Direct Marketing, Mobile Phones, and Consumer Privacy



Similar documents
How Do Key Stakeholders View Transparency?

Big Data for Mutuals. Marc Dautlich 25 November 2013

M&T BANK CANADIAN PRIVACY POLICY

Data Protection Policy

CPN (Credit Privacy Number) How to Set Up & Use You re Credit Privacy Number

Optum Website Privacy Policy

Doing Business. A Practical Guide. casselsbrock.com. Canada. Dispute Resolution. Foreign Investment. Aboriginal. Securities and Corporate Finance

How To Protect Your Computer From Attack

ADVANCED CABLE COMMUNICATIONS WEBSITE PRIVACY POLICY COLLECTION AND USE OF INFORMATION FROM USERS

Online Privacy Policy

Privacy Policy. Effective Date: November 20, 2014

Privacy Policy Last Modified: April 3,

FCA Retirement income market study: Interim Report. A response by the National Association of Pension Funds. January

How To Know What You Can And Can'T Do At The University Of England Students Union

WEBLINKING: IDENTIFYING RISKS AND RISK MANAGEMENT TECHNIQUES

WHITE PAPER KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST PROTECTING THE PROTECTOR

CREDIT BUREAU REPORTING

Global Privacy Japan Sets its Rules for Personal Data

ConteGoView, Inc. Privacy Policy Last Updated on July 28, 2015

PRIVACY POLICY. Last Revised: June 23, About this Privacy Policy.

Privacy and the Internet AUSTRALIAN ATTITUDES TOWARDS PRIVACY IN THE ONLINE ENVIRONMENT

Best Practices in Data Management - A Guide for Marketers -

Complaints about unauthorised discounts offered by PCCW-HKT Telephone Limited to business customers

What Personally Identifiable Information does EducationDynamics collect?

Thames Valley Probation Handling a criminal record

PRIVACY POLICY Personal information and sensitive information Information we request from you

Security Breaches. There are unscrupulous individuals, like identity thieves, who want your information to commit fraud.

CFPB Examination Procedures

GENOA, a QoL HEALTHCARE COMPANY, LLC WEBSITE PRIVACY POLICY

The Rosenthal Fair Debt Collection Practices Act California Civil Code 1788 et seq.

Invoice Finance. Contents. Factoring and Invoicing Discounting 1. The Advantages 2

AIG INSURANCE COMPANY OF CANADA Privacy Principles

The Ninth Circuit Holds That Text Messages Are Subject to a Telemarketing Law

We will not collect, use or disclose your personal information without your consent, except where required or permitted by law.

Managing Your Online Reputation

Syndication Resource Guide

Privacy Policy. Peeptrade LLC ( Company or We ) respect your privacy and are committed to protecting it through our compliance with this policy.

NIA Article - ASX Guidelines for Good Corporate Governance

Protecting your privacy

PRIVACY POLICY PO Box Miami Beach, FL Tel

Online Reputation in a Connected World

10 minutes on... post FOFA rewards

2015 NMSBA SCHOOL LAW CONFERENCE

1. The Application Process

CYBER-LIABILITY COVERAGE: The $ 45 Million Dollar Exposure

Profound Outdoors Privacy Policy

Cloud Computing: Legal Risks and Best Practices

CDT ISSUE BRIEF ON FEDERAL DATA BREACH NOTIFICATION LEGISLATION

Policy Implications: Privacy, Security and Liability Big Data in Telecom. June TIA 2012: INSIDE THE NETWORK Dallas TX

Terms and Conditions

WEBSITE PRIVACY POLICY. Last modified 10/20/11

Privacy Policy First National Real Estate Cremorne ACN

Synapse Privacy Policy

Opt-In versus Opt-Out Permission and Privacy. Picture the following scenario to see the industry s quandary on what options to CHAPTER 3

Trust 9/10/2015. Why Does Privacy and Security Matter? Who Must Comply with HIPAA Rules? HIPAA Breaches, Security Risk Analysis, and Audits

Knowledge. Practical guide to competition damages claims in the UK

Introduction PriorFX LTD Right to Privacy Information

Data Quality Assurance

DARTFISH PRIVACY POLICY

A Relative Gap Moving from Gap to Strength A Relative Strength Organizational Readiness

MEMORANDUM. I. Accurate Framing of Communications Privacy Policy Should Acknowledge Full Range of Threats to Consumer Privacy

THE NEW REALITY OF RISK CYBER RISK: TRENDS AND SOLUTIONS

How to Complete a Producer s E&O Application

Computer Mediated Communication (CMC) Group members use of computers in order to communicate with one another

Future of Financial Advice: Best interests duty and related obligations

Crisis Management Guide

HORIZON OIL LIMITED (ABN: )

GlobePartners Limited. Privacy Policy

Compass Interdisciplinary Virtual Conference Oct 2009

OF THE INVESTMENT ADVISERS ACT OF 1940, MAKING FINDINGS AND IMPOSING REMEDIAL SANCTIONS AND A CEASE-AND-DESIST ORDER

PRIVACY, ANTI-SPAM AND YOUR BUSINESS: WHERE DO WE STAND? Presented by: Cameron Mitchell B.A., LL.B.

Smart Policies for Workplace Technologies , Blogs, Cell Phones & More

Re: FINRA Regulatory Notice 13-42: FINRA Requests Comments on a Concept Proposal to Develop the Comprehensive Automated Risk Data System

ETHICAL APPROACHES TO PUBLIC RELATIONS

Feedback from recent reviews of the selling of investment products

Transcription:

Direct Marketing, Mobile Phones, and Consumer Privacy James Nehf* Professor King rightly observes that protecting consumer privacy in the United States is largely the responsibility of individuals. Although federal (and some state) laws restrict the collecting and sharing of personal information in some circumstances, restrictions are riddled with exceptions, and regulatory gaps are wide. Thus, we are left largely with market-based controls that have significant limitations. Professor King s prescription for emerging privacy problems in the mobile phone industry is nuanced and multifaceted. Her principal arguments, however, for more transparency in the disclosure of privacy practices (e.g., clearer, multi-tiered privacy policies) and more open and volitional consumer consent to advertising and other privacy-invading activities (e.g., consent cannot be buried in the fine print of mobile phone contracts) fall short of what is necessary to protect consumers interests. On the surface, an enhanced notice-consent approach is appealing because it fits neatly within the consumer protection norm that has been dominant in the United States for several decades better informed consumers can make rational decisions that correspond to their preferences, thereby promoting more efficient market outcomes than government dictates can provide. Her prescription makes perfect sense in this regard, but I question whether it will achieve the intended results. While better * Professor of Law and Cleon H. Foust Fellow, Indiana University School of Law, Indianapolis. J.D., University of North Carolina; B.A., Knox College. Suggested citation: James Nehf, Direct Marketing, Mobile Phones, and Consumer Privacy, 60 FED. COMM. L. J. F. 53 (2008), http://www.law.indiana.edu/fclj/pubs/v60/no2/ NehfResponse.pdf. 53

54 FEDERAL COMMUNICATIONS LAW JOURNAL [Vol. 60 notice and more volitional consent are worthy goals, my question is this: On what rational basis can consumers decide whether to opt in or opt out of a proposed privacy-reducing transaction? When faced with such a choice, consumers face several obstacles that make it difficult to value their privacy interests and make decisions that promote their best interests: Valuing aggregation risks. To make an informed choice about whether and how to share personal information, people need to know what is at stake. Most people have no idea what information a phone company collects, how it will be aggregated with other data, and who will end up with the data at a later date. Disclosures in privacy policies, no matter how short and simple to read, cannot provide the necessary information. For example, a policy might say that the company shares only a limited amount of customer data and only with affiliated companies. But affiliated companies could be numerous and involved in entirely different lines of business, each with its own bits of information about the customer in its own database. Each likely will have its own set of information practices, unknowable to the phone customer. Or the company and its affiliates will obtain more information about individuals from a commercial data broker. Because even diligent mobile phone users lack the information necessary to evaluate the costs and benefits of information sharing bits of information that will be aggregated with other data, they rarely can evaluate the risk of a proposed information exchange. Overcoming accountability problems. For phone users to protect their privacy interests and learn whether an information-sharing decision was good or bad, they must be able to identify the person who broke a law, breached a privacy policy, or allowed unauthorized access to its database because of lax security procedures. On the other side, businesses that collect data must fear that they will be exposed and held accountable if they do something wrong. There are two fundamental accountability problems that undermine both assumptions. First, individuals seldom know when a privacy breach has occurred. The vast majority of data collection lawful and unlawful occurs outside of public view. Although on occasion a breach of privacy norms results in media exposure, far more frequently, breaches remain hidden for months, years, or indefinitely. Second, even if an injury or breach is detected, individuals may find it impossible to trace the problem to a particular cause or source. With personal information residing in countless databases, often there will be no way to locate the entity that caused a particular problem, sold the data, or permitted a hack or leak that ultimately caused someone to be harmed. Even with a noticeable harm such as identity theft, it may be impossible to learn how the thief obtained the personal information. Tracing the injury to the originating source often will be difficult or impossible.

Number 2] CONSUMER PRIVACY RESPONSE 55 Comparing incomparable values. When considering whether to trade personal information for some benefit, mobile phone users are faced with a fundamental incomparability among competing options. What is the value of knowing that the details of one s telephone usage will not be sold to third parties? Is it worth a ten dollar discount or an extra thirty Web browsing minutes per month? Comparing disparate categories of benefits and costs is difficult in any circumstance, but when making decisions about information privacy, the attributes we are asked to compare vary widely. Rather than struggle to make a difficult comparison, individuals usually turn to affect cues (feelings derived from a consumer s experiences with a particular alternative) and other heuristic devices (such as framing effects) as a decision making guide. For example, general feelings and attitudes resulting from a user s experience interacting with a phone company (e.g., its customer service reps seem friendly and honest) can affect decisions about sharing personal information, but those feelings can lead to inaccurate decisions because those feelings may not correlate with the company s actual privacy practices. Pursuing conflicting goals. While consumers in controlled studies seem to value privacy and strive to protect it in their decisions about sharing information, their decisions about disclosing information in the real world usually do not match their stated privacy concerns. 1 Generally speaking, consumers make decisions under conditions of limited or bounded rationality, and decisions about sharing personal information are no different. People have a limited capacity for obtaining, understanding, and using information at every stage in a decision making process. In making decisions, people pursue several, sometimes conflicting goals. One goal is accuracy of the decision: seeing that the outcome corresponds to the individual s set of preferences and priorities. But another important goal is the minimization of cognitive effort. People tend to expend only as much effort as is necessary to reach a satisfactory, rather than optimal, decision. As circumstances require more cognitive effort to process available information, decision makers choose decision methods that are easier to implement, though less accurate. The benefits of a multitiered privacy disclosure, for example, are therefore diminished because most consumers will not make the effort to learn the full story. If they bother to read the first-tier privacy policy, they will likely take their cue from the brief overview. Privacy notices for credit cards, for instance, often proclaim that the card issuer cares about your privacy, but the 1. See generally James P. Nehf, Shopping for Privacy Online: Consumer Decision Strategies and the Emerging Market for Information Privacy, 2005 J. L., TECH. & POL Y 1, 24, and references cited therein.

56 FEDERAL COMMUNICATIONS LAW JOURNAL [Vol. 60 details of the collection and sharing practices can be found, if at all, only by the diligent consumer. Another important goal in consumer decision making is minimizing the negative emotional response that people experience when they are forced to make difficult tradeoffs, and decisions about trading personal information for money or other benefits are difficult. People want to minimize the discomfort that arises from emotion-laden choices because they do not like being asked to trade sacred values for trivial returns. As a result, they tend to select simpler decision strategies. This can reduce the accuracy of the decision because an individual will avoid certain parts of the decision making calculus that require discomforting comparisons. Lacking feedback. The more immediate and concrete the feedback about a particular decision making goal, the more emphasis one is likely to give it in making a decision. This is important in the market for privacy protection because the accuracy of any decision about revealing personal information usually will not be apparent until long after the transaction has ended. Indeed, feedback on the accuracy of the decision may never occur. With mobile phones, some consequences of a poor decision may be apparent in short order for instance, the user may be deluged with more annoying than she had anticipated advertising. (Professor King s proposal that consumers should be able to change their opt-in decision is helpful in this regard). But only rarely will a consumer be able to trace other problems resulting from the decision identity theft, consumer profiling, junk email or piles of snail mail to the weak privacy practices of a particular mobile phone company or one of its affiliates or joint marketing firms. Without feedback about the decision, it is difficult to correct it or make a better decision when the next opportunity arises. Professor King observes that notice and choice regimes are favorites of industry trade groups and their voluntary codes of practice. When voluntary codes are not enough, industry next favors notice and choice laws (particularly opt-out regimes) because they give the appearance of consumer sovereignty, and who can argue with that? While her prescription of enhanced disclosure of privacy practices and rules requiring more volitional consumer choice are an improvement on industry codes and the status quo, and her call for at least some opt-in rules should be heeded, the prescription might do little to protect consumers privacy interests in the mobile phone industry. Mandatory limits on what information can be collected and how it can be shared may be necessary. The standard criticism of mandatory controls is that they are likely to be less efficient than market-based measures. For a host of reasons, government regulators are not very good at setting the right balance of rights and responsibilities, and if they get it wrong, it takes time to correct.

Number 2] CONSUMER PRIVACY RESPONSE 57 The FTC and FCC have therefore hesitated to move with a heavy hand in this area. But there is little reason to believe that notice and choice will lead to more efficient results when it comes to privacy protection for mobile phone users. Indeed, the longer we wait to adopt mandatory controls, the more difficult it may be to overcome the influence of entrenched interests in the data collection industry. Professor King s thorough and well researched examination of this problem in its early stages is important and enlightening, but one cannot help but wish that she had explored a bolder set of remedies at this critical time when they would have a chance of gaining force.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information