The Expert's View with Trevor Hughes

What Consumers Really Think About Privacy

What Consumers Really Think About Privacy

When we talk about privacy, we are fundamentally talking about protecting consumers and citizens from harms that may occur because of misuse or abuse of their data. However, while the debate over privacy swirls, the actual voice of the consumer is rarely heard. (Also, read State of Privacy in Financial Services.)

The International Association of Privacy Professionals recently held a think-tank event called Navigate, wherein participants learned about the complexities of consumer perceptions on privacy by exploring the results of focus-group research carried out by Create with Context and sponsored by Yahoo, Visa and the Future of Privacy Forum.

See Also: When Every Identity is at Risk, Where Do You Begin?

So, what did we learn?

First, consumers do not read privacy notices. Period. This finding probably should not surprise us, but the research was clear. Consumers do not take the time to read - nor do they have any desire to read - privacy notices.

Next [and this one really surprised the attendees in the room], when forced to read a privacy notice, consumers tend to feel worse about the data practices about the company in question. Stated differently, when engaging with one of our primary public policy responses to concerns over privacy, notice the result is not that consumers feel empowered with regards to their data, but rather feel worse about how their data is being used in the marketplace.

For anyone in the field of privacy, this finding creates some fundamental questions over how we engage consumers proactively and productively.

Another fascinating result is that consumers tend to seek positive rationalizations for the use of their data. In other words, consumers want to assume that there is a beneficial purpose for the use of their data. This is perhaps good news - organizations start out from a position of relative trust from consumers. Additionally, consumers will place the blame on themselves for data practices that seem inconsistent with their interests. "I must have approved this at some point and just don't remember" was a common refrain from the interviews.

One thing is clear: Woe shall befall the company that violates the trust of consumers. They may not read your privacy policies, they may try to rationalize good intentions for data practices, but if they feel that their expectations' regarding their data is violated, they punish companies severely.

Clearly, understanding consumer expectations regarding privacy will be a critical component to any future solutions to this vexing challenge.

The research offers a compelling, and perhaps startling, glimpse into the mind of consumers in the marketplace. Going forward, we all will benefit extensively by spending more time understanding these perspectives.

So what does work?

Of course, our answers are still frustratingly few at this point. But a few things do appear to resonate with consumers and, perhaps, regulators.

  • Make sure there is a logical connection between your use of data and the function of your product. Consumers reject vehemently the idea of data collection when they cannot see the correlation between the data being requested and the product. Translated: Do not ask for data you don't need.

  • Think about how you present privacy controls to consumers. Presenting a consumer with the ability to opt out of a data practice is of little value if it is buried in a privacy policy or requires enormous effort to execute. Some in the privacy world are starting to talk about a "just-in-time" notice - where information related to data appears when it is appropriate. These ideas are still shaping, but they show great promise.

  • Bake privacy into your products. Do not "bolt it on" afterward. This is the fundamental tenet of privacy by design - a concept that encourages companies to build privacy into their design processes. Doing so makes good business sense.

Hughes is an attorney specializing in e-commerce, privacy and technology law. In his role as executive director of the IAPP, Hughes leads the world's largest association of privacy professionals.



About the Author

Trevor Hughes

Trevor Hughes

CEO & President, International Association of Privacy Professionals

Hughes is an attorney specializing in e-commerce, privacy and technology law. In his role as executive director of the IAPP, Hughes leads the world's largest association of privacy professionals. He has testified before the U.S. Congress Commerce Committee, the U.S. Senate Commerce Committee, the U.S. Federal Trade Commission and the EU Parliament on issues of privacy and data protection, spam prevention and privacy-sensitive technologies.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.co.uk, you agree to our use of cookies.