The Value Exchange of the Digital Age | Part 3
Privacy: The Consumer Perspective
By Anna Jacobson, Hanna Rocks, and Jay Venkata
From a consumer’s perspective, privacy harms represent the most tangible dimension of privacy (one could argue that privacy does not even exist without the threat of violation). The risk of these potential harms can only be mitigated by the perceived value of the products and services received in exchange. However, while the positive side of this value exchange is well-understood by consumers, the negative side is not always.
Privacy Harms
For any product in which users provide personal information such as names, passwords, email addresses and birthdates, a data breach carries the risk of identity theft, allowing unauthorized access to the user’s account with that product, and potentially other accounts as well if they can be accessed with the same information (i.e. if a user has the same username and/or password across multiple services). However, as companies and their wealth of customer data continue to expand, the potential for privacy harm extends beyond the exposure of basic personal information.
Social Media: Instagram
Instagram’s most valuable asset is the data it collects about its users. Instagram grew from a simple photo-sharing platform to one of the most popular mobile applications, valued at over $100 billion as of 2018.[1] This massive valuation is derived from Instagram’s business model of gathering and sharing its users’ data. What kinds of data? Almost anything that can be tracked via the internet, it seems.
Because Instagram is arguably one of the most significant collectors of customer behavior information, it carries the greatest risk of causing one or many privacy harms to those customers. Compounding the risk is the fact that the public is only beginning to comprehend the broader implications of those privacy harms. Instagram has shown that data can be used to affect an individual’s behavior and choices — leading those users to make potentially harmful decisions if the information shown on Instagram is false or misleading.
For example, in 2017, thousands of people flocked to the Bahamas for a supposed “luxury” music festival which turned out to be a complete hoax.[2] The event was promoted primarily via Instagram, no doubt using specific parameters to target those most likely to buy tickets and travel to the event. Although Instagram was in no way responsible for the fraudulent music festival or its organizer’s crimes, these events speak to the substantial influence the app has over its users (in fact, becoming an Instagram “influencer” has become a coveted career for millennials, comparable to becoming a celebrity). This affects the users’ well-being related to privacy because one could argue that the users are losing their ability to make free, autonomous decisions. They are subject to undue influence by the extremely targeted content on their Instagram feed.
There are also significant privacy harms related to a somewhat relaxed approach to sharing and accessing Instagram users’ data. As we have previously described, third parties frequently fail to have adequate protections in place to prohibit wrongful access of sensitive information, such as location history, passwords, or email addresses. Most users are not aware of the extent to which their data is shared with third parties, thereby increasing the potential for harm and risk assumed by Instagram. If Instagram is not transparent about what data is shared with whom, it will ultimately be held responsible for any subsequent harm to its users.
Hardware Devices: Fitbit
The way and where you walk, sweat, and spend your time is, in theory, unique. A data breach of a fitness tracker such as Fitbit could expose highly personal measurements, including heart rate, step count, sleep patterns, eating habits, when, where, and with whom we exercise, and where we live. The act of exposure of this information, even if it is not put to any specific or malicious use, would likely result in significant privacy harms to Fitbit’s users. However, there are additional harms that could occur. Strava is a social fitness network, similar to Fitbit, through which users can track their workouts and connect with other fitness enthusiasts. In 2014, there was a spate of bike thefts after some Strava athletes left their accounts public; thieves were able to access GPS tracks starting and ending at users’ homes, and even had information on what kind of bikes they owned.[3] In 2018, Strava famously exposed the locations of secret US military bases through their “heatmap” of users. In both Strava cases, the information was made public intentionally, not through a breach, illustrating the severe consequences of failing to consider unintended results of publishing sensitive user data.
An individual’s personal health data is certainly considered confidential information, but it is not protected under HIPAA as is traditional medical data. The GDPR, on the other hand, classifies fitness tracker data as health data that has special consent requirements as a special category.[4] Irresponsible dissemination of health data and/or users’ geo-location history presents significant potential for privacy — or even physical — harm to Fitbit’s consumers. It is therefore critical that the company is aware of the risks related to its customers’ data and takes adequate steps to secure and protect it.
e-Commerce: Stitch Fix
Stitch Fix collects standard customer information (e.g. name, address, email) as well as the “style preferences” for each of its consumers. While on the surface, it may not seem that there is a possibility for privacy harm associated with knowing a person’s pant size, that assumption does not consider the extent of the information collected or inferred by Stitch Fix. For example, Stitch Fix presents several “client journey” graphics in its June 2019 Investor Report.[5] These figures illustrate there are additional pieces of information inferred by the customer’s “fixes” — for example, a switch to premium brands might indicate a significant increase in disposable income and receiving maternity fixes would indicate that the user was likely pregnant around those times. Again, this seems harmless on the surface; however, a similar scenario involving Target’s (accurate) determination of a customer’s pregnancy resulted in criticism and concern from its customers about how the company was able to make predictions based on purchasing habits.[6] Stitch Fix, however, does not try to hide the fact that they use data to make predictions and offerings to its customers, so the risk of a public scandal related to this revelation is extremely low.
As an online retailer, the potential for material privacy harm to Stitch Fix’s customers is minimal, especially when compared to Fitbit or Instagram. Stitch Fix contracts with a third-party payment processor, so information held by Stitch Fix about its customers is limited to basic contact information and purchasing habits. Stitch Fix mitigates the potential for privacy harms by being abundantly transparent about its use of data science to provide a personalized customer experience.
Product User Insights
We conducted a small-scale product user survey to gather opinions from consumers regarding the balance of privacy and personalized user experiences. The survey was released to all MIDS students via various UC Berkeley School of Information Slack channels, as well as through direct requests by the authors within our networks. Though not a random sample by any means, we hoped that the results would give us interesting insights into the priorities of this key group of stakeholders.
The survey aimed to collect data from actual customers for the specific companies we had chosen to represent the three different industries in our analysis: social media (Instagram), hardware devices (Fitbit), and e-commerce (Stitch Fix). For each of the companies, we asked respondents to answer seven to nine questions related to their opinions about the use of their personal information and the importance of relevant suggestions or preferences from the service. We explored specific features from each service to see which were most enjoyed by the user. We also asked questions specifically about privacy — how important is privacy to the user, what sort of harm is the user most concerned about? The results informed our overall analysis of how well each business addresses customer privacy, given differing business models.
We received a total of 36 product user survey responses over a two-week period in July 2019; a summary of responses to select survey questions is shown in Figure 6.
Our survey found that users’ perceptions of the level of personalization were very similar across the three products, with median values from 7 to 8 on the Likert scale (Figure 7). This suggests that while all three products are already quite personalized, users feel that they could provide even more personalization. However, their level of concern about privacy was very different: comparatively high for Instagram, lower but with a larger range for Fitbit, and very low with a small range for Stitch Fix. For each product, there was one respondent who chose the maximum value, 10, for their level of concern. The varying levels of concern about privacy among the three products indicate varying levels of trust among their users.
Survey responses also varied with respect to additional personalization (Figure 8). Most Instagram users did not report wanting more personalized features, and only one respondent reported willingness to provide more data in exchange for more personalized features. By contrast, the majority of Fitbit and Stitch Fix users reported both the desire for more personalized features and willingness to provide more data in order to get them. This suggests that Instagram has reached the limit of how far they can expand the boundaries of their value exchange, whereas Fitbit and Stitch Fix have not.
The different product users reported different levels of concern for six different privacy harms (Figure 9). For Instagram, respondents identified two forms of insecurity (breach of data with the intent to perpetrate identity theft and unauthorized account access) as their top concerns (63% and 53%, respectively). For Stitch Fix, respondents also identified insecurity with intent to perpetrate identity theft as their top concern (86%). However, for Fitbit, respondents identified surveillance as their top concern (58%).
Each of these concerns seems understandable for the specific product. Insecurity of any kind is a reasonable concern for Instagram users since huge amounts of Instagram data has been exposed in many well-publicized data breaches. Insecurity with intent to perpetrate identity theft is also a reasonable concern for Stitch Fix users, since although it has a perfect data security record to date, it also collects credit card information (though through a third-party payment system) as well as physical addresses; this data would be extremely valuable to identity thieves. Surveillance is a reasonable concern for Fitbit users since the app tracks users’ GPS information in real-time (which the other products do not); it could be an excellent tool for surveillance. Interestingly, while exposure was a fairly high concern for Instagram and Stitch Fix users (50% and 57%, respectively), it was the lowest concern for Fitbit users (8%), despite the personal nature of the data being collected by Fitbit.
Consistent with others’ research[7], our survey illustrates the famous privacy paradox, in which people’s reported attitudes about privacy are inconsistent with their actions (Figure 10). Across the three products, we found that more than half of users reported a high level of concern about their privacy (54%, skewing heavily toward Instagram). An even greater proportion (79%) reported that their accounts were private (for Instagram) or unconnected to social media (for Fitbit and Stitch Fix). However, only 16% of the total respondents reported having read or reviewed the product’s privacy policy. 8% of respondents reported high concern but have public/connected accounts and have not read the privacy policy. Of the 46% who report high concern and private/connected accounts, only 8% have read the privacy policy — the same number as those who report low concern with privacy.
Logic would tell us that a user who is highly concerned about privacy would keep their account unavailable to the world and would be informed about the terms related to privacy to which they had agreed. However, our study indicates otherwise. For years, people attributed the privacy paradox to the fact that many users didn’t understand the ways their personal information was being appropriated and used — and given how few people actually read and understand these products’ privacy policies, that is probably still true as far as the details are concerned. However, at this point, there can be very few consumers left who aren’t at least vaguely aware that their data is being collected and utilized. Nonetheless, this knowledge has not deterred most people from using these services, nor motivated them to take more action to protect their data. Instagram, for instance, has grown from 130 million monthly active users in 2013 to over 1 billion today. One possible explanation is that abstract risk awareness and concrete privacy decisions are not interchangeable. Another is that privacy decisions are not always labeled explicitly as such (for example, no one taking a quirky personality quiz on Facebook imagined that they were handing over personal information to Cambridge Analytica). Still another idea is that consumers feel “privacy fatigue” — helpless to take action to protect their privacy and resigned to its violations. However, there is no single, unilaterally accepted theory to explain the behavior of users when it comes to information disclosure, nor is there a consensus on the mental processes users rely upon when deciding whether to disclose information or not.
Potential privacy harms are a legitimate cause for concern for consumers, though the nature and severity of the harm can vary greatly among different products and different incidents. Based on our research, consumers seem to have a well-calibrated sense of trust or distrust of different companies and a justified sense of concern about their privacy, but it does not map directly onto their behaviors.
For more of this series, please follow the links below:
Part 1 | Defining the Terms of the Value Exchange
Part 2 | Privacy: The Business Perspective
Part 4 | The Changing Terms of the Value Exchange
[1] McCormick, Emily. “Instagram is Estimated to be Worth More than $100 Billion.” Bloomberg, 25 Jun 2018.
[2] Hanbury, Mary. “These photos reveal why the 27-year-old organizer of the disastrous Fyre Festival has been sentenced to 6 years in prison.” Business Insider, 19 Jan 2019
[3] Johnston, Elliot. “Police warning: Thieves using Strava to target expensive bikes in Wales.” Road.cc, 18 Nov 2014.
[4] Health | EUROPEAN DATA PROTECTION SUPERVISOR. (n.d.). 19 Jun. 2019.
[5] Stitch Fix. June 2019 Investor Report.
[6] Duhigg, Charles. “How Companies Learn Your Secrets.” The New York Times Magazine, 16 Feb 2012
[7] Barth, Susanne and Menno D.T. de Jong. “The privacy paradox — Investigating discrepancies between expressed privacy concerns and actual online behavior — A systematic literature review”. Telematics and Informatics, Volume 34, Issue 7, Nov 2017. Retrieved from: ScienceDirect.com.
