The Disconnect Between What People Say and Do About Privacy

In the course of my research I’ve been fortunate to be able to speak at length with media planning executives and practitioners.  They spend much of their time figuring out how to use data to send commercials to targeted segments and individuals online.  When the conversation turns to privacy issues, they invariably dispute that the public is genuinely concerned with the topic.  “When they respond to your surveys people may claim to worry about privacy issues,” the industry practitioners tell me. “But look at what they actually do online.  People will give up personal information just to get a discount coupon.  And look what they reveal about themselves on Facebook!  The disconnect between what people say and do shows that policymakers and academics misjudge the extent to which the public really cares about the use of data about them by marketers.”

It’s an interesting argument and one that must be taken seriously.  One response I give is that people are indeed complex, but their behavior doesn’t mean they are two-faced when it comes to privacy.  Rather, findings from national telephone surveys (conducted by me and with colleagues) going back to 1999 show that the majority of Americans are deeply unaware about what goes on with their information about them online.  They know companies follow them, but they have little understanding of the nature of data mining and targeting.  They don’t realize companies are connecting and using bits of data about them within and across sites.  They think that the government protects them regarding the use of their information and against price discrimination more than it does.  And over four surveys, about 75% of adult Americans don’t know that the following statement is false: “When a website has a privacy policy, it means that the site won’t share information about you with other companies without your permission.”

“Why don’t Americans know such things?” industry practitioners often ask me after I recite such findings.  “And why don’t they use anonymizers and other technologies if they are so concerned about leaking data about themselves?”  My answer to that typically takes the form of “people have a life.”  Learning ins and outs about the online world can be complex, and people have so many priorities regarding their families and jobs.  Too, when they go online, whether to Facebook, YouTube or a search engine, they want to follow their needs and leave.  In moments of rational contemplation they may well indicate web wariness.  But online their need to accomplish particular goals and often engage in emotional relationship-building may trump rationale calculation.  Chris Hoofnagle, Jennifer King, Su Li, and I inferred this pattern even from young adults—men and women 18-24 who common wisdom suggests wouldn’t care a whit about privacy.[1]

There is an additional explanation for people’s lack of knowledge about how data about them are treated under the internet’s hood.  Unfortunately many of the most prominent digital-marketing actors engage in a kind of doubletalk about their use of information.  It’s a consistent pattern of public faux disclosure that may simultaneously encourage people’s confidence in the firms’ activities and obfuscate the privacy issues connected with those activities.  And some of the biggest players engage in this privacy-doublespeak dance.

Consider how Google recently told its users about its decision to link information about their activities across its most popular services and multiple devices beginning March 1.  The consolidation was clearly a response to a number of developments.  Strategically, Google wanted to use its previously siloed data in ways that would be competitive to its increasing competitor, Facebook.[2]  More tactically, Google was motivated by the firm’s need to meet a European-Union directive that beginning May 1 all advertisers must obtain consent from their customers to allow websites to set cookies.  In the words of the U.K. trade magazine New Media Age, “Consolidating its multiple privacy policies, of which it has over 60, for all its accounts will mean consumers only have to give consent once for it to be effective across all Google products.”[3]

In the U.S. Google faced a major risk with the data consolidation.  The company had to know that some would see the action as violating last year’s agreement with Federal Trade Commission not to change its handling of people’s data without their explicit permission.  In fact, the Electronic Privacy Information Center filed a complaint with the FTC insisting Google’s new approach violates the deal.[4]  Perhaps to blunt such criticism, the company shouted out its new privacy regime to broad publics. For several days Google emblazoned its search page and the landing pages of its other holdings with statements such as “We’re changing our privacy policy” followed by blunt signals of seriousness—for example, “This stuff matters” or “Not the same yada yada.”  But if you clicked the link to learn more, you found essentially the same yada yada.  The urgency evaporated.  The language gave no sense that beginning March 1, to quote the Los Angeles Times, “the only way to turn off the data sharing is to quite Google.” [5]  Instead, clickers saw the comforting statement that the change was all good.  The privacy policy would be “a lot shorter and easier to read.” It would reflect “our desire to create one beautifully simple and intuitive experience across Google.”[6]

Google certainly isn’t alone in this purposefully confusing, often two-faced approach to the public.  Consider how Amazon makes it seem that its data mining is transparent with respect to its visitors.  On its landing page the firm is straightforward in letting you know that it is connecting what it previously saw of your site behavior with what others who did similar things bought.  But a trudge through the privacy policy will reveal that Amazon’s seemingly open approach to visitors’ data on the home page actually obscures a far broader and impenetrable use of their data for the company’s own and others’ marketing purposes.  Check out Pandora for a similar pattern of transparency and non-transparency in data-handling.  Or visit the Digital Advertising Alliance’s op-out area and note the disconnect between the availability of the opt-out choice and the rhetoric around it that makes its selection seem slightly absurd.

This sort of doublespeak may be endemic to the approach data-driven marketers are taking to the public.  As Wall Street Journal columnist Al Lewis recently noted, “Mark Zuckerberg says Facebook’s IPO is not about the money. But he then says it’s about creating a liquid market so his employees and investors can get their money—proving the maxim that it’s always about the money.”[7]  Such corporate “explanations” of their activities add yet another reason for the public’s failure to understand the dynamics of big data in their lives.

[1] Chris Jay Hoofnagle, Jennifer Kinng, Su Li, and Joseph Turow, “How Different are Young Adults from Older Adults When it Comes to Information Privacy Attitudes and Policies?”  August 14, 2010.  Report available at , accessed February 8, 2012.

[2] Byron Acohido, Scott Martin, and Jon Swartz, “Consumers in the Middle of Google-Facebook Battle,” USA Today, January 26, 2012,, accessed February 8, 2012.

[3] “Google to consolidate privacy data to bolster ad targeting,” New Media Age, January 25, 2012.  Thanks to Jeffrey Chester for pointing out this article to me.

[4] Byron Acohido, Scott Martin, and Jon Swartz, “Consumers in the Middle of Google-Facebook Battle,” USA Today, January 26, 2012, , accessed February 8, 2012.

[5] Jessica Guynn, “Google to Expand Its Tracking of Users,” Los Angeles Times, January 25, 2012, B1.

[6] “Google Policies & Principles,” , accessed February 8, 2012.

[7] Al Lewis, “Facebook, Dead of  Alive,” Wall Street Journal, February 5, 2012, , accessed February 8, 2012.

You may also like...