management features, as these have many website security features built-in. Overall, you should allow users to upload files with care, as it could open your website up for abuse. It’s best to prevent direct access to uploaded files; they should be stored in a folder outside the database.

Ethical Design

I’ve always promoted Steve Jobs’ saying: 

“That's not what we think design is. It's not just what it looks like and feels like. Design is how it works.” 

In the context of ethics, designers often sit in the driving seat when it comes down to making ethical decisions. Design decisions include setting core values, as well as deciding how the interface will work. Whatever design we do, we need to be decisive and consistent with those decisions and not apply double standards or biases towards certain users.

SXSW Mike Monteiro

Here’s an example. Under Twitter’s usage policy, users are not allowed to threaten others. Yet, Trump is able to tweet things like…

SXSW Twitter Usage Policy

An example of where things went better is the Elon Musk-backed non-profit OpenAI. In 2019, they declined to release their research publicly as they were afraid about misuse. It was a new fake text generator via AI. Just by putting in a few paragraphs from a newspaper the bot can twist the story and reality as it wants making the story really convincing. Various technology companies are creating browser tools to rank the credibility of content.

As designers we have responsibilities. Misinformation and the lack of regulation and accountability of social networks has serious consequences. We need to design for edge-cases and diversity from the outset.



  1. To build trust, you need to question your ethics and values.
  2. Look at regulation as an opportunity to improve, not a threat.
  3. Privacy by design enables you to build secure systems from the outset.
  4. If you’re not building security into your brand, you’re going to fail.
  5. Design and ethics are nuanced – put the user first and design for edge cases.

I really enjoyed giving this popular talk at SXSW this year. For more, please check out my slides.

If you’re interested in an agency that can help you build a trusted, authentic brand with privacy via design, please get in touch.