understanding the importance and impact of anonymity and authentication in a networked society
navigation menu top border
navigation menu bottom border
left side navigation top border

left side navigation bottom border

left side navigation top border
left side navigation top border

main display area top border
Negotiating Privacy Decisions: Roadblocks and Detours on the Information Highway PDF Print
Negotiating Privacy Decisions: Roadblocks and Detours on the Information Highway
By:Jacquelyn Burkell

September 13, 2005

I was getting a tour of MSN Messenger the other day – thanks to my research assistant. Of course, I know that MSN Messenger collects and uses personal information, and before signing on as a member I carefully read the Terms of Use to see what I was agreeing to. Things were pretty much as I anticipated until I reached this language:


We may change this contract at any time. You must review this contract on a regular basis. You can find the most recent version of the contract at http://messenger.msn.com/Help/Terms.aspx. The changed contract is in effect right away. If you do not agree to changes in the contract, then you must stop using the Service. If you do not stop using the Service, then your use of the Service will continue under the changed contract.

Although I was not completely surprised to learn the degree of my personal responsibility in ensuring that my privacy needs continue to be met, to read it in such clear language was a bit disconcerting. It seems that MSN reserves the right to change our agreement whenever they want – and the responsibility is mine to figure out when or if that has happened. It makes me feel a little better to read this language in the MSN Privacy Policy (as opposed to Terms of Use, above):

Changes to this Statement

We will occasionally update this Privacy Statement to reflect changes in our services and customer feedback. When we posts changes to this Statement, you will see the word "updated" next to the MSN Privacy Statement link on the front page of MSN. If there are material changes to this Statement or in how Microsoft will use your personal information, we will prominently post such changes prior to implementing the change. We encourage you to periodically review this Statement to be informed of how Microsoft is protecting your information.

But I must admit to a pretty high degree of confusion. If the Privacy Policy changes, will they tell me, or won’t they? If they do ‘tell me’, what form will it take? How much notice will I have? How do I go about revoking my consent if I decide to do so?

This last issue is particularly difficult to navigate, and represents a real tension between marketers and consumers. Obviously, for marketers the point is to have ongoing access to your information, and to retain the right to market to you. Web sites want your information now, and they want to continue to have access to that information in the future. From their perspective, if you say ‘no’ to information release, it hurts them:

"Whenever a customer unsubscribes from future marketing messages, it has a measurable impact on the bottom line. Losing permission limits your ability to market your products or services to the customer. It also limits your ability to manage the relationship with this customer. We call this dynamic "permission churn.""

Lyons, D., & Fletcher, W. (2002, June). Ask for permission and keep your customers. Customer Inter@ction Solutions. 20(12), 40-44.

They respond by making privacy policies complex and difficult to understand, by assuming consent and requiring consumers to ‘opt out’ in order to protect information, and by making it difficult to revoke consent once offered.

We are currently examining the privacy policies on the web sites that kids use, and we’re finding that most web sites don’t make it easy – in fact, quite the opposite. On many sites, privacy policies are difficult to find, difficult to understand, and difficult to navigate (requiring the user to follow a large number of links to get the full policy). There are, of course, exceptions, where the link to the privacy policy is evident, the language is clear and understandable, and the document itself is self-contained and complete. But these exceptions are relatively few and far between.

In some cases, initial consent is assumed, and consumers are required to ‘opt out’ if they want their private information protected. In the U.S., for example, the Financial Services Privacy Act requires that consumers have the option of ‘opting out’ of the sale of their personal information to other parties. Financial institutions, however, want to maintain this right, and there are explicit strategies for doing so:

“DO include unsubscribe information in every communication you send. HOWEVER, this information does not have to be a direct hyperlink, nor should you feel you need to make it too easy to opt-out. It's a fine line you walk here - you don't want folks opting-out on a whim, just because they got up on the wrong side of the bed that morning. By the same token, you must make it possible for them to say "Thanks, but no thanks." One or two extra steps to the opt-out procedure are acceptable”

It is no surprise that organizations such as the Privacy Rights Clearinghouse have taken the step of creating information sheets such as ‘Financial Privacy: How to Read Your Opt-Out Notices’ – opt-out notices are not written to be clear, understandable, and easily executable. They are written to minimize opt-out. It gets worse, of course. Not only do companies make it difficult to exercise an ‘opt out’ option, they may in fact share the information they collect from you for the purpose of opting out.

Even in the case of exemplary privacy policies, requirements for opting out or revoking consent are unclear and difficult to follow (read the ‘your choices’ section in this otherwise exemplary privacy policy and see if you understand how you would cancel your registration). The Direct Marketing Association offers “Consumer Assistance – how and where to find help”. One link on this page ostensibly tells you “How to get your name off e-mail lists” – but when you follow the link it is ‘not found’.

In the vast majority of cases, privacy policies, opt-out procedures, and procedures for revoking consent are designed to be difficult to understand and, in the latter two cases, difficult to implement. It isn’t that the problems couldn’t be resolved – in fact, just the opposite. Marketers are using their knowledge of consumer motivation and psychology to design policies that maximize information release – consumers need to get into the act and demand policies that make it easier both to understand what their consent means, and to withdraw that consent if they wish.

Thanks to Melissa Cheater and Jackie Strandberg for their research assistance.
main display area bottom border

.:privacy:. | .:contact:. | .:1rxdrugs.net:.

This is a SSHRC funded project:
Social Sciences and Humanities Research Council of Canada

© 2014 On the Identity Trail
Joomla! is Free Software released under the GNU/GPL License.