The next big step for consumers in the digital age could well be one that puts consent to share data on the terms of the individual, not the service provider. CI Director General, Amanda Long, explains.
The storm over Uber’s consumer privacy settings is just the latest in a growing list of concerns about the tech industry’s handling of our data. From general irritation about targeted ads; to deep unease about our personal data security, to fears over the erosion of civil liberties – there is concern about who has access to data about us and what they are doing with it.
In the US 86% of consumers have tried to use the internet in ways that minimise the visibility of their digital footprints. Across Europe, 55% of consumers fear becoming a victim of fraud when disclosing personal data in online transactions, while 68% of UK consumers find the way that brands use the information they hold on them creepy.
This unease is exacerbated by the lack of transparency over who is obtaining our data, who they are sharing it with, how they are using it, and to what ends.
Take Axciom, one of the world’s largest data brokers. Unbeknown to almost everybody, it is reported to hold 1,500 pieces of information on more than 500 million people around the world, giving it the ability to predict 3,000 possible reactions to brands and marketing techniques.
Such data brokerage firms – part of a multi-billion dollar industry that has emerged to meet growing demand – are harvesting data about us from multiple sources online (and offline) and combining it into rich, if incomplete and context-less, profiles of individuals, segmented to meet the needs of their clients.
The collection of such data is being used to sell us stuff in more and more extraordinary ways.
In 2012, for instance, US retail giant Target sought to outdo its competitors in reaching the lucrative ‘new parent’ demographic by developing an algorithm that used purchasing history data to predict which of its female customers were pregnant. It would then send tailored discount vouchers for maternity and baby items to women it predicted were in their second trimester. The results are now data segmentation folklore.
Authorities in London last year had to stop a company’s roll out of ‘smart’ litter bins that were connecting with pedestrian’s phones and serving up targeted ads based on places the passer-by had previously visited.
UK retail giant Tesco is installing facial recognition technology that will see screens target ads at customers based on age and gender.
Marketing innovators such as Ditto are using digital photo recognition software to trawl social media and analyse how brands are being contextualised in images people share online.
Just a taste of how the arms race to create personalised marketing campaigns is well underway; a race only likely to pick up as we take the next digital leap into the internet of things.
No surprise then that research shows the median time users spend on license agreements was only six seconds; that 70% of users spend less than 12 seconds on the license page; and that no more than 8% of users read the License Agreement in full.
Yet despite the growing unease and risk, most individuals still tick the ‘I agree’ box and ‘consent’ to giving this data. But is it given either knowingly or willingly? I think we can safely say the answer is no.
Faced with a binary ‘take it or leave it’ choice and with no opportunity to set their own preferences, current T&Cs can make consumer consent look more like consumer submission. We are left having to tick, click and hope for the best.
This has led the World Economic Forum to caution of a developing ‘crisis of trust’, stemming from the use of personal data in ways that are inconsistent with individuals’ preferences or expectations.
Finding a more meaningful solution to this problem requires mechanisms that enable the consumer to express their terms in a simple and accessible way; not a one sided, one-size-fits-all model of consent.
Encouragingly, there are growing indications that change may be on the horizon.
In September, the Financial Times reported that a “backlash over privacy and security has started to ripple…..through Silicon Valley.”
Earlier this year the US Federal Trade Commission’s own look at the data broker industry found that “data brokers operate with a fundamental lack of transparency”;
GlobalWebIndex research found that more than a quarter of the world’s online population are using tools to disguise their identity or location.
In March the father of the web, Tim Berners Lee called for an online Magna Carta - a bill of rights that would guarantee the independence of the internet and ensure people’s privacy.
And even the tech giants have begun to make a virtue of privacy. For example, Microsoft’s global ad campaign asserting ‘Your Privacy is Our Concern’. Or Apple’s CEO feeling obliged to publish an open letter to its customers stating that “your trust means everything to us”, and outlining its ‘strict’ data handling policies (just as Apple gears up for a big push on health and financial services – two of the most sensitive forms of consumer data).
Analysts are predicting that privacy is set to become a competitive differentiator, and the driving force for the next ‘killer app’; and the pressure for something different, for something better is now building to the point where change looks inevitable.
A new breed of tech companies are already taking the lead on developing tools that enable consumers to start taking back control.
For example, 40 million people are using Ghostery - a browser extension that enables users to see and block companies that track you when you visit a website. Personal data vault services are emerging that allow consumers to securely gather, store, control and release their data on their own terms. The development of ‘sticky’ data policies, bind a consumer’s permissions to their data “as it travels across multiple parties, enabling users to improve control over their personal information”.
Of course, to enable effective permission-setting consumers need to understand the permissions they are granting. This too is prompting new initiatives in how to present potentially complex contracts and preferences in a ‘human readable’, engaging form.
A job for consumer groups
CI and its Members have key roles to play in helping bring about these changes too.
We must advocate to ensure the right underlying principles are enshrined in legislation. It is why CI is calling for the revised UN Guidelines for Consumer Protection to adopt an objective to safeguard consumers against the unauthorised collection, use, disclosure or loss of their personal information.
CI has also recently launched a privacy and data protection initiative with the governments of Germany, Brazil and China – a high-level dialogue that concerns the data of more than a third of the internet users worldwide.
We must support the development of the new tools and services that can empower consumers in relation to their data, and, where appropriate help bring them to the mainstream. We must bring the consumer group testing expertise to the digital age, helping consumers identify the superior services that can best serve their needs.
And across all of this, consumer groups have a key role to play in contributing to an infrastructure that can give consumers the confidence they need to take control of their data and take a stake in the value that it will increasingly deliver in the digital economy.
The pressure is mounting for a better deal on data and privacy for consumers. It’s coming from a range of actors: governments and regulators, tech titans, internet visionaries, consumer bodies and, crucially, it’s coming more and more from consumers themselves.
Some entrenched parties will try to resist it, but those genuinely working in the consumer interest must embrace this eagerness for change. So let’s move towards a digital future set on terms that put the consumer first.
This blog is an extended version of a piece first featured in the Huffington Post on 26 November 2014.