Although many other countries have comprehensive legislation regarding the protection of consumer privacy, the United States has relatively lax laws, particularly in regards to online data. Recent events, like the Facebook—Cambridge Analytica scandal, emphasize the growing need for further discussion on the regulation and ethics of collecting and selling of consumer data.
What is consumer privacy?
Consumer privacy, broadly speaking, is the idea that consumers expect their information to be kept secure and used ethically by those with access to it. In the age of the Internet, consumer data is generated in many ways, including the use of social media, online purchases, and mobile apps. Simply put, Internet service providers (ISP), websites, and mobile apps collect user data any time someone uses their services. This data is then stored and oftentimes sold to other companies.
Why is consumer data valuable?
Companies collect consumer data because it has value to advertisers and marketers. Advertisers can use consumer data to track purchasing trends and modify their advertisements to maximize profit. This is why if you have a history of purchasing clothes online, you will start seeing more online advertisements for clothing as opposed to other goods.
Concerns with selling consumer data
There are growing concerns over the selling and use of consumer data, including information leaks or data hacks that could compromise identity protection. The rise of Artificial Intelligence (AI) use in advertising, for instance, encourages longer storage of consumer data, according to expert Ginger Zhe Jin in “Artificial Intelligence and Consumer Privacy.” In short, advertisers can use algorithms to more efficiently analyze large amounts of consumer data, further incentivizing mass data collection and storage. This massive collection of data naturally requires larger storage spaces. This is good financially for buyers of consumer data, but also a huge risk for privacy: such large storehouses of data are bigger sources of information for hackers and scammers to potentially access and exploit.
Trends in the commercial use of consumer data
Online consumer habits will remain largely unchanged
As the recent Facebook—Cambridge Analytic scandal shows, many users were unaware of how much information they agreed to give away online. Despite public backlash, a recent Reuters poll shows that the majority of Facebook users not only continue to use the platform at almost the same rate as before but many also have not made major adjustments to their privacy settings. The poll also shows that users of other social media sites, like Twitter, aren’t changing their habits much either (or even increase their usage).
Those who are willing to share their personal information feel comfortable doing so largely when they have some measure of control over how it is used and represents them in addition to providing them with benefits. These benefits can include more relevant advertisements or online deals. In other words, there are some consumers who are content with giving away personal data, so long as it provides tangible benefits.
Increased government regulation likely but with unknown efficacy
Increased government regulation on ISPs and websites seems likely in the next few years. The congressional hearings regarding the Facebook—Cambridge Analytica scandal are a more recent indicator that this trend of government intervention will continue in order to protect consumer privacy. However, just because there might be an increase in government regulation does not necessarily mean it will be effective. The Federal Trade Commission (FTC) has some jurisdiction in regards to general data protection, but this jurisdiction is limited both in its scope and general authority. The FTC can regulate “unfair and deceptive trade practices,” so it can make a case against a company that fails to uphold any promises made of privacy. If no privacy claims were made, or were made in a deliberately unclear way, then the FTC largely cannot act. The Federal Communications Commission (FCC), by contrast, has much more authority in the matter.
The Federal Communications Commission (FCC) made a broad ruling in 2016 in an attempt to provide greater privacy protection to consumers. The FCC requirements include mandating service providers to give upfront to consumers opt-in agreements regarding the “use and sharing of sensitive consumer [personal information].” This might be, for instance, an app requesting permission to access a consumer’s location. It also requires companies to notify consumers of any data security breaches. The purpose of this ruling is to provide both greater transparency and choice to consumers in how and when they can disclose personal information.
While this is certainly a step in the right direction, this ruling also largely places responsibility for data protection on the consumer, rather than the company. After all, companies are hurt far less in a security breach than consumers; this, coupled with the fact that this FCC ruling does not add any extra measures to help prevent data hacks, provides no real incentives for companies to provide extra protections to consumer data. Further regulations that place the onus of ensuring privacy largely on companies as opposed to consumers will likely be more effective in protecting consumer data.