Who Invited the Pay-for-Privacy Economy?
It’s been a year since the European Union’s ‘General Data Protection Regulation’ (GDPR) came into force , representing what many consider the most significant overhaul of privacy laws in human history. Its impact has been felt not just by organisations required to respond to the regulatory change, but also in the wave of public awareness that followed. In many ways the 25th of May 2018 represented a line in the sand for personal privacy protection beyond just the GDPR, influencing a number of global trends that touch on the prospect of a ‘post-privacy’ future. One such trend is the growth of the ‘pay-for-privacy’ business model.
Some services are technically ‘pay-for-privacy’, like purchasing space within a secure dataroom. But this isn’t what we’re talking about. Pay-for-privacy as discussed here resembles a freemium business model, characterised by two options: pay a monetary fee to opt-out of data collection at some level OR use the service on a discounted basis by agreeing to whatever data collection terms an organisation sets.
If you feel like this model doesn’t sound ideal, it’s because it isn’t. Instead of being a deliberate, inventive business approach in its own right, pay-for-privacy is more so a response to the challenges of another system.
Driving out the data-driven business model
In 2019, it’s common knowledge that many of the internet’s dominant players prefer a data-driven business model to charging directly for their services (ie user’s personal data and online activity become the ‘price’ paid). This is especially so for platform operators like Facebook, YouTube and Instagram, whose users both create and consume content. Like traditional media companies who lead the generation of their own content, platform operators have equally struggled to monetize users directly. Yet platform operators arguably encounter a tougher willingness-to-pay hurdle with users since the value of their platforms flows primarily from the users themselves… (ie why should I pay to provide a company its value?).
However, as more GDPR-esque regulations emerge (the external threat), and users become more alive to their privacy rights and risks (the internal threat), the data-driven revenue model becomes undermined over the long-term. The external threat of regulatory change is already having real commercial impacts on not only compliance overheads, but also the ability to lawfully attract, retain and monetise users and their data due to stringent consent requirements. On the user side, the internal threat of consumer activism has increased the visibility of the data-driven model and eroded the ability to collect and monetise user data with impunity. So, when somethings clearly got to give, enter: the pay-for-privacy economy.
This prospect has been contemplated by executives of the internet’s dominant players for a while now. For example, Sheryl Sandberg, Facebook’s COO, said in interviews last year that any ability for their users to completely opt-out of tracking and data profiling would be a paid offering. No such plans are set to be deployed in the near-term though, which might be for the best. Consumer willingness-to-pay is generally decreased in online settings — one of the reasons why the freemium business model has flourished as a gateway to paying for online services.
But unlike conventional freemium arrangements where users pay for an increase in features or quality, some pay-for-privacy schemes ask users to pay for the same service, plus the comfort of not having their data profiled and monetised. And given that many people view personal privacy as a right and not a privilege, it’s not surprising that when they show a reluctance to engage with pay-for-privacy. But all is not lost for the model, which comes in a number of forms.
Implementing pay-for-privacy
Organisations looking to deploy pay-for-privacy effectively can adopt one of two broad approaches: privacy-as-a-premium or privacy-as-a-discount.
The mechanics of privacy-as-a-premium is in the name: pay extra and rest assured that your privacy while using the service will be improved. GoDaddy provides one of the webs longest-standing and successful (albeit controversial) examples of privacy-as-a-premium. When you a register a domain, pieces of your personal data become publicly available on WHOIS. For a given price the domain registrar will replace your personal details with their own, therefore shielding your details from mass publication (if you’re an EU customer, you get basic protection for free thanks to the GDPR!).
But for platforms operators (Facebook, Twitter, etc) that have previously offered their service for free and wish to move to privacy-as-a-premium, they run the risk of seriously ostracizing their users. Instead of cutting off free use cold-turkey, platforms might look to an old trick known well to many parents and pet-owners around the world: hide the medicine (privacy) within other, tastier treats (value-adding features).
Introducing a ‘premium’ option with a host of feature enhancements, pay-for-privacy being just one of them, may create a more credible quid-pro-quo in the eyes of users. These other packaged enhancements could include removed advertising (seen a lot in freemium), wider access to other users content, greater original content customisation and prioritisation options, or increased optics over profile and content engagement. The commercial goal here is for platforms to package value-adds that cost little to nothing for them, in order to recoup the losses of no longer being able to monetise a users data.
Other platforms may wish to play with a privacy-as-a-discount model: start with a paid service which doesn’t track user data as standard, and then offer discounts or free use to those willing to forgo their data rights. This way, non-paying users don’t feel that they are getting any less of a service, they are just making a sacrifice to access it cheaper. AT&T controversially dabbled with this approach in 2016 with its Internet Preferences program, where customers could save $30USD a month if it allowed the telco to track their online activities. Despite a decent level of uptake, the program was later discontinued amid regulatory and consumer activist pressure.
Playing the compliance game
In some ways, the journey from data-driven to pay-for-privacy tracks the gradual maturing of human engagement in the online world (just think back to when we posted on Facebook profiles like we now do privately on Messenger!). The culture of enthusiastic disclosure that characterised the early days of the mega-platforms is now joined by a smaller, but growing culture of caution when it comes to privacy. And after witnessing numerous high-profile data breaches, as well as the political weaponisation of personal information, this caution seems more than logical.
Even though more and more users want increased or total privacy online, many will want to continue to use online platforms without charge . Perhaps the best that organisations can make of this state-of-affairs is to deploy a freemium approach to privacy. Whether through a premium or discount approach, implementing pay-for-privacy may signal to users that an organisation does in-fact ‘care’ about privacy (so long as someone is paying for it).
Indeed offering pay-for-privacy alternatives may even check regulatory boxes imposed on that organisation, allowing them to wield user consent as a defence to otherwise prohibited practices. But is providing choice an appropriate compliance strategy, or just another way to sustain problematic data practices behind the guise of user control?
While it’s evident that personal privacy is not front-of-mind for everyone, ethical issues can arise where user disclosures are made in pay-for-privacy settings not out of mere indifference, but due to affordability and accessibility. A later article in this series will look at how post-privacy trends like this may be reinforcing socioeconomic barriers when it comes to personal privacy.
