/dq/media/agency_attachments/UPxQAOdkwhCk8EYzqyvs.png)
Follow UsBusinesses today are leveraging technology for delivering best in class services and products to their customer and consumers. Governments worldwide are also fast adopting technology to deliver better and efficient services to their citizens.
The growth of the internet, in particular, has revolutionized the interactions in B2C and G2C environments that occur around the world round the clock. But the online world unlike the offline world exposes the individuals to increased privacy risks as it facilitates data collection and sharing mechanisms (many a time without the knowledge of individuals).
In today's information age, personal information has an inherent economic value as it can be used by businesses for providing better and customized services to the customers. More importantly, it provides businesses opportunities to generate more business from the existing customers and helps in scouting for prospective customers, thereby making them earn more profits.
For many online businesses, business growth and privacy protection are negatively linked goals and this explains why such businesses may not be motivated to design and implement effective, efficient and easy to understand privacy policies and controls.
On the other hand, online consumers, as validated by several studies and surveys, are concerned about their online privacy but are their concerns reflected in their online actions like visiting a particular website? Why are consumers not working in their self-interest by including privacy preferences when making decisions to avail of services and products online?
The primary drivers for individuals to make purchases and payments online are convenience (avoiding standing in queues, delivery of products at home), time saving, availability of product choices, use of information available online to evaluate and purchase products offline and better deals among others. But this requires individuals to provide their personal information, e.g. during the registration process.
The ways of collecting personal information, loss of individuals' control over their information, and the purposes for which the collected personal information is used have raised the privacy concerns of individuals, regulators, governments and the civil societies.
The personal information may be used for the purposes of cross selling, renting or selling to third parties, profiling of customers, behavioral targeting, unsolicited promotional emails (similar to telemarketing in the offline world). The primary driver is revenue generation and profit making.
In March 2010, the US based Network Advertising Initiative (NAI), an association of ad networks, data exchanges, and marketing analytics providers, released its study findings that measured the pricing and effectiveness of behaviorally-targeted advertising online.
The study found that in 2009, behaviorally-targeted advertising secured an average of 2.68 times as much revenue per ad as non-targeted "run of network" advertising. It also found that behaviorally-targeted advertising is more than twice as effective at converting users who click on the ads into buyers (6.8% conversion vs. 2.8% for run-of-network ads), and that behavioral advertising accounted for approximately 18% of advertising revenue.
It is worth noting here that many online businesses including social networking sites offer their services for ‘free'. But are these services really ‘free'? Their business models are primarily based on advertising and as the NAI study reveals that behavioral targeted advertising is more effective than non-targeted advertising, it is not surprising to find businesses using different ways (including ways that may not be apreciated by their consumers) to harness the value of the customer data collected by them.
New technologies including cookies, web beacons, content extraction, spyware and adware have enabled businesses to collect consumers' information in innovative and surreptitious ways.
Apart from these techniques, emerging technologies like HTML 5, Digital Rights Management, Single Sign-On Services for different web pages, etc will further make it easier for advertisers and marketers to access more details about users' online activities.
In such a ‘pervasive and invasive' online environment, it is not surprising that consumers have high level of concern with respect to their privacy. However, several studies and surveys show that these concerns are not reflected in their decision making when they avail themselves of services online. There is a significant gap between what consumers say and what they do!
The privacy awareness and concerns of the Internet users may vary depending on various factors such as demographics, culture, technical know-how, shopping habits, level of education, financial status and past experiences amongst others.
A 2003 academic paper titled ‘The Value of Online Information Privacy: An Empirical Investigation' categorized Internet users globally into: Individuals who are relatively sensitive to online information privacy concerns (privacy guardians), individuals who have little regard for privacy and are willing to sell it for monetary returns (information sellers) and individuals who are willing to provide information in exchange for convenience (convenience seekers).
Most of the surveys capturing privacy concerns reflect the perspective of the first category - privacy guardians, wherein consumers view online privacy as critical and are concerned vis-a-vis personal information collection and sharing mechanisms.
However, the majority of consumers worldwide would fall under the third category - convenience seekers, when they visit websites for different purposes including shopping. This is not surprising as the primary objective of consumers to avail services online is convenience. Why such a dichotomy exists?
Â
There are several theories describing consumer decision making process. These theories suggest that when selecting a decision making strategy, the consumer tends to achieve the following objectives (1) maximizing accuracy of the decision: desire for attaining complete accuracy, (2) minimization of the cognitive effort: desiring less effort for processing information and (3) minimization of the negative emotional response: avoid making "emotion-laden" choices. The consumer may adopt a specific decision making strategy depending on a particular context. This strategy may not necessarily make them achieve all of the above objectives.
The consumer may settle for optimal ‘accuracy' if the decision making is easier (requiring less cognitive effort) and less uncomfortable (requiring less negative emotional response) in a given context. When consumers avail of products and services online, it is interesting to see what effect does the privacy preferences or policies or controls have on their decision making process. Reading privacy policies before availing of services or products online, increases the cognitive effort on part of the consumer and thus discourages them to consider it in the decision making process. Many businesses probably use this fact by designing complex, lengthy and hard to understand privacy policies.
This holds true not only for privacy policies online but also in other ‘terms and conditions' both in the offline and online world. For example, not many consumers actually read the ‘offer document' carefully to understand the relevant risks before investing in any investment product.
Comparing two websites on the privacy protection related parameters forces consumers to make uncomfortable comparisons and difficult choices. For example, a website may claim of having strong privacy protection measures like not storing and sharing users' personal information controls but the consumer may have difficulty comparing the website's claim with another website that does not make any such claims. It becomes difficult for the consumer to make the comparison especially when there is no clarity on how the website will use the personal information and how it will affect him / her.
In such a scenario, the consumer may go for the website that offers better services. Adding to this issue is the feedback generated by a particular decision made by the consumer. For example, when choosing a website having weak privacy protection, a consumer may give more importance to the other two objectives (‘minimization of cognitive effort' and ‘minimization of negative emotional response') and compromise on the accuracy of the decision. In such a case, the result of this decision may never be known by the consumer, simply because tracing a spam, junk mails, behavioral targeting, profiling, etc may never get traced to a particular website that deployed weak privacy protection measures. One can argue that there have been lot of data breaches that have happened in the recent past and as a learning experience, consumers should proactively start considering privacy protection as a critical factor when establishing the credibility of websites.
But then in any of the data breach cases, consumers rarely come to know of any ‘actual harms' that took place after the breach. Even if someone's data record was compromised in a major data breach, the harm resulting from that compromise may never get known and traced to a particular company.
Technology will continue to evolve. Technologies such as cloud computing, location based services and context aware computing will gain traction. How will consumers be assured of their privacy protection in such an evolving online environment where new business models based on economic value of personal data will continue to emerge? Can governments and regulators provide the answer by drafting legislations and mandating privacy standards? Unlike any other sector, regulating the technology sector is a major challenge for governments and regulators as its evolution and implications are difficult to predict and track. Also, there is a genuine fear that stringent and mandatory regulations can stifle the innovation that drives the technology industry. Businesses should understand that if they fail to self-regulate, it could compel governments and regulators to mandate stringent privacy controls or standards that may adversely impact their online operations along with imposing additional compliance costs.
They need to design privacy policies that are comprehensive, transparent, and written in language that is easy for consumers to understand, instead of being ambiguous and confusing. This will help reduce the cognitive efforts required by the consumers when evaluating privacy policies. Businesses can possibly take feedback from their existing customers on their privacy policies.
The online businesses should know how consumer data is collected across multiple channels and how it is processed, stored, disclosed and destroyed. This will help them create visibility over the consumer data. The audit will ensure that the privacy policy and industry standards are complied with during the entire lifecycle of the consumer data. Such steps by businesses will be instrumental in creating a safer and transparent online environment that will allow consumers to exercise meaningful choices and make informed decisions.