Businesses increasingly rely on consumer data to provide goods and services. However, the use of personal data raises the question of how that data should be obtained. Privacy advocates argue businesses should have a legal obligation to obtain affirmative consent from consumers before collecting and processing their data, known as an “opt-in” approach, because they believe such a requirement is necessary to ensure consumers have full control of their personal information. However, a growing body of research suggests that creating “opt-in” instead of “opt-out” policies can have a negative impact on businesses and the services they provide—both by raising their costs and limiting how data can be used. These effects are then passed on to consumers in the form of higher prices and lower-quality products and services. On Thursday, October 12, the Information Technology and Innovation Foundation convened a panel of experts to discuss the pros and cons of each approach.
According to Castro, the comparatively low value of any one individual’s data would not be able to match the high costs of obtaining consent from each individual. Castro noted, “Best case scenario is that companies have less money to invest in new products and services and the worst-case scenario means that you have companies that are shutting down sites and services or moving to a pay-for-use model that has a negative impact on low-income users.” In addition, an opt-in regime would inconvenience the majority of users who are willing to make tradeoffs in exchange for valuable services that require the use of their data.
The panel discussion that followed featured John Verdi, Vice President of Policy at the Future of Privacy Forum; Kara Sutton, senior manager at the U.S. Chamber of Commerce where she oversees international high-tech and digital policy work; Howard Beales, current professor and a consumer protection veteran who played a crucial role in the development of the Do Not Call registry; and Abigail Slater, General Counsel at the Internet Association and former enforcement attorney at the FTC.
When asked if they thought consumers had enough control over the privacy of their data, the panelists were conflicted. John Verdi pointed out, and Abigail Slater agreed, that the problem cannot be considered a monolith. When companies put in effort and resources to respond to their consumers’ privacy demands, everyone benefits. He pointed to the permissions model on mobile apps as an example: “It has evolved from a model that asks for permission immediately before or after an app is downloaded to a just-in-time model where consumers are presented with their options just when it is necessary.” According to Verdi, this has boosted engagement while making sure consumers had some amount of control over their information.
Kara Sutton felt that the key is striking a balance between protecting an individual’s privacy and ensuring that the society benefits from open information. Sutton said, “To me, an opt-out method means to have information flow more freely but in an opt-in method, you’re looking at potentially fragmenting the ability to use that information. This ends up impacting some of the benefits that society can derive from having information flow freely.”
According to Howard Beales, the problem with the opt-in/opt-out debate is that it assumes that data presents a contract question where one party owns property that can be transferred to another party . “In contrast, I think it makes more sense to think of this as a tort problem; is there something that someone is doing with the information that is causing some harm that we want to try to fix?”
Slater said, “We should note that there is an acknowledged bargain between U.S. consumers and companies. There’s a reason why we have two billion monthly Facebook users. They see value in the services being delivered and value in the data they are collecting.” Slater also added that the sophistication with which these companies handle data collection and processing continues to increase as our relationship with the internet grows and changes.
The discussion that followed touched on taking a rights-based approach that considers the right to privacy as a human right regardless of its economic inefficiency or its benefits. According to Verdi, this freestanding right may not easily be characterized in economic terms. The discussion also touched on the idea that the opt-in system impedes permission-less innovation. Slater pointed to the comparative success of the internet industry in the United States and Europe and, while she did not assert that less restrictive public policy in the U.S. was the only reason for the stark difference, it did play a role.
The use of consumer data involves both challenges and opportunities, and the issue continues to evolve as technology becomes more sophisticated. It remains to be seen whether reforms to existing practices will improve data privacy and access to information.
Follow the discussion on Twitter using the hashtag #ITIFprivacy.