Slashdot Mirror
Online Shoppers are Willing to Pay More for Privacy
Caroline Matische writes "People are willing to pay more to buy items from online retailers who make their privacy policies clear, a new Carnegie Mellon University study showed. People were more likely to buy from online merchants with good privacy policies and were also willing to pay about 60 cents extra on a $15 purchase when buying from a site with a privacy policy they liked."
Privacy is central to our dignity and our basic human rights. Privacy ensures and protects our rights to free assembly and free speech, especially in areas where the governments would seek to curtail these rights. The right to privacy ensures our autonomy in the world and in our affairs. Think of your information as a gift you give to agencies and people you trust. How do you feel when any gift you give is "regifted." How do you feel when something you say in confidence is repeated and spread through your community, whether that is your office of group of friends. How would you feel if a friend gave your phone number out to every person who asked them. How would you feel if a friend revealed an embarrassing medical condition you had or a financial problem you were struggling with. Thinking of privacy in these terms helps you to see why your privacy is an important part of your life.
This study is BS. Purchase a sex toy? How can this study even be valid. How about trying books or something like that?
That's ridiculous. Users should expect, no, demand privacy, not have to pay for it. Privacy should already be there, because the user has to trust the company to handle their data correctly.
I won't trust a company that makes people pay for "extra privacy." That screams distrust to me.
Colin Dean Go a year without DRM
I just say, I'm going to use my Ben Franklin Card today. If the store clerk then asks for my phone number or email address, I just remind them of the airtight Ben Franklin Card privacy policy.
People look for the "shipped in plain brown packages" when buying porn related items.
Isn't the notion of a "company respecting user privacy" illusory? In other words, when you give your private information away, you're not giving it to another person. You're giving it to a corporation. If the management changes, if the shareholders demand a greater quarterly return, the same company can alter their "privacy policies" and sell all the information they like. Sure, a random user can sue, but can they afford the same kind of attorneys as the company? There's an old proverb about "what you whisper in your room will be shouted from the rooftops". I don't think that changes in the internet age. Jed Check out the Ad-Supported Music Central blog: http://ad-supported-music.blogspot.com/
If I can order a TUTU in my underwear, I'm good.
If you could reason with religious people, there would be no religious people
Sgt. Pepper's Lonely Hearts Club Band- The Beatles [1] - 10.99
Logitech 2-Button Mouse [1] - 15.99
Secure Purchasing w/ Advanced Privacy Protection - 4.99
Sub Total - 31.97
Please enter your credit card information, date of birth, and social security number to proceed to checkout.
Given the evidence presented in the article, I'd draw the conclusion that shoppers don't care about privacy.
The reality is that someone asked the wrong question.
Pay for privacy? News flash - we're shoppers, customers, not your servants.
And, if you're from the EU, you have privacy rights.
Same goes for Canada.
-- Tigger warning: This post may contain tiggers! --
Privacy is a fundamental demand of human culture since the evolution of Homo Sapiens, as a way of providing security. Why should it be any different now? People naturally wish to keep their activities and thoughts (which are shown through actions) hidden from others, unless there is a reason for the otherwise. Also, in this age, with internet crime up and political and criminal tracking over the internet, this fundamental demand is displayed even more, to protect individual security. The only thing I wonder about is, how many shoppers actually read the privacy policies?
Idiot taxes are fees we pay to avoid the usual way vendors or governments do things, which is not only mediocre but criminally oblivious. You pay idiot taxes through insurance, higher prices, and of course the need to move when your neighborhood gets filled with violent idiots.
Let's examine a typical online purchase...
Purchase price: $24.32
Fee for non-insane privacy policy: $0.60
Fee for secured, audited servers: $0.81
Fee for someone to do anything when something goes wrong: $0.72
Fee to hire non-stupid people to pack up items: $1.41
Fee to ensure product listed is what's sold: $0.92
Total cost: $28.78
Equivalent cost locally: $30.78
Peace of mind: priceless
technical writing / development
It varies, depending on to whom you give your information.
In most of Europe, companies are bound by laws implementing the EU's Data Protection Directive, which makes it clear that your data is not just another asset of the company which collects it, and that companies can only process it for the purposes for which you gave them the data.
In the US, companies howl with outrage at the prospect that they should treat their customers with similar fairness. You could argue that resisting even the smallest extra expense is in the short term interests of their shareholders. Of course that ignore the possibility that ethical policies may increase customer loyalty, and better serve their shareholders' longer term interests - as well as being "The Right Thing".
There is a lot of nonsense spoken about "impersonal corporations". Folk forget that it's actual human beings who make the "decisions of the corporation". Some of those people do good and some do evil.
Maybe they should be held to account?
Paul "Say no to feeping creaturism"
I usually read an online shop's privacy policy before buying (along with their other policies). And it's usually legalistic gunk, with a truste logo slapped on, which is worthless given that most policies say "we can change this anytime without prior notification".
So how do you rate what they _do_ instead of what they _say_?
Fatal flaw: the study told the subjects how to act. They were confronted explicitly with the privacy "device" developed by the researcher. They knew what was being measured and allowed to behave freely. In such circumstances subjects consciously or otherwise will attempt to conform to the implied expectations of the researcher.
. html#posts). Their poll is flawed for the same reason (it ends up measuring what people say they'll do or show others they'll do, not what they really do) but the article has some good observations.
MSNBC has an article on the same subject (http://redtape.msnbc.com/2007/06/price_of_privac
"I may be synthetic, but I'm not stupid." -- Bishop 341-B
"Privacy policies" fall into one of two categories:
1) A length legalese document more complicated than a home loan;
2) One line "promising" never to sell or otherwise disclose personal info.
The only thing a consumer can "like" is whether they care and/or trust the vendor, regardless of any so called "privacy policy" (obvious and displayed prominently, or obfuscated under a mountain of half broken links).
Researcher: Would you be willing to help us out today by answering a few questions and buying something online? We're researching consumer buying decisions as they correlate to privacy policies of internet merchants.
Woman in Mall: Sure, what do I have to buy?
Researcher: Just batteries. Oh and a... um... vibrator.
Woman in Mall: <turns around and walks away looking for security>
Researcher: But you get to keep it!
Woman in Mall: Well, I guess if it's for scientific research...
http://www.cpsr.org/issues/privacy/whyPrivacy
Is that now every shoddy internet business is going to have a big serious looking "we care about your privacy" notice stuck somewhere prominent (but not prominent enough to displace advertising).
They won't change their actual privacy policies or anything, and they'll still leak credit card details etc. to the highest bidders.
Think I'm being cynical? Maybe. But think about it, this is bound to happen.
I am government man, come from the government. The government has sent me. -- G.I.R.
Customers pay for service. If they are willing to pay more for privacy, this means that privacy is equated with a service that can be bought. Since then is privacy something you buy? Isn't privacy a right? Should we pay to enjoy our rights? I am afraid that the blatant lack of privacy has made even the customers to abandon the idea that they have this right as an unrealistic romantic ideal and accept the harsh reality that in today's corporate jungle there are no rights and everything can be sold and bought.
So how do you rate what they _do_ instead of what they _say_?
All that can really be done is to pass laws that make inappropriate data sharing unprofitable. This is the only way to make good, privacy respecting service competitive and fix those places where market forces or bad laws have eliminated choice.
Friends don't help friends install M$ junk.
Google just paid 3 *billion* dollars for doubleclick.
And ChoicePoint, which supposedly paid ~$5 million after their little data Valdez incident, seems to be chugging along quite nicely thank you.
Yeah, toothful privacy laws in this country would be great. But for now, I want useful independent information about bad actors so I can avoid them when possible.
I always check resellerratings.com to see what other people think about an online vendor before using them. It would be nice to have independent information about privacy as well. And truste doesn't cut it.
Really, what are you paying extra for?
So that the store wont stick you on a Spam list?
Wont use your Credit Card drain your bank account?
What is the actual cost involved in limiting your supplied information to the transaction at hand?
If the store even hints that my info is going to be used beyond what it is supplied for, I wouldn't touch the place with a 10 foot pole.
You are aware of course that DOS as a consumer operating system has not existed since 1999 when Microsoft released Windows 2000. Is "WinDOS" supposed to be funny or demeaning or what?
Shopping online, I pretty much never give out my real phone and e-mail--if you do, you're just asking for spam and telemarketing calls. Oddly enough, I almost get none! Just give your credit card info and correct address (nobody much bothers with junk snail-mail anymore), take down the confirmation number from the purchase, and you're set! If the package doesn't arrive when it's supposed to, YOU call THEM with the confirmation number and see what's up. I've always done this over the years and never had a problem occur. You never become an advertisement vector for them, and the most abuse-able forms of your personal information are kept private.
Heck, for sites and services that demand stuff like birth dates, or that ask for answers to private questions for security reasons, always use fake info that you'll remember. What is my mother's maiden name? Smellypoo, of course!
It's so easy, I can't believe everyone doesn't do this.
Comment removed based on user account deletion
Get it right here, folks! Our new and improved, government approved, battery powered, vibratin' cucumber! Only 19.95, plus shipping and handling. And NOW! For the first time ever! Our first 3,000 customers get a Premium Privacy Policy for the super low price of just $8.75!(plus tax)(Viod where prohibited by law) Yes, this policy protects you like no other. Spammers will have to pay us twice as much to get this mailing list! So your protection is doubled!
What?
From TFA: Participants in the laboratory study...
I've seen over and over again that when you place Internet users in an environment where they are being watched, and know they're being watched, their behavior changes. If you were participating in a study conducted by the Carnegie Mellon Usable Privacy and Security Lab, using their own "Privacy Finder" search engine, don't you think your behavior would be a bit skewed?
I'm all for privacy, and for giving consumers a choice about whether they want to let companies have their personal information. But this study, at least as it is presented in the article, doesn't seem very rigorous in its methodology.
Read the EFF's Fair Use FAQ
For example, I have it from a reliable source that one Alexander Harris (ph: #randombignum) recently purchased an external hdd (using cash) at the very same store where one Ben Franklin had previously purchased an optical cordless mouse (also with cash).
As long as the website actually HONORS its own pledge. I recently purchased something from a website that claims " your personal information is never shared except with our marketing partners. Your credit card is used strictly for your purchase and will NOT be shared with anyone."
Long story short I got a call 3 mos after buying something from them, from some jerk trying to send us $40 in free gas vouchers if we sign up for a service that is $1 for the first month, $20/mo after that. Took forever to convince the jerk I didnt want thier crap. Thanks to a freak series of events, I was able to determine that they got the info from this particular website. The kicker? They already had the credit card number and were ready to bill us as soon as we said "send the vouchers".
So even tho websites claim they protect your info, they may not.
"Extra privacy" sounds to me like the "second" key of your wives chastity belt when you leave home
?
This sounds strangely like what Universal Studios and Disneyland do:
Make money from the long waits in lines by charging people to cut to the head of the line.
In effect, you are making money by providing poorer customer service.
Which would you choose? Spend money keeping customers happy (and making money from repeat business as a result of good customer service), or make money from crappy service (and saving money from keeping them happy)
Knowing Google's lust for data collection, the Soviet Union is still alive and well inside the psyche of Sergey Brin....
The idea here is that they're looking for sites that have a privacy policy expressed in XML, something that's been working since 2002 but never really caught on.
Even the few sites that use that have problems. Check out Bankrate.com. According to PrivacyFinder, their policy, from the XML, can be summarized as "BankRate.com may share your information with: Companies that help this site fulfill your requests (for example, shipping a product to you), but these companies must not use your information for any other purpose". Sounds good, and Privacy Finder gives them a high rating.
But their privacy text associated with the XML says "Bankrate uses your personally identifiable information to customize the advertising and content you see on our Web pages, to fulfill your requests for certain products and services and if you permit us, to contact you about special offers and new products. Unless you are entering one of our sweepstakes, Bankrate does not currently share, loan, rent or sell your personally identifiable information."
Their privacy policy text page lets them do even more: " Bankrate uses your personally identifiable information as follows: ... to contact you and deliver information to you that, in some cases, is targeted to your interests, such as targeted banner advertisements, administrative notices, product offerings, and communications relevant to your use of www.bankrate.com." The text policy is far less restrictive than the one associated with the XML.
Similarly, check out Wachovia Financial Services. The XML says they don't share your personal information, but their text privacy page says they can share, say, your loan information with their brokerage, insurance, and credit card units for marketing purposes.
This isn't looking good. And those are major legitimate companies. Further down the food chain, it looks much worse.
It depends on where you are. Here in Europe we have pretty damn clear privacy laws, and a habit of slapping corporations with massive fines for breaking the laws. Plus the usual legal concept that you can't let someone make a profit from breaking the laws, i.e., the punishment has to at the very least be bigger than the illicit gains.
Plus, we don't depend on random users suing, but have government and EU agencies for enforcing the consumer rights. They _can_ afford good lawyers.
So shareholders can't really demand that a company breaks the law, especially since they'd make no profit out of that.
However, that in turn amounts to having a political system which can't overtly bend over to the highest bidder. (Not that covert deals don't exist, mind you.) That's why you can count on the state's agencies to be on your side.
It starts with parliamentary systems where parties have to actually fight for the votes, and where usually no single party has 51% of the votes. So if one does something blatantly wrong, an alliance can re-form the other way at the drop of a hat, turning them from member of the winning alliance to opposition. It's not even ethics as such, it's that there are a lot of parties who can profit from someone else's unpopularity. So chances are even rumours of corruption and favoritism make a party drop someone like a hot potato, so they don't give the others ammo.
And the more fun part is the EU itself. There is no central government which can usurp the rights of the states, since we _are_ a bunch of sovereign countries in a fragile alliance. So they tend to keep an eye on each other. There is no "european" company, there are a bunch of French, German, British, etc, companies. And if, say, a german company were to break the trade laws, you have the French, Brits, Italians and everyone else who don't feel any duty to defend them. In fact, they go, "oi! if our companies aren't allowed to do that, then neither is yours, mate!"
A polar bear is a cartesian bear after a coordinate transform.
So they give people a search engine that highlights results that their privacy policy parser likes and claim that because people tended to click on them they were confirming their interest in privacy while shopping online? You think if google started randomly putting stars next to some of their results that to wouldn't influence click throughs?
Then they say that people were motivated to really shop around to save a buck or two? A couple bucks is no real economic incentive for an adult to do anything beyond clipping a coupon. And further the item they were buying was a VIBRATOR! Drawing parallels between a customer's privacy concerns and purchasing patterns when buying sex toys and say a portable hard drive (last thing I bought online...) is absurd. I believe that people care about two things when shopping online: price and service.
It boggles my mind that stuff like this can garner this kind of attention without everyone calling BS.
They don't have to (no law) and there's no requirement for the one getting that info to tell you where it came from (no law).
So how do you know who to abandon for abuse of your privacy? Or are you just going to boycott them all?
Reduce, reuse, cycle
What if the company is supposed to send you some data via email, and the message was handled as spam and rejected by your server?
You'll miss the message, thinking the company is a bad one. On their end - they attempt to get in touch with you because they have received the failed delivery report; but they fail to contact you because all the data you provided were bogus.
Sometimes the customer may figure out something like this has happened and contact the company. Other times the customer sends a nastygram to the company asking for refunds or simply being rude - even though it's not the company's fault. Other times they just talk to the credit card company, which will refund the money without asking for details or contacting the seller first.
As you can see, there are drawbacks, so I think that's why not everyone does this.
The saddest poem
The privacy information used in this study was gleaned from website P3P policies (machine readable privacy policies). The users state their privacy preferences to the user agent so that the user agent can make an automatic determination of whether or not the privacy policy complies with user preferences. Currently a little over 10% of the whole Internet uses P3P, whereas over 20% of online shopping sites use P3P (http://lorrie.cranor.org/pubs/icec06.html).
Then I realized that if your privacy 'gets broken' for batteries, you are likely to get catalogues about batteries in the snailmail.
But if you privacy is 'broken' for the sex toys, you get catalouges about sex toys.
Cleary, people WANT to get sex toy catalogues in the mail.
excitingthingstodo.blogspot.com
That's pretty cool. I didn't realize.
How sad that this is such a unknown!