Columns

How to Balance Consumer Choices between Privacy and Convenience

September 18, 2019

Where do consumers fall on the sliding scale of privacy versus convenience? And should we be the ones to make that sacrifice? I’m Alice, and this week, I’m exploring the current state of privacy in the data economy and discussing what privacy looks like in an ideal world, with key insights from our Know Identity Forum in Toronto.

The Privacy Status Quo 

We’ve all been there – you’re signing up for an account online, you’ve filled out the form, and you encounter the checkbox: “Accept Terms and Conditions.” Clicking the link takes you from the simple on-boarding flow to pages and pages of legalese.

Terms and Conditions weren’t always this way. Google’s first privacy policy in 1999 was a hair over 600 words. Twenty years later, Google’s privacy policy has ballooned into a 4,000-word epic to capture business complexities and regulations that now govern the World Wide Web. Google’s terms are just the tip of the iceberg: iTunes terms and conditions span 7,200 words, and Facebook’s terms sprawl across more policies than you can count on both hands. Introducing payments into the mix significantly amps up the complexity – take PayPal as an extreme example, with a mind-boggling 32,484-word user agreement.

Which begs the question: who actually reads those terms and conditions?

Only 9% of people, according to a 2017 Deloitte survey of 2,000 US consumers. A whopping 91% of users check the “I Agree” box without reading the terms, increasing to 97% amongst those aged 18-34.

Furthermore, regardless of whether or not you agree to the terms and conditions, you have no choice but to click that little box if you want to access the platform. There is no easy “opt-out” option for data collection, storage, and usage, and, in the unlikely chance there is, the “opt-out” process is likely to be convoluted and hidden.

This is not to say that consumers don’t care about privacy. They really care! A 2017 study of more than 7,000 consumers by the University of Pennsylvania found that 96% of digitally-active consumers are concerned about data collection and usage. But more importantly, consumers also want convenience. When convenience comes at the cost of privacy, consumers are more often than not willing to pay that price. According to a 2014 study by the Massachusetts Institute of Technology, there’s a disconnect between people’s stated privacy concerns and their privacy choices when faced with inconvenience – even more so when there are incentives (like pizza) to provide personal data to the growing data economy. The existing sliding scale forces consumers to choose between convenience and privacy.

Currently, the onus is on the consumer to protect themselves. For privacy and security, people are expected to disable default settings or parse through dozens of pages of complex, convoluted language to determine what corporations are doing with the data they collect. Companies rely on the combination of this inconvenience combined with ignorance or apathy to gather, analyze, and sell user data.

The Ideal Future of Privacy: Privacy by Design 

At last week’s KNOW Identity Forum, Dr. Ann Cavoukian said, “If you just treat privacy as a function of regulatory compliance, you’ll do the bare minimum. Businesses need to think of privacy as a competitive advantage.” The forum focused on providing both security and privacy to consumers and giving consumers granular control over their data. Perhaps some consumers care less about data privacy and more about pizza – the objective, though, is to provide everyone with that choice. 

Some companies are already embracing Dr. Cavoukian’s concept of Privacy by Design. Mozilla’s Firefox browser is set to block tracking cookies by default and the company is rolling out a free VPN extension service (currently in beta). SecureKey’s Verified.Me platform enforces triple-blind privacy to ensure that companies will only see data necessary for their processes, and the data provider, the relying party, and the Verified.Me network itself will not be able to see where the data is traveling.

But these companies are few and far between. We recognize that providing security while maintaining privacy and a frictionless experience is a vast undertaking and it might not impact top-line revenue. The likelihood of businesses taking on this daunting challenge unprompted is unlikely. Almis Ledas, President and COO of Enstream, believes that “government will likely be the ones to get the ball moving.”

This ties in with themes from last week’s hearing by the Task Force on Artificial Intelligence regarding the Future of Identity in Financial Services. Key recommendations from the hearing included: 

  • Government-wide efforts with clearly worded regulation regarding data usage, and
  • The establishment of a center of excellence for technical support for smaller entities without the budget to fully implement new technologies and processes alone.

The Digital Identity Opportunity 

At the end of the day, technology is the key enabler to both sharing personal information and withholding and protecting personal information. Enterprises must provide customers with increased transparency and granularity of control over their data. That way individuals can decide who can and cannot use their data and what data may be accessed. While prioritizing the balance between privacy and user experience may not impact top-line revenue now, the future will be built on companies that can integrate digital identity solutions successfully and give consumers the option to protect their data without sacrificing convenience or user experience.