Privacy Policy Customization Has Both Benefits and Drawbacks, Say PrivacyCon Participants
July 21, 2020 — Allowing users of online platforms to shape the use of their own private information can be a tricky practice, and not necessarily one that platforms are incentivized to employ, said participants in a Federal Trade Commission PrivacyCon webinar on Tuesday. Speaking about the General
July 21, 2020 — Allowing users of online platforms to shape the use of their own private information can be a tricky practice, and not necessarily one that platforms are incentivized to employ, said participants in a Federal Trade Commission PrivacyCon webinar on Tuesday.
Speaking about the General Data Protection Regulation, a European Union law that allows users to decide how the data they give to websites is used, panelists said that such legislation is often difficult to employ and may come with adverse effects.
“On the one hand, consumers increasingly would like control over the data firms collect,” said Guy Aridor, an economics PhD candidate at Columbia University. “…On the other hand, firms are reliant on this data. There is a worry that this will impact their function.”
Aridor has done extensive research into the GDPR and recently published The Effect of Privacy Regulation on the Data Industry: Empirical Evidence from GDPR.
Garrett Johnston, who has also authored research into the consequences of the GDPR, said that customizable privacy policies could disincentivize competition.
“Our main research question is, can privacy policies hurt competition?” he said. “The GDPR is complex, but its many elements increase the logical cost and legal risk with processing personal data. This will have important consequences for the web.”
Johnson added that websites must share what data they collect, but the data can be difficult to track.
“In order to provide these services, vendors have to share what the GDPR considers personal data,” he said. “As a result, they have faced scrutiny with three countries…[But] the GDPR is challenging to study because normally we can’t observe how they use data.”
Jeff Prince, chief economist at the Federal Communications Commission, said that the GDPR decreases the number of online venders.
He said that research has shown a 15 percent reduction of vendor use post-GDPR.
Screenshot from FTC webcast
He also said that he and the agency were researching the value of users’ data.
“We are looking at how much privacy is worth around the world,” he said. “At a rough level, we can think about balancing privacy preferences for citizens with benefits for use of the data. One thing that has been emphasized is that it’s particularly difficult to measure the privacy preferences. That’s something we are trying to get at with this.”
In a companion webinar, Hana Habib, PhD student at Carnegie Mellon University, said that her research found a lack of cohesive privacy controls across platforms made choices from website to website difficult.
“Our empirical analysis found that privacy choices were often provided in privacy policies,” she said. “The downside of that, other than consumers largely ignoring privacy policies, is that the headings under which choices are presented are inconsistent from policy to policy”
When it comes to customizable privacy policies and individualized use of content, Prince said that measurements of choice can be difficult but useful.
“[We] did some measures for the value of privacy with regards to apps,” he said. “…This is one reason why quantification is valuable. A lot of times [the choice to surrender data] might not line up with what quantifiable metrics would be.”
Privacy controls are not merely desirable in the United States, but across the scope of his research, Prince continued.
“That was one of the big takeaways for me,” he said. “When we think about privacy policies and how people value privacy in a relative sense across countries and different types, there wasn’t that big of a difference across those countries.”
Privacy experts and users of platforms like Facebook and Google have often accused them of abusing user data while offering nothing in return. While Facebook and Google have both made public statements expressing their privacy practices and promising to take data collection practices seriously, some experts believe that companies are not sufficiently incentivized to make major changes.