CircleID

In introducing yet another online privacy bill, Sen. Ernest Hollings (D-S.C.) claimed that "privacy fears are stifling the development and expansion of the Internet as an engine of economic growth." Certainly, surveys consistently show that consumers express concern about Internet privacy. For example, in a June 2002 Jupiter report, 70% of online consumers said they worried about online privacy.

But what do these surveys really prove? If consumers are really concerned about their online privacy, their behavior doesn't show it.

For example, consumers say they want more information about privacy practices. In a January 2002 Consumer WebWatch survey, 93% of e-commerce site users said it was very important that sites disclose their privacy practices.

But consumers don't read privacy policies. A November 2001 Privacy Leadership Initiative survey showed that only 3% read privacy policies carefully, and 64% only glanced at — or never read — privacy policies. Actual readership may be even lower; the New York Times reported that only 0.3% of users read Yahoo's privacy policy in a one month period last Spring.

Also, entrepreneurs have responded to consumer concerns by offering privacy management tools, such as tools to browse anonymously, manage cookies and manage email. However, these tools have had limited success, and many vendors no longer focus on consumer sales. So, although consumers can take technological steps to protect their privacy, few do.

"You can do a survey and consumers say that they are very concerned about their privacy; then you offer them a discount for a book and they'll tell you everything."

Further, consumers sell their personal data incredibly cheaply. Says leading Internet pundit Esther Dyson, "you can do a survey and consumers say that they are very concerned about their privacy; then you offer them a discount for a book and they'll tell you everything." Indeed, a June 2002 Jupiter report said that 82% would give personal information to new shopping sites to enter a $100 sweepstakes.

So why do consumers' stated privacy concerns diverge from their behavior?

First, survey questions usually ask consumers if they consider privacy a benefit. That's only half the equation. More revealing is how much consumers will pay — either in time or money — for such benefits. While surveys might help answer this question, actual consumer behavior yields far greater insights.

Second, consumers don't have uniform interests. Regarding online privacy, consumers can be segmented into 2 groups: Activists, who actively protect their online privacy, and Apathetics, who do little or nothing to protect themselves. Activists are very vocal, but they appear to be a tiny market segment.

This psychographic segmentation illustrates why broad-based online privacy regulation is unnecessary. Activists, by definition, take care of themselves. They demand privacy protections from businesses and, if they don't get it, use technology to protect themselves or take their business elsewhere.

In contrast, mainstream consumers don't change their behavior based on online privacy concerns. If these people won't take even minimal steps to protect themselves, why should government regulation do it for them?

Further, online businesses invest in privacy when it's profitable. Privacy initiatives are like any other marketing decision — companies pursue such initiatives when enough consumers care about privacy to generate more revenues than the initiatives cost. When consumers don't care about privacy, neither do companies.

Thus, consumer behavior tells companies what level of privacy to provide. We should let the market continue unimpeded rather than chase phantom consumer fears through unnecessary regulation.

By Eric Goldman, Professor, Santa Clara University School of Law. More blog posts from Eric Goldman can also be read here.

Related topics: Policy & Regulation, Privacy