Public Release: 

Privacy notices online probably don't match your expectations

American Marketing Association

Consumers often complain that online companies violate their privacy--but the problem may be with the consumers themselves. According to a new study in the Journal of Public Policy & Marketing, there can be a big discrepancy between what consumers believe that online privacy policies promise and what those policies do in fact promise. Many consumers assume policy protections that were never there.

"The difference between the level of privacy consumers think they have after reading a privacy notice and the level of privacy they actually have can be striking," writes the author of the study, Kirsten Martin of George Washington University School of Business. "Of surveyed websites, 61% transmitted identifying information to at least one outside web domain, following the rules of the posted privacy notice, yet most users state they never approved of being tracked online."

Participants in the study were asked to evaluate a series of hypothetical online experiences and rate to what degree the experiences met their privacy expectations and conformed to privacy notices. Participants then rated the statements "This website meets my privacy expectations" or "This website conforms to the privacy notice" on a scale from -100 ("strongly disagree") to +100 ("strongly agree").

All scenarios actually conformed to the privacy notice and should have been rated +100, yet respondents perceived many sites as not conforming. One reason may be the vagueness of the notices. Firms often use ill-defined terms such as "affiliates" or "third parties" to obscure facts about where a web user's data is being sent. The mere presence of privacy notices can also give web users the false impression that the site cares about privacy and that therefore their information is private.

The bottom line is that traditional privacy notices are not enough, and alternatives should be explored. "The Platform for Privacy Preferences Project, for instance, enables web browsers to automatically detect a site's privacy policy. Users can then set their browsers to a preferred privacy level rather than read each site's notice," Martin notes. "Firms may want to change their practices altogether. Recent research has suggested that advertising that relies on personal tracked data is less effective than once believed. For now, much more work should be done to understand how a person's interpretation of privacy notices matches their privacy expectations."

p>

###

Kirsten Martin. "Privacy Notices as Tabula Rasa: An Empirical Investigation into How Complying with a Privacy Notice is Related to Meeting Privacy Expectations Online." Forthcoming in the Journal of Public Policy & Marketing. For more information, contact Kirsten Marti or Mary-Ann Twist.

<

Disclaimer: AAAS and EurekAlert! are not responsible for the accuracy of news releases posted to EurekAlert! by contributing institutions or for the use of any information through the EurekAlert system.