Privacy notices online probably don't match your expectations
Consumers often complain that online companies violate their privacy—but the problem may be with the consumers themselves. According to a new study in the Journal of Public Policy & Marketing, there can be a big discrepancy between what consumers believe that online privacy policies promise and what those policies do in fact promise. Many consumers assume policy protections that were never there.
"The difference between the level of privacy consumers think they have after reading a privacy notice and the level of privacy they actually have can be striking," writes the author of the study, Kirsten Martin of George Washington University School of Business. "Of surveyed websites, 61% transmitted identifying information to at least one outside web domain, following the rules of the posted privacy notice, yet most users state they never approved of being tracked online."
Participants in the study were asked to evaluate a series of hypothetical online experiences and rate to what degree the experiences met their privacy expectations and conformed to privacy notices. Participants then rated the statements "This website meets my privacy expectations" or "This website conforms to the privacy notice" on a scale from -100 ("strongly disagree") to +100 ("strongly agree").
All scenarios actually conformed to the privacy notice and should have been rated +100, yet respondents perceived many sites as not conforming. One reason may be the vagueness of the notices. Firms often use ill-defined terms such as "affiliates" or "third parties" to obscure facts about where a web user's data is being sent. The mere presence of privacy notices can also give web users the false impression that the site cares about privacy and that therefore their information is private.