We may care about our personal data, but are we prepared to pay to keep it?
‘Something is free, if someone else pays’ - Anon.
We get many free goods and services online via an opaque barter where, in exchange, companies access our data and try and sell us things. We say we care about our data[1], though if we could retain it, but pay for these products, would we? This option is not always available, but even if it was, it is not clear that we would take it.
There are a number of reasons why we would expect there to be a lot of free online products which require access to our personal data:
Data protection issues are arguably particularly important in smart phones where there’s a confluence of phone, email, web, social media and location data. The potential extent of mobile data collection has been systematically analysed in research by Ilaria Liccardi, Joseph Pato and Daniel Weitzner. They gathered information on over half a million mobile apps on the Google Play marketplace (88% of the apps then available on Google Play in 2012).[2][3] Of these there were around 387,000 (73%) free apps and 142,000 (27%) paid apps. The work analysed the data that the apps requested permissions to access and catagorised them according whether the permission was to access sensitive data or not (For the full list see the paper’s Table 9; one of the most interesting appendix tables ever). The study found that 46% of apps had the ability to access sensitive personal information and transmit it outside the phone, and that paid apps posed a lower privacy risk than free apps.[4] Free apps on average requested a greater number of sensitive permissions. They also accounted for most of the apps requesting many sensitive permissions that were able to send data outside the phone.
One can imagine a world where companies also offer an equivalent product where no personal data is exchanged, but which has to be paid for. That most companies don’t offer this, suggests they do not consider it would increase profits. It is also possible to design experiments to investigate how people would behave if facing a choice between a higher price and handing over less personal information for the same service. Research by Sӧren Preibusch, Dorothea Kubler and Daniel Beresford has found that when consumers have a choice between two online stores selling the same kinds of products, one requiring more extensive personal data disclosure (e.g. asking for mobile phone numbers, monthly income and date of birth)[5], but lower prices then they tend to purchase the product from the cheaper store.[6][7] This is despite three quarters of the experiment’s participants (who did not know the purpose of the study) stating in response to survey questions that they were very strongly interested in data protection.
If we were prepared to pay to retain our data that would suggest we value it, and the most obvious interpretation of this empirical and experimental evidence is that we don’t. It is questionable whether we are well-placed to make this call, however. We typically don’t appreciate the extent of the information we are handing over and what happens to it (that it can sometimes be made available to third parties for example). We don't understand what the potential effects of targeted adverts on us and, increasingly, personalised pricing and offers might be - it may not be someone else who is paying. It is therefore hard to form a view on what retaining our data might be worth to us. There are great benefits from the use of our data, and the economy is only going to get more data driven, but there can be costs for us too and we should have a better understanding of them. This is an area where we need more transparency, research and education. Ignorance is not bliss, it is ignorance. We need to understand the price of being free.
Acknowledgements: Thanks to the Meaningful Consent in the Digital Economy project at Southampton University for enabling me to attend their workshop and to George Windsor for his comments on the post.
[1] 67% of people in a 2015 Eurobarometer poll, said they worried about having no control over the information they provide online.
[2] Liccardi, I., Pato, J. and Weitzner, D. (2013) ‘Improving Mobile App Selection through Transparency and Better Permissions Analysis’, Journal of Privacy and Confidentiality: Vol. 5: Issue 2, Article 1.
[3] It was possible to undertake the analysis on the Play platform, as the permissions an app requests is accessible without having to install the app itself. How the findings may have been affected by subsequent changes to the Play platform, and the apps on it, is unclear.
[4] Sensitive permissions include for example: being able to access location data, being able to read gmail on the phone, being able to take photographs with the camera, being able to modify contact details and being able to receive SMS.
[5] There was little evidence that the participants provided false information.
[6] Preibusch, S., Kubler, D. and Beresford, A. (2013), ’Price versus privacy: an experiment into the competitive advantage of collecting less personal information’, Electronic Commerce Research. 2013, Issue 4, pp 423-455.
[7] As the authors point out, this does not rule out privacy aware business models as, all other things being equal, the higher privacy company will via the higher price earn a greater profit margin. For a discussion of some of the new business models that are developing, see here for a review of the Personal Information Management Systems market.