FEATURE1 January 2011

The open secret

Consumers care deeply about keeping their personal data private. Or do they? Robert Bain looks at the emerging face of online privacy, and asks where it leaves surveys and social media research.


“Say yes to market research” says the face smiling out from the billboard. This latest attempt by research associations in Germany to promote the industry lists three reasons why people should trust research: it’s anonymous, your data will be protected and we won’t try and sell you anything. Evidently the research industry is as anxious as ever to make clear the lengths to which it goes to protect respondents’ data – this respect for privacy has, after all, been crucial to earning public trust.

The consequences of privacy breaches can be serious – not to mention the loss of freedom that comes from a feeling that someone’s watching you. And in the age of Wikileaks it seems to be more and more difficult to keep a secret.

“While in the past it was easy to blame privacy problems on technological change, ineffective laws, bungling bureaucrats or rapacious corporations, we wouldn’t be where we are now if consumers weren’t complicit in allowing their own privacy to be eroded”

But recently something weird has happened. Consumers have started using the internet to share unprecedented amounts of detail about their lives. That’s why it didn’t seem shocking to hear Facebook CEO Mark Zuckerberg declare last year that privacy is no longer a “social norm”. He would say that, of course, because his fortunes depend on it being so, but he’s also got half a billion users to back him up.

While in the past it was easy to blame privacy problems on technological change, ineffective laws, bungling bureaucrats or rapacious corporations, we wouldn’t be where we are now if consumers weren’t complicit in allowing their own privacy to be eroded – in spite of their apparent anxiety to protect it.

So as research seeks to tap in to social media to uncover new insights and reach people more effectively, new questions arise. If the likes of Facebook and Foursquare can attract huge audiences by encouraging users to forget privacy concerns, while surveys are stuck asking a dwindling pool of bored respondents the same questions over and over again, are we going about things the right way?

What’s it worth?
Research puts a high value on privacy, and so do lawmakers and regulators, even if they struggle to keep up with technology. In the US, Congress is looking at ‘do not track’ legislation – an approach backed by regulators but reviled by advertisers. The European Commission, meanwhile, is looking at ways to limit the collection of personal data to the minimum necessary and ensure better choice about how information is used and stored.

The privacy scandals that regularly flare up show that certain sections of the public feel very strongly about these issues. But do these debates between politicians, CEOs and consumer groups really reflect how much most people worry about privacy?

Results of a survey conducted last year by Vovici offer some answers. Most respondents said they were concerned about privacy on the web, but those who were more worried did not behave much differently online from the others. Vovici’s Jeffrey Henning wrote in these pages: “It appears to be fashionable to express concern about internet privacy, yet not act on that concern”.

Online advertisers who want to target people based on their browsing habits (including researchers who want to recruit respondents via targeted intercepts) have reason to hope Henning is right, and have tried to put a number on what privacy is really worth to consumers. A study conducted for the Interactive Advertising Bureau Europe by McKinsey & Company concluded that the value European internet users attribute to protecting their personal information from advertisers is far outweighed by the value they get from free ad-supported services.

Factoring in the cost of providing free services, the time people spend using them and the value people put on their time, McKinsey used conjoint analysis to quantify how respondents valued the various services they get online for free, and settled on the pleasingly round figure of €100 billion of free stuff per year – the lion’s share of the total surplus created. Of course, the way the study quantified value is highly subjective, but it’s a good illustration of the kind of trade-offs consumers make on privacy without even thinking.

Privacy by design
As chief privacy officer at Kantar, George Pappachen is one of the most senior figures in market research to focus on this issue – keeping tabs on how data protection law affects research activities and dealing with privacy questions raised by social media research and tracking online behaviour. When Research asked Pappachen whether he believes the general public care as much about privacy as marketers and regulators do, he said, “Yes and no.”

“To be honest I’m not sure members of the public, or the majority of them, quite understand what the conversation is about,” he said. “As researchers we have a requirement to be transparent, and in one sense what we’re seeing is that the consumer or the panellist or whomever may not consider what’s being done to be transparent, even though we are attempting to be.” People clearly know enough about the privacy dangers for it to bother them (at least a bit), but do they really understand the nature of what’s going on?

“While there are clearly consequences for failing to respect privacy, it hasn’t stopped social networking from becoming the single biggest online activity”

In an article entitled ‘Selling the stories of our lives’, the Consumer Electronics Association’s Sean Murphy explains why privacy will be one of this year’s most important technology trends, and speculates about what consumers could demand in exchange for their data. Unlike IAB Europe, he’s not convinced they’re getting a great deal, mainly because they’re not well enough aware of how their data is being used – or that it is being used at all. Murphy says it’s unfair to expect consumers to understand how they are being tracked online “when substantial money is at stake to keep these seemingly innocuous business practices surreptitious”. If consumers did realise the value of their data, they might demand a renegotiation of their relationships with online content providers, researchers and advertisers.

Thanks for sharing
The area where consumers have proven most willing to share information is, of course, social networking, which has had spectacular success in getting people to relinquish their privacy. Security expert Bruce Schneier, who serves as chief technology security officer at BT, puts it bluntly: “Social network sites care a lot about privacy. They care that you not have it. Which is why they’ll talk big about it but do as little as possible.”

That sounds chilling and, indeed, Facebook regularly hits the headlines for the way it handles the intimate data it holds on hundreds of millions of people. It has faced storms of disapproval when it has tried to change the rules on how much information it shares. Smaller networks have also faced damaging controversies – Nielsen Online’s buzz-mining service recently ran into trouble when it was caught scraping a private community for disease sufferers.

But while there are clearly consequences for failing to respect privacy, it hasn’t stopped social networking from becoming the single biggest online activity, accounting for around a quarter of time spent online in the US. Readers may dimly recall something called Quit Facebook Day last summer, in which 30,000 of the site’s users committed ‘Facebook suicide’, deleting their profiles in protest at changes to its privacy policy. The other 99.99% of users chose to stay on board. Consumers may not have asked for the ‘share everything’ orthodoxy that now seems to be upon us, but they have gladly gone along with it.

Bruce Schneier is sceptical of claims that privacy is dead, but he does believe that certain companies are on a mission to kill it because their profits depend in one way or another on consumers giving up information. This disdain for privacy is encapsulated in a quote from Google’s Eric Schmidt, who remarked famously: “If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place.”

Writing new rules
Still, those who claim privacy is passé may be right in the sense that ‘privacy’ is not a very helpful term in the current online environment. It’s less a matter of restricting information than of sharing information on one’s own turf and on one’s terms. That might sometimes mean privacy, and might at other times mean something completely different.

The trouble for research is, no one is quite sure yet what the rules should be in the various circumstances that arise when we go online. The kind of conventions that have become established in traditional social interactions are yet to be clarified in the world of social media. Guidelines for passive data collection published by Esomar and the MRS (in draft form) both cover ‘walled gardens’ – networks like Facebook where you have to sign up to gain access – but leave the rest of the web (which includes blogs, Twitter and lots of other social media content) to general research principles and common sense.

Opinions vary among social media researchers about the ethics and etiquette of tracking online conversations. Adam Phillips, who chairs Esomar’s professional standards committee, draws parallels with the work of the UK’s Mass-Observation project in the 1930s, whose investigators would secretly record conversations in public places. Today’s social media researchers have similar opportunities to play around on the fringes of people’s expectations of privacy. “I think it’s very important that companies act in a responsible fashion because if they don’t, legislation may close down what is a very useful public good,” said Phillips.

Annie Pettit of social media research agency Conversition Strategies, says: “Most people assume that everybody going online has basically agreed that what they put up there is for public consumption. But people really don’t, as a group, understand that. They expect that, within their own small sphere, people will read it, comment on it, share it – but there’s a good percentage of people who don’t expect the entire world to be searching through their comments.”

Getting things right
There is also a risk that the ways researchers traditionally respect privacy could end up becoming a hindrance. Repetitive screener questions in surveys are a turn-off for respondents who are used to companies remembering who they are and using the information to improve the experience. In customer satisfaction research, protecting people’s anonymity can even mean missing the opportunity to resolve their problems.

As for tapping into the culture of openness in the ‘walled gardens’, researchers have so far had limited success – although the potential for network owners to charge for access to data, or provide their own research services, can’t be ignored. While custom online communities have proved successful, other networks have been cautious in asking too much of their participants.

Researchers should also be wary that the way people feel about sharing their personal data could continue to change as rapidly as it has been doing. Raymond Wacks has been writing on privacy for more than 30 years, and even he says that with the rapid evolution of the internet we simply have “no idea, or no intelligent idea, what will come next”. Wacks fears that opportunities to foster proper transparency and choice will be missed because they’ll create short-term headaches for the companies trying to make money out of data – a situation that could yet lead to a consumer backlash.

Annie Pettit urges researchers to err on the side of caution to avoid this. “I see one of my roles as being to anticipate the need for privacy for people before it becomes an issue. We really need to take this as seriously as we possibly can, otherwise it’s going to be pulled out from under us either by legislators or non-researchers. Look at how surveys have worked out – they’ve been misused and abused, and look at where response rates are now. I don’t want to see the same thing happen with social media research.”

Privacy pitfalls

Facebook Beacon
In 2007 Facebook introduced a feature that tracked people’s activity across a number of partner websites and shared details of what they had been buying online with their friends. Not surprisingly it sparked controversy – and a class action lawsuit. Facebook hastily made it an opt-in system, but later shut it down completely.

When BT ran trials of Phorm’s online ad-targeting technology in 2006 and 2007, it neglected to get the consent of the customers whose behaviour it was tracking, and when the story broke a long list of publishers came out to say they didn’t want activity on their sites monitored. As a result of the case the European Union put pressure on the UK to implement EU privacy directives.

Using similar technology to Phorm, US-based NebuAd tried to do deals with ISPs whereby it could track their users’ entire online activity. But the firm attracted attention from privacy groups and politicians who were sceptical of its claims that the data was anonymous. Potential clients were turned off, and the firm shut down in 2009.

Google Buzz
Google’s attempt at a social network, launched with much fanfare in February 2010, ran into trouble early on when users realised it was sharing their lists of top GMail contacts with their friends. In other words, your ex-boyfriend could find out who you had been corresponding with recently. If it wasn’t for this misstep, Buzz might not have turned out to be such a flop.

The Wall Street Journal revealed last year that Nielsen Online’s BuzzMetrics service had been scraping this private community for disease sufferers. The site’s owners called this a violation of trust, while admitting in the same breath that they also scraped the site and sold the data to third parties. More than 200 users reportedly quit the site in reaction the news.

Smartphone apps
Last year numerous apps for Apple’s iPhone were found by university researchers to be sharing device IDs and sometimes user names with developers and advertising partners, in breach of Apple’s rules. Apps for Android phones were found in a separate study to be sharing handset IDs and even location data, without users’ permission.

Zynga, the company behind this popular Facebook-based game, is being sued by a player after it was found to be sharing user IDs with other companies. Facebook denied that this constituted a privacy breach, but Joe Barton, chair of the Congressional Privacy Caucus, called it a “direct violation of Facebook’s privacy promises to its users”.

1 Comment

14 years ago

privacy in the electric age http://www2.marshallmcluhanspeaks.com/?video=PRO_007

Like Report