What Consumers Really Think About Privacy
The International Association of Privacy Professionals recently held a think-tank event called Navigate, wherein participants learned about the complexities of consumer perceptions on privacy by exploring the results of focus-group research carried out by Create with Context and sponsored by Yahoo, Visa and the Future of Privacy Forum.
So, what did we learn?
One thing is clear: Woe shall befall the company that violates the trust of consumers.
First, consumers do not read privacy notices. Period. This finding probably should not surprise us, but the research was clear. Consumers do not take the time to read - nor do they have any desire to read - privacy notices.
Next [and this one really surprised the attendees in the room], when forced to read a privacy notice, consumers tend to feel worse about the data practices about the company in question. Stated differently, when engaging with one of our primary public policy responses to concerns over privacy, notice the result is not that consumers feel empowered with regards to their data, but rather feel worse about how their data is being used in the marketplace.
For anyone in the field of privacy, this finding creates some fundamental questions over how we engage consumers proactively and productively.
Another fascinating result is that consumers tend to seek positive rationalizations for the use of their data. In other words, consumers want to assume that there is a beneficial purpose for the use of their data. This is perhaps good news - organizations start out from a position of relative trust from consumers. Additionally, consumers will place the blame on themselves for data practices that seem inconsistent with their interests. "I must have approved this at some point and just don't remember" was a common refrain from the interviews.
One thing is clear: Woe shall befall the company that violates the trust of consumers. They may not read your privacy policies, they may try to rationalize good intentions for data practices, but if they feel that their expectations' regarding their data is violated, they punish companies severely.
Clearly, understanding consumer expectations regarding privacy will be a critical component to any future solutions to this vexing challenge.
The research offers a compelling, and perhaps startling, glimpse into the mind of consumers in the marketplace. Going forward, we all will benefit extensively by spending more time understanding these perspectives.
So what does work?
Of course, our answers are still frustratingly few at this point. But a few things do appear to resonate with consumers and, perhaps, regulators.
- Make sure there is a logical connection between your use of data and the function of your product. Consumers reject vehemently the idea of data collection when they cannot see the correlation between the data being requested and the product. Translated: Do not ask for data you don't need.
- Bake privacy into your products. Do not "bolt it on" afterward. This is the fundamental tenet of privacy by design - a concept that encourages companies to build privacy into their design processes. Doing so makes good business sense.
Hughes is an attorney specializing in e-commerce, privacy and technology law. In his role as executive director of the IAPP, Hughes leads the world's largest association of privacy professionals.