For the past eight years, the Federal Trade Commission has hosted an event called PrivacyCon, where academics and consumer advocates from around the world present their qualitative research on consumer privacy and data security.
It’s a full day of PowerPoints, graphs, charts, tables and people saying, “Next slide, please.”
That might not sound scintillating on its face, but, believe me, it is.
These academics, in their measured tones, are low-key lobbing empirical grenades directly at what the FTC refers to as the “surveillance advertising business model.”
If you weren’t able to tune in to the most recent PrivacyCon event, which took place this past Wednesday – it was a seven-hour affair, after all – then worry not. I gotchoo.
Here’s what stood out to me. (A non-exhaustive list!)
Ad tech on notice
Lina Khan kicked off the day by noting that the FTC’s recent enforcement actions make it clear “that selling certain sensitive data is presumptively off limits.”
And that’s especially true, she said, when data can reveal intimate details about people’s lives, including where they live, the doctors they visit and the sites they browse.
Although Khan didn’t mention the FTC’s case against Kochava by name in her remarks, she didn’t have to.
“We are looking upstream to establish liability and pinpoint the actors that are driving or enabling unlawful conduct at a massive scale,” Khan said. “We are looking past the consumer-focused applications and zeroing in on the backend infrastructure that is facilitating the commercial surveillance ecosystem.”
Say “ad tech” without saying “ad tech.”
Sticky situation
Question: Have you ever signed up for a service with one click – so easy! – and then found it nearly impossible to cancel at a later date?
If the answer is “yes,” then you’ve visited what’s called a roach motel – a dark design pattern that makes it difficult to leave once you’ve signed up. (It gets its name from those ads in the early 1980s for Black Flag Roach Motel roach bait, the ones with the tagline “Roaches check in, but they don’t check out.”)
Combating dark patterns has been an FTC priority for a long time, but the commission has ramped up its efforts over the past few years. Exhibit A: Its recent enforcement actions against Publishers Clearing House and Vonage and its ongoing lawsuit against Amazon Prime.
The FTC is also proposing updates to strengthen its approach to negative options (aka automatic renewals) to make it easier for people to cancel subscriptions.
The IAB has been up in arms about these potential changes, which it claims would harm consumers by potentially raising prices and making it less convenient for people to manage their subscriptions.
But here’s some food for thought: Consumers straight up hate the roach motel technique, according to research by Monika Leszczyńska, a fellow at Columbia Law School.
They perceive it as “more threatening to their freedom of decision-making and less morally acceptable” than pretty much any alternative approach, Leszczyńska said.
And perception can become reality because it directly influences someone’s decision-making process, regardless of any direct monetary impact.
Listen to what the people are saying
On the subject of perception, people still believe trackers are violating their privacy online, even when companies build ad tech using privacy-enhancing technology (PET).
A joint study conducted by academics at Columbia University and French business school HEC Paris found that although PETs may technically improve privacy, they don’t improve consumer perceptions of privacy.
For example, the researchers asked a representative group of consumers whether they see any difference – in terms of data privacy protection – between individual-level and cohort-based targeting (as seen in the Chrome Privacy Sandbox). The answer was no.
But people rated contextual targeting as much better for privacy than other targeting types and zero tracking as the least violating approach.
Not tracking consumers across multiple websites appears to “considerably reduce perceived privacy violations,” said Klaus Miller, an assistant professor of marketing at HEC Paris.
Seems obvious, perhaps, but there is nuance in the finding: “Interestingly, consumers seem to be indifferent to seeing ads or not seeing ads if they are untargeted and there is no tracking,” Miller said. “It’s not necessarily the ads that bother consumers … It’s the tracking and targeting that seems to elicit these perceived privacy violations.”
So what’s the takeaway?
Because I can’t say it better myself, I’ll leave you with an observation posted on LinkedIn by privacy advocate Arielle Garcia, the former chief privacy and responsibility officer at UM Worldwide:
“It’s the perception of the people that brands are trying to reach that ought to guide our path,” Garcia writes, “not the self-serving proclamations of big tech or desperation to sustain broken, harmful ad tech business models.”
🙏 Thanks for reading! Going forward, this is the clip that’s going to play in my mind when I think about differential privacy. As always, feel free to drop me a line at [email protected] with any comments or feedback.
