Close ☰
Menu ☰

How ‘privacy’ misses the point

Posted on: Monday 20th of October 2014

If Ctrl-Shift got a pound every time a corporate executive told us ‘there is no evidence consumers really care about privacy’ we’d be millionaires by now – it’s worth unpicking this statement just to see how dangerous it is.

Let’s start with evidence. Everyone agrees that consumers say there are concerned about how their personal data is being collected and used. The question is whether consumers care enough to do something about it.

According to soon-to-be-published Ctrl-Shift/GfK research they answer is ‘Yes’ – but not necessarily in a way that companies would notice. We found significant proportions of consumers (between 20-30%) deciding not to do business with companies in various ways (downloading an app, completing a transaction, using a service) because of concerns about how their personal data would be used.

If brands were told they were at risk of losing 20-30% of their potential custom, you would think they would do something about it, wouldn’t you? So why not in this case? Because they don’t know it’s happening.

If something doesn’t happen it doesn’t impinge on your consciousness. Metrics are organisations’ senses. While it’s relatively easy to measure the things customers do, it’s very difficult to measure, and very easy to ignore, the things customers are not doing. But sometimes these are the most important things.

That said, these consumer decisions not to do various things are a small part of the overall picture. Most consumers are not investing lots of time and effort in attempts to protect their privacy, and they’re unlikely to do so in the near future. Behind this, however, lies a much more important question: when we talk about ‘evidence’ what, exactly, is this evidence of?

It’s not about ‘privacy’

In ideal world, the word ‘privacy’ would be banned from all future debate about personal data. Why? Because it confuses far more than it enlightens or clarifies. It’s become an Alice-in-Wonderland word where multiple different parties use the same word to refer to different things.

When we talk about ‘privacy’ are we thinking of Big Brother surveillance by security forces? A fear of identity theft? A dislike of ads that follow you around the internet? Concerns about the potential abuses and errors created by organisations’ profiling activities? Or what?

These are all important issues. But they are different issues, requiring different solutions. And right now, these solutions aren’t available to consumers in their day-to-day activities.

A shifting agenda

When it comes to consumer behaviour, generally speaking, consumers only act on a concern where a) there is palpable, demonstrable benefit in doing so, b) where’s it’s relatively easy to take the necessary action and c) where they can be confident their action will actually achieve the desired result.

None of these conditions currently hold for ‘privacy’. With privacy, the issues are confused and confusing, the potential detriments/benefits often seem distant and vague and rather than direct and immediate, it’s hard work to do anything about it, and it’s not clear that anything you do will have any real effect.

Does this mean the consumer concerns about ‘privacy’ are just hot air that brands can safely ignore?

Quite the opposite. The first question brands need to ask is: if customers are feeling increasingly frustrated and angry about something but haven’t got any practical, effective means of expressing this anger and frustration, does this matter? Of course it matters. It is a positive opportunity for those brands that are seen to be acting on their customers’ concerns. And it’s a threat if they fail to act – because when they fail to act regulators will move to fill the void.

But there is a second point that is even more fundamental. A new ingredient is being added to the equation.

The real problem with the term ‘privacy’ is that it is a Trojan Horse for organisation-centric assumptions. Its unstated but defining assumption is that the entire debate is about how organisations collect and use data about individuals. As soon as we engage in ‘privacy’ speak we implicitly acquiesce in this assumption.

But what happens when and if individuals start using their data for their own purposes – when information becomes a tool in the hands of the consumer/ customer/ citizen?

This is what is beginning to happen now with the rise of PIMS (Personal Information Management Services). With PIMS, suddenly the benefits of ‘managing’ and ‘controlling’ your data are immediate and palpable: it’s all about getting stuff done in your life. Effective PIMS are all about service design: if they aren’t easy to use they simply don’t get traction. And PIMS are a massive opportunity for brands: an opportunity to build both trust and value; an opportunity that a narrow ‘privacy’ agenda simply doesn’t ‘get’.

Asking the wrong question

If you ask the wrong question, you’ve got little chance of getting the right answer. Asking the question “is there really any evidence that consumers really care about privacy?” is a classic case in point.

The personal data landscape is changing fast and it’s changing fundamentally. Yes, privacy concerns are real enough. But the real driver of change is not privacy per se but valuethe value of personal data to the person whose data it is.