Privacy moves from backroom to boardroom

The news last week that Google had agreed to rewrite its privacy policy is generally being heralded as a successful outcome for regulators. The UK’s Information Commissioner’s Office had considered that Google’s privacy policy was “too vague when describing how it uses personal data gathered from its web services and products.” We may well see a slew of similar activities in other European markets as data protection authorities have reportedly been working together to persuade Google to make a series of requested privacy changes.

So just what are these changes? Essentially they aim to provide consumers with greater transparency and control over the way their data is collected and used. So the privacy policy will be more ‘accessible’, privacy controls easier to use, and there is a range of measures designed to inform users how their data will be processed and shared.

But perhaps the bigger question that we should ask ourselves is whether this really matters.  Regulators may be pleased at the result but is this really a victory for the consumer? 

Engaging with privacy policies

I think this question is hard to answer. On the one hand, any form of greater transparency and control relating to the way we manage our privacy can only be a good thing. But on the other, do we actually engage with privacy policies no matter how straightforward? 

We live in an environment where survey results tell us that while we care about what is in the T&C’s that we sign up to, we rarely read them.  And frankly it is just not viable to read the privacy policies of all the sites that we visit.

It’s been estimated that it would take the average user 76 days to do the due diligence for all the websites that they use in a year. Another study estimated that the cost, if US consumers did actually read all the privacy policies of sites they visit, would be $781 billion per year.  We could probably pick apart and dispute elements of these somewhat amusing calculations but they nevertheless make a clear point.

Disclosure behaviour

There is also a large body of evidence that demonstrates just how malleable our behaviours can be when it comes to disclosing information about ourselves online. For example, we overstate the importance of privacy controls in our minds, perversely putting more into the public domain if these are available than we would otherwise have done.

Default settings on websites can lead us to be more likely to share information such as our profile visibility on social networks whether privacy policies are designed as opt-in or opt-out.

It is becoming increasingly clear that simple ‘transparency and control’ measures for ‘empowering’ consumers is not sufficient. Consumers do not seem well equipped to be able to determine what their preferences are and how these translate into tangible actions that they undertake online. 

Something to hide

Does this matter?  Surely privacy only matters if you have something to hide or you have not caught up with the concept that privacy is no longer a social norm.  That, however, is not quite the case. 

There is plenty of evidence that we do still care about privacy.  Teenagers, often cited as the most egregious flouters of privacy, care very much about the information they disclose online as has been well documented by danah boyd among others. Many surveys show we are more likely to do business with brands that manage our privacy carefully.  And if nothing else, the success of an array of services, from ad blocking services to highly secure smartphones indicate our desire to better manage our online lives.

Privacy is the very human flip-side to the rapidly emerging data economy. Brands need to get it right because increasingly consumers are seeing this not only as a source of competitive differentiation but as a corporate reputation issue. 

Fair Data

There is certainly value in trust frameworks such as the Market Research Society’s Fair Data.  Here organisations sign up to some straightforward principles that consumers only need read once, knowing that participating brands operate to these standards. 

Brands, and indeed governments, still need to understand the nuances of consumer privacy preferences as it applies to their particular market and organisation to determine the right balance between disclosure, privacy and use of personal data. 

With the rise of the data economy, privacy has rapidly moved from backroom compliance to the boardroom. It’s increasingly recognised as a complex and nuanced issue requiring a subtle understanding of the way in which consumers and organisations interact; as such market research needs to be at the centre of the debate. 

Colin Strong will be chairing a panel debate on the topic of privacy at the MRS Impact Conference on March 17^th.