The Privacy Act of 1974 emphasizes the need for both “notice and choice” to protect consumer privacy online. “Notice” gives consumers the information about data collection and use, and “choice” allows consumers to determine whether their data is collected and shared. But do the checks and balances of “notice and choice” really help to protect consumer privacy?
The Digital Privacy Paradox: Small Money, Small Costs, Small Talk Report by Susan Athey, Christian Catalini and Catherine Tucker from the National Bureau of Economic Research, offers insight on the privacy paradox and the inconsistencies between privacy preferences and actual consumer privacy choices. The research examined how more than 3,000 undergraduates engaged in privacy preferences while choosing an online wallet to store and manage digital bitcoin currency.
Different wallets, different incentives and encryption offerings were proposed to evaluate privacy offerings of different dimensions. Students could choose between four wallets: Blockchain, a hybrid web/self-managed wallet, Circle or Coinbase, both web wallet services or Electrum, a self-managed wallet. Participants were also asked about their preferences in privacy features (privacy from peers, intermediaries and government) and their degree of trust in financial institutions, startups and government to ensure a balanced and randomized sample.
Findings showed that regardless of their privacy preference, students shared their friends’ data when given a small incentive. Surprisingly, even the more privacy-sensitive students responded to the incentive offering.
One incentive gave students a pizza in exchange for three friends’ email addresses. Interestingly, a clear majority of the students chose pizza. Neither gender or levels of privacy sensitivities had any effect on choices. Six percent of the students appeared torn in the decision process and provided invalid emails.
In addition, when privacy required additional effort — such as encryption technology — students often went with without it in their transactions. In total, 55% of participants tried adding encryption and only 49% of those who tried succeeded. The remaining participants transacted without encryption.
Small incentives can misdirect people. To ensure privacy practices, current policies should be reviewed to determine how people can be protected from their willingness to discard privacy practices. Consumers need to make meaningful choices when it comes to privacy and incentives often cloud the decision-making process.