Individuals have no control over how their personal data is used or shared. 87% of consumers surveyed believe it is important to purchase goods from brands and retailers that understand the “real me”, and most consumers embrace the use of personalisation. However few consumers want their personal data misused.
They don’t want their personal information to be scattered across the Internet. This is especially true for sensitive information linked to personal identity (data on sexual preferences, health and personal finances are particularly sensitive). Consumers must be able to manage how their data is being used to tailor their experience and they should have the option to remain anonymous.
While some users are comfortable with sharing personal data with a specific counterparty, they are typically not comfortable if that information is shared with third parties. In particular, consumers do not like personalized ads that use information not available on the website on which the ad appears. Our legacy advertising infrastructure struggles to manage consent, fails to implement effective control, and privacy is rarely protected. Note that permission is not the same as control. 81% of Americans feel they have little to no control over the data companies collect on them. The same percentage feel the potential risks of companies collecting data about them outweigh the benefits. 79% are very/somewhat concerned about how companies use the data collected5. The trust is gone.
The exchange of services for personal data is no longer equitable. Personalisation enhances the consumer experience, serving more relevant content and advertising. Over the last ten years, US digital advertising revenues have risen 5x from $36.5bn to $189.3bn. How much has the consumer’s experience improved? The UK’s competition and markets authority highlight the average expenditure on digital advertising is around £500 per household. As they suggest in their 2020 report on the UK digital advertising market, higher advertising prices, resulting from uncompetitive market practices, filter down into higher prices for goods and services.
Pop-ups waste time
Users must navigate endless pop-ups when navigating the web. They interfere with the experience and the result is questionable. GDPR helped highlight exploitative practices and, while the current state is imperfect, regulations are moving in the right direction. That said, the current process for informing users and soliciting consent for the harvesting of personal data, with relentless pop-ups, is wholly ineffective. Cookie consent pop-ups were supposed to make it easier for users to control how they are tracked online. Instead, the Internet has become less usable, and the majority of users click and forget, fatigued by the onslaught.
According to Pew Research, 97% of Americans are asked to agree to privacy policies but only 20% actually read the documents.
The Privacy Paradox
Even with more control over their personal data, few consumers are willing to exercise that control. 97% of consumers are somewhat or very concerned about protecting their personal data but while they say they are worried about how much data companies and governments collect, and they worry about how that data is used and shared, they don’t seem to act accordingly. There is a disconnect between their attitude toward privacy and their actual online behaviour. Consumers typical prioritise convenience over privacy, possibly to their detriment. Having to click through the bowels of a website’s settings pages probably doesn’t help.
There is a behavioural element here that needs addressing; helping consumers become more aware of their privacy trade-offs is important and making it easy for them to make balanced choices is important, as is transparency (the who and why of 3rd party data-collection). Recent research suggests that the option to revoke consent, arguably the most important privacy setting, is typically the most difficult to use.
Passwords
Users typically must share their personal data in exchange for access to websites, apps, goods and services. Typically creating a new password, and having to remember it, for each domain they visit. Users are asked to share their personal details every time they interact with a new domain. This forces consumers into one of two camps; use the same password for everything or maintain a long list of passwords. The first option is obviously not secure but the second still presents a malicious actor with a clear attack vector. Multi-factor authentication helps but it is rarely used for less sensitive applications. It needs to be easier for users to access a domain.
Also interesting is the higher propensity for users to engage with brands when less personal information is asked of them.
Unrealistic Commitments
Users are typically not given the opportunity to consume content without advertising unless they subscribe to the service for fixed periods, or share their personal information for a free trial. Why can you buy one newspaper at the newspaper stand, but you must subscribe to the New York Times for a minimum of a month to access their digital content? What if the user is not a regular reader, but they are willing to pay for a particular article. Is that transaction worth something to the publisher? Micro-consumption is an opportunity to develop a relationship with a customer and receive some compensation. They afford more flexibility than free trials, catering to longer sales conversion cycles.
No Control
It is difficult for consumers to request a company delete all their personal data. While Mine make it easier to request personal data deletion, the process remains cumbersome with little to no transparency. Can the user ever be entirely sure the data has been deleted?
Also, users have very little control over what ads they see. Some consumers prefer not to see ads out of context. Some consumers do not like receiving repetitive ads. While AdChoices claims to provide users more choice the technology is imperfect at best. Consumers should have more control over their advertising experience. Most important, consumers should have control over when to never provide personal data to a particular type of site. That might be specific to a particular domain operator (i.e., PoliticalParty.org) or it might be specific to a genre (Political websites). This also means that consumers should have the option to only share what is relevant to the site they are visiting; for instance, sharing current interests but not demographic details, or a preference for never sharing gender.
There is clearly a fine balance between overloading users with options and choices and managing a safe and secure experience. The UX needs to be usable.
Privacy Lost
What are the consequences of Facebook knowing more about me than my own family? In 2015, Youyou, Kosinski and Stillwell from the University of Cambridge and University of California published “Computer-based personality judgments are more accurate that those made by humans” . They concluded that developments in machine learning allow social media platforms to accurately judge and predict human personality, predict behavioural responses, and predict life outcomes such as substance abuse, political attitudes and physical health. In some cases, the social media models even outperformed the self-rated personality scores. Does Facebook know you better than you know yourself?
Perhaps this is unavoidable. If you share what you like, and what you do not like, over a sufficiently long period of time, the data is going to reveal much about you. OwnYou wants to level the playing field. Why shouldn’t you also have access to that knowledge? Why shouldn’t you control how that information is used. Shouldn’t you be able to Monetise it? Helping you to know yourself, without relying on some central party, forms one of OwnYou ’s core objectives; decentralised wisdom.
