I participated in a workshop yesterday put together by the FTC concerning consumers and trust. It's privacy uber alles! Time for a little critical thinking.
1) My panel was on trusted sources, the problem of how one recognizes a trustworthy online site (the gist of my remarks are here). The panel that followed was on privacy. I found that curious in itself. People do not go shopping for privacy, they go shopping for stuff. Privacy is one aspect of the transaction, along with the price, the color of the goods, the return policy, and so on. However one thinks of privacy is certainly less important to trust than preventing outright fraud. Yet that was the second panel. Ah well.
-They did not discuss their survey methodology or share their questions at length. But from the presentation of data it looked very much like a substantial part of it was "push-polling." That is, asking questions that are framed in such a way that those being polled are cued as to the response that fits the research design. People are VERY susceptible to this. I recall an experiment from college psych classes--the test subject is presented with three glasses of whater. The researcher tells the subject that he is studying how whether people can detect small amounts of salt and sugar dissolved in water. The subject tastes the water! Lo and behold, he finds that one glass has a little salt! And another has a little sugar! But in fact all of the glasses are just plain tap water. Anyway, there has been a LOT of push polling in the privacy area. Jim Harper and I wrote about it a couple years ago.
It is just not reliable. If one were designing a poll for a candidate for federal office, one would NEVER ask "Is fighting terrorism important?" Is anyone going to say "no?" One asks, "What issues are important to you." And waits for the response. And, ultimately, actions are a better guide than words. We choose legislators by votel, not by poll.
2) Chris and Dr. Turow had an answer to that, in part;
they observed that people online do act in ways that suggests that they want to conceal information. While I am sure this is true, the context matters a LOT. No, people don't want their kids giving out their address online to strangers, or when they post on a bulletin board complaining about a coworker, and they won't share credit card numbers with just anyone, and they might use a special email address (my husband does) to avoid spam. BUT safety, security, anonymity, and spam are really quite different from privacy in the sense of concern about uses of clickstream or marketing data. It is unlikely that someone is going to use the fact that you are in a database somewhere among others who ordered gourmet popcorn to injure you in some way. Talking about "privacy" without clarifying the context is here and elsewhere completely unhelpful.
3) Some of the survey questions suggested that people were largely ignorant of what information is collected by sites, and what is done with it. Again, more push polling here. But assuming the extent of disinformation is accurate, is this really a problem? How do we know that people "ought" to be informing themselves, or opting out? What benefit to them is there from it? People don't want to be deluged by spam or have their credit card number ripped off. But the fact that if they donate money to the SPCA, the SPCA may trade or sell their name and address to other humane societies, is really not going to hurt them in any way. It might even benefit them (and it certainly benefits the other humane socities, who may cease to exist without an efficient way to find adopters, volunteers, and donors). Sites tracking clickstream data is another one. Absent fraud or theft, there is no harm coming to people from this. They are being served targeted ads and coupons and so on... and this is by and large a benefit to them. People's lives are complex. Figuring out what is going on with their data is not something they have time to do. In order words, IT IS NOT A PRIORITY. And there is no reason for it to be.
4) All this ended in a push for regulation... proof that the FTC's self-regulatory approach is not working. But they presented no data comparing the situation here to the more heavily regulated sites in Europe. Here's a quote from one study:
Karim Jamal, Michael S. Maier, and Shyam Sunder, "Enforced Standars versus Evolution by General Acceptance: A Comparative Study of E-Commerce Privacy Disclosure and Pratice in the U.S. and The U.K., Yale ICF Working Paper No. 04-38, August, 2004, pp. 22-23 ("Our comparative study of the U.K. and the U.S. reveals that privacy has fared no better in the U.K. than in the unregulated U.S. environment. While the EU law may have helped reduce the use of first and third part cookies, it also appear [sic] to have reduced the availability and quality of disclosure. Also, unlike [sic] U.S., a U.K. market for web seals barely exists. U.K. consumers appear to continue to be just as vulnerable to misbehavior by a few outliers as their U.S. counterparts. In the absence of mandated standards, U.S. web sites tend to view the disclosure of privacy policies as an instrument of their marketing strategy to attract consumers. Accordingly they make it easy to find their statements of policy, and adhere to these policies reasonably closely. U.K. websites, on the other hand, appear to view privacy disclosure as a mere compliance matter, and are largely indifferent to consumer concerns about their privacy policies. On average they make it more difficult for their customer to find their statements of policy as compared to U.S. websites.")
With that, I finish.