User agreements for data-collecting websites, apps, and digital services went from long to cumbersome a while ago. If you use iTunes and are curious how your music listening data is shared, good luck: Apple's iTunes User Agreement clocks in at a bulky 14,500 words. By comparison, Facebook's legal terms are a svelte 4,490 words long--which only takes the better part of an hour to read. It's more than likely that you clicked "I agree" without bothering to read either. A new survey suggests that companies stand to benefit from explaining exactly how they use your personal data in plain English.
Data analytics back-end provider Neustar, which primarily serves large telecom and Internet companies like Verizon and AT&T, commissioned the survey of 1,053 Internet users with the help of Forrester Research. The gist? Users are aware that their personal information and web histories are collected by marketers... but they're more likely to share information with companies whose terms of service are clear and “brands they trust.” What those surveyed internet users said means a lot for companies like Neustar's clientele: That rewriting clunky terms of service could lead to increased customer loyalty. That might not matter much for AT&T and Verizon, which have effective cartel-style industry dominance, but it matters a lot for Internet firms and others with robust competitors.
One of the study's biggest findings is that customers are profoundly uncomfortable with the resale of their consumer data to data brokers and cooperatives. For the customers, it's a mixture of unhappiness about not knowing who has access to their personal information as well as unhappiness at not personally profiting from the resale of their data. Customers were much more comfortable with the resale of consumer data when they felt they profited from it, either through direct financial compensation or through receiving customized services that make their lives easier.
Forrester emphasized that audience-targeting providers offered a usable model of future data resale, since it allows marketers to go after consumers without the resale of identifiable personal information. The most striking finding is that of the survey respondents (who come from a very wide age distribution), more than half read privacy policies before completing online transactions. More importantly, more than one-third of respondents opted out of online transactions when they were uncomfortable with policies.
27% of respondents also embrace online ad blockers. At a talk explaining the study, Forrester's Fatemeh Khatibloo said respondents gave the names of specific software products used to block online ads. A substantial minority of 13% also used plug-ins like Ghostery to track third-party elements on websites. The other interesting finding is that survey respondents were savvy about what information data brokers go after and how much they charge. The vast majority realized that information, including their name and address, sells for much cheaper than more fine-grained info like hobbies, marital status, and ethnicity.
A major portion of the study involved A/B testing of respondents to see how they felt about aggressive personal data resale versus companies that rely more on opt-in, consensual data resale based on audience marketing. Their metrics found that 73% of customers were angered by their inability to control how their personal data was resold and repackaged.
Since Neustar is an analytics firm whose success depends on customers being happy (or at least compliant) with companies acquiring their personal and demographic information, they have a vested interest in this area. Last year, they unveiled a Privacy By Design program that optimizes their services--for instance, instantly having customers' names and phone numbers pop up when they dial a call center--with algorithms that emphasize audience segmenting and scramble personally identifiable information. According to Becky Burr, Neustar's chief privacy officer, the idea for clients is that customer goodwill is better than possible fallout from negative publicity. Burr also noted that the use of 900 numbers during the 1980s and 1990s for informational and commercial purposes were stymied by fallout from dishonest operators in the industry.
In fact, there are already companies capitalizing on this idea. Ghostery itself is run by an advertising company, Evidon, which also promotes transparency among data collectors. Then there is the invaluable TOS:DR, a site that offers Yelp-like capsule reviews of the terms of service for different Internet products. Why should data brokers and the companies who sell to them care about customer attitudes toward personal information privacy? Because the great data resale scandal will happen soon, and when it does, it will cost a lot of companies a lot of money, and possibly spur government legislation to boot.
In the United States, data brokers and their customers and data providers have wide latitude in how they store data (unless they operate in a specifically regulated sector like health care). Some companies have great data protection, others... not so much. The move to cloud computing and remote storage has created all sorts of security holes which will likely be exploited someday. Just this week, law enforcement officials are celebrating the arrest of five Eastern Europeans who allegedly stole at least 160 million credit card numbers from Nasdaq, 7-Eleven, J.C. Penney, JetBlue, and credit card/debit card processing house Heartland Payment Systems. What happens when the data brokers have a leak that's just as bad? Odds are we'll find out sooner rather than later.
[Image: Flickr user Megan Leetz]