The online privacy debate is already obsolete


Kudos if you know what this is.

Last week, Facebook landed in hot water – yet again. This time, it was because of the revelation that two years ago, some data scientists at Facebook ran an experiment to gauge whether users’ emotional state (as measured by status updates) changed depending on the content that appeared in their News Feeds. The news kicked off the very sort of criticism we’ve come to expect, with the usual suspects lining up to decry the social network’s psychological experimentation. It probably didn’t help matters that this news followed Facebook’s announcement last week that it would start using users’ web browsing data for ad targeting. Much grumbling about privacy concerns ensued.

Why does cycle keep repeating itself? It’s mostly because of Facebook’s scale and reach – the sheer ubiquity of the service means that virtually every person on the web, whether a Facebook user or not, has some exposure to it along the way. The company is relevant in some way to almost everyone, and their business model puts them on the front lines of the modern debate over online privacy.

Discussions of privacy are everywhere you look now – and they are usually very stale, the debating points having changed little over time. Those advocating maximalist individual privacy are unlikely to cede any points to those arguing for greater openness, and vice-versa. But while this debate rages with no clear resolution in sight, consumers continue to make choices that change the terms of the debate. In fact, the whole question of how far individual privacy reaches online is becoming increasingly irrelevant.

The world moves on

In a lot of ways, the fundamental issues surrounding the debate over online privacy were settled years ago. The bargain is this: consumers receive free, high-quality products and services in exchange for seeing targeted advertising. It is one of the oldest business models around made new again by the addition of better methods for segmenting and targeting consumers and the opportunity to monetize huge volumes of data about users. Consumers around the world have flocked to the services supported by this model: everything from Google to Facebook and Twitter and Pandora. As user bases have steadily grown, the majority of consumers have voted with their feet, choosing free ad-supported experiences that monetize user data over paid membership-based, tracking-free ones wherever the choice is offered.


Online consumers vote with their visits.

I’ve had an ongoing dialogue with Aurelie Pols from Mind Your Privacy on this topic for quite a while. She argues, as have others, that users of these online services should be given a choice of paid usage options that offer an ad-free experience, but also opt the user out of sharing personal data.

The problem with that model was well summarized recently by Ben Thompson. In his recent post “Privacy is Dead,” he shows that “Advertising is lucrative, and free is often imperative:”

“There are other services that can’t even realistically choose between advertising and member-supported. Facebook is a great example: the utility of Facebook is directly correlated with how many people you know who are also using Facebook, and the only way to maximize that number is to make the service free, supported by advertising. Google is in a similar boat: the efficacy of search is in many ways tied to how many people are using search.”

In other words, where network effects are key to the value the service provides, “free” is not just the best model – it is the only feasible one. That leaves aside all of the practical problems: what do you do for customers without a credit card? A membership-based social network would essentially disqualify most of the developing world from entry.


Credit: Ben Thompson

Where network effects are not crucial, and customers pay for a better-defined good or service, a membership model can make more sense. Spotify has seen tremendous success by offering a differentiated paid product against a free version; Google Apps is another example, not to mention the galaxy of SaaS products for businesses that exist today. The journalism industry is now trying desperately to convince consumers that they can provide a paid product that’s demonstrably superior to free news. (For now, I’ve found my New York Times digital edition subscription to be worth it.)

Like this post? Consider signing up for my weekly newsletter: letter 

Complaints, but low abandonment

Users have made what amounts to an implicit bargain of their data for services. The extent to which billions of individual users understand the details of that bargain varies, of course, even though it has become a universal practice to prominently display information like terms of use and privacy policies. It is well known by now that users do not read this information, which is why you still get some Facebook users who are shocked when they see ads related to information in their profile, or Gmail users surprised to be targeted with an ad from a keyword in an email. Many of those users will report that they find such targeting an invasion of their privacy.

And yet, we know that the vast majority of users do not abandon these services. This seems to be the best demonstration that users accept the tradeoff inherent in the huge value that such free services offer them. If the prospect of living without the conveniences of Google and social media makes you uncomfortable, then that actually suggests you agree. (Here’s a link to my presentation at South by Southwest this year on this very topic.)

But isn’t there a lot of public concern about online privacy?

It seems that every week, a new survey is released confirming the conventional wisdom that concern for privacy is front-and-center among consumers. Doesn’t this belie the argument that consumers have mostly accepted the proposition of personal data for free services?

I actually think it doesn’t. We all know that surveys can be highly unreliable measures of public sentiment, and strongly sensitive to subtle changes in wording. I have personally read very few surveys touching on privacy that used neutral language, likely because most organizations doing the surveying are issue-based. Moreover, a big problem with consumer surveys on this topic is that most consumers simply have no knowledge of the subject – either about what benefits they receive for “paying” with their personal data, nor how that data is actually used for marketing purposes. Indeed, many surveys will show overwhelming consumer opposition to using any personal data for “marketing purposes” – even though that practice has been around for almost a century.

The results of polling like this reminds me of the research showing that most Americans believe 28% of our government’s budget is spent on foreign aid (it’s actually well less than 1%), and a third believes Iraq actually did possess weapons of mass destruction when the U.S. invaded (no evidence was ever found). The results suggest more about public confusion and lack of knowledge than to any realistic policy choices.

What accounts for the high levels of reported concern, then? There is assuredly some normal anxiety created by shifting cultural norms panic-in-the-streets-posterdriven by technological change, but I think that much of the public concern has been ginned up by irresponsible media coverage. “Journalism” like the recent 60 Minutes report on data brokers is a perfect example of straight-faced fear mongering among a mystified public, and it’s far from unique. Particularly in conjunction with utterly unrelated stories like the NSA surveillance leaks, the media has created a moral panic around “privacy” – and left the definition of what that means to the viewer.

What does “privacy” mean, anyway?

The problem with “privacy” as a topic for concern is that, like most personal values, it has no specific definition. My concept of privacy is different from yours, and it’s very difficult to build any kind of public policy based on such a shifting foundation. The European Court of Justice recently tried with its “right to be forgotten” legislation, which by most accounts has led to a complete mess. When each individual’s perception of “privacy” is a law unto itself, the result is a dramatically inferior experience for all.

In our shared digital future, personal data is going to be shared, likely indefinitely – and we’re substantially there already. While that will lead to changes in how people choose to share and disclose information about themselves, those individual decisions will be hard, if not impossible, to meaningfully regulate. As a matter of policy, we need to move beyond “privacy” and towards a focus on the applications of consumer data by the companies that own it.

A better approach would be talking about the proper and improper uses of data which involve actual consumer harms. It’s very difficult to quantify any actual consumer harm related to ad targeting, for example – but using credit scores to influence employment decisions, on the other hand, has a much clearer personal interest at stake. Using consumer data to influence price discrimination is probably inevitable (indeed, it’s been happening for decades), but there may be limits that it would make sense to set.

As more sophisticated uses of analytics with customer data have increasingly become competitive advantages, it’s unlikely that companies’ data uses themselves can be removed from the black boxes where they sit today. But the same situation exists for financial data, and to provide necessary protections, both business and government agreed to auditing standards that are required by regulation but enforced by independent bodies. Auditors provide public assurance of quality and above-board uses of company funds, which makes reliable investing by the public possible. It’s not always perfect, but the systems in place generally work exceptionally well. Such a system could be highly applicable to uses of consumer data in the future.

In any case, it’s time for the “privacy” debate to move on. Users have spoken, and they have chosen a techno-social landscape dominated by free online products and services paid for by an advertising model that requires personal and behavioral data to operate. That model is not going to change – now we’re just waiting for the public to catch up.



  • Reply Richard Beaumont |

    There are a number of logical inconsistencies in your arguments. At one point you say that people have ‘accepted the bargain’ of data for services. Yet you then go on to point out that most people don’t understand the bargain – they don’t know how their data is used, or the benefits they receive as a result.

    The reasons people don’t read privacy policies is that they have accepted they will not understand them, and also they know that even if they did – there is no meaningful choice they can make based on that knowledge.

    The basis of most privacy law is the model of ‘notice and consent’ and the formation of an ‘informal’ contract through continuation of use of the service. Yet it is another well established principle that you cannot make a valid contract, where you cannot be reasonably expected to understand its terms. So not only do people not understand the bargain, the bargain has not even been lawfully struck.

    I do agree though that ‘privacy’ is a weak and subjective term. One of the effects of privacy though is ‘control’ – an ability to choose with whom and for what purpose your data is shared and used. I sense this is what you mean perhaps when you talk about moving to focus on how information is used.

    Do you believe that individuals should at least have some right of control over this usage? Or do yuo think there should be no boundaries at all?

    The ECJ Google decision, which has been really mis-labelled as the ‘right to be forgotten’ is actually about a very small degree of control being given over to people – control that is rightly balanced against competing interests like the public right to know and freedom of expression.

    Most resonable people I think would agree that such control is important, if we are to avoid an Orwellian future. Control is an important element in person freedom. Yes Google is finding its feet in implementing the ruling – but it will settle down in time – and as a result I think we will have a slightly increased sense of freedom and personal self-determination – even if in only a very small way.

    • Reply Blair Reeves |

      Not surprisingly, I disagree. Consumers routinely make many, many choices and “bargains” throughout their everyday lives that, in truth, they do not fully understand in every last detail (see: credit card agreements, mobile phones, utilities, etc.). We have mostly vague notions of what these agreements entail, but no one reads them in full. This isn’t because consumers are being duped, any more than Facebook users are. All the information is there, easy to read and access. But people choose not to bother, because it’s long and inconvenient.

      If there were serious harms being visited upon consumers by data collectors like Facebook or Google, then I would be more sympathetic to the argument that there needs to be more regulatory oversight of what these agreements can and cannot specify. (Though if such serious harms existed, I suspect there would also be far fewer users of these services.) But simply being targeted for ads doesn’t meet that standard.

      I think consumers should have every right to control over usage of their data, unless and until they decide to forfeit that control and offer up information about themselves in exchange for free products or services. That constitutes an exchange of value. Nor do I think that companies owning data collected about their users constitutes some sort of an Orwellian dystopia. There is an awful lot of hyperbole thrown around about how “tracking” and “surveillance” will lead to the death of democracy and the sky falling, and I find it all very silly.

So, what do you think ?