This House would not allow companies to collect/sell the personal data of their clients
The advent of computing has allowed governments, businesses and individuals to store, collate, analyse, and utilize huge amounts of data. Firms have made use of this power to store the personal data of their customers in order to better understand them and to cater to their needs. Others have even used the data online to offer targeted marketing aimed at the personal profiles of individuals, often created by way of information gleaned from cookies, search histories, etc. that give them a window on the sorts of people using their services. Sometimes even phone numbers, email addresses, and physical addresses are sold in this way. Databrokers such as ChoicePoint and Acxiom purchase data from many sources, including government agencies, businesses, credit bureaus and investigators. They then offer “analytical services” on millions of households. This collation and utilization of data has spawned a secondary market in which firms have sold on their compiled data on individuals to other companies seeking to better understand the marketplace and to find consumers for their products. It is a booming $300 billion-a-year industry.[1]
This vast increase in the dissemination and use of individuals’ private data has resulted in extensive debates across the world, and has spawned many laws, that mandate privacy controls and strict regulation of how this information is used. However as the gathering and use of data rapidly changes the law often struggles to keep up. The European Union for example is in the process of reforming its Data Protection rules that it implemented in 1995.[2] The debate is a serious one, because at its heart is the question of what information people use in their commercial dealings should be accessible permanently by firms and which can actually be distributed to someone willing to pay for. For those who wish to prevent companies from collecting this information this represents a serious violation of privacy and runs the risk of data being misused by firms, and misappropriated by even less savoury institutions, such as hackers. Their opponents, particularly business, on the other hand contend that the efficiency and targeting gains generated by this information-gathering has allowed firms to offer more and better services to consumers, enriching their lives.
The following debate addresses all these issues, focusing on the ethics of the data storage and whether in fact it can lead to meaningfully better outcomes both for consumers and companies.
[1] Morris, J., and Lacandera, E., “Why big companies buy, sell your data”, CNN, 23 August 2012, http://edition.cnn.com/2012/08/23/tech/web/big-data-acxiom
[2] European Commission Justice, “Commission proposes a comprehensive reform of the data protection rules”, 25 January 2012, http://ec.europa.eu/justice/newsroom/data-protection/news/120125_en.htm
Points For
Collecting and selling personal information is a major violation of privacy
The gathering of personal data that companies undertake is done in a fashion that is fundamentally invasive of individuals’ privacy.
When individuals go online they act as private parties, often enjoying anonymity in their personal activities. Companies, particular online services, collate information and seek to use it to market products and services that are specifically tailored to those individuals. In the context of the internet, this means that individuals’ activities online are in fact susceptible to someone else’s interference and oversight, stealing from them the privacy and security the internet has striven to provide since its inception. At the most basic level, the invasion of privacy that collating and using private data gleaned from customers is unacceptable.[1] There is a very real risk of the information being misused, as the data can be held, and even resold to third parties that the customers never consented to giving their data and might well not want to come into possession of their personal details. This can lead to serious abuses of individuals’ private information by corporations, or indeed other agents that might have less savoury uses for the information, most obviously the more places your personal information is the more likely it is to be lost in a data breach with 267million records exposed in 2012.[2] Even when the information is not exposed it may be used in ways that have a real impact on the individual such as determining credit scores.[3] People as a matter of principle should have control over who gets access to their private information. Giving companies that are driven by profit motive to sell on their customers’ data to anyone that might offer a suitable price stands as an absolute theft of personal information and privacy.
[1] The Canadian Press. “Academics Want Watchdog to Probe Online Profiling”. CTV News. 28 July 2008. http://www.ctvnews.ca/academics-want-watchdog-to-probe-online-profiling-1.311784
[2] Risk Based Security, “2012 Sets New Record for Reported Data Breaches”, PR Newswire, 14 February 2013, http://www.prnewswire.com/news-releases/2012-sets-new-record-for-reported-data-breaches-191272781.html
[3] Morris, J., and Lacandera, E., “Why big companies buy, sell your data”, CNN, 23 August 2012, http://edition.cnn.com/2012/08/23/tech/web/big-data-acxiom
COUNTERPOINTMuch of the “personal” data that is kept, collated, and sold is freely available online already and can be protected in many ways. The programmes that are used to collect information online, where most of this collation takes place, often do not ever gain real access to individuals’ identities, but rather only have access to search details. It is highly unlikely that any of this information could be used to identify actual individuals, and where it can it is safeguarded by laws regarding privacy. Furthermore, the information in question is put into the public sphere by individuals availing of services and may well not be guaranteed any form of special protection. They exist and are revealed in the public sphere, and belong there.
Consumers tend to feel alienated by spreading of their personal information for profit
People experiencing the use of their personal details by companies have largely been found to see the process as extremely invasive and unsettling. Many have felt violated by the exploitation of their personal lives to market them products, often from people to whom they never consented to hand over information. This feeling has been demonstrated through significant public outcry and backlash, as well as empirical results showing these attitudes becoming more and more widespread, particularly in the case of online targeted advertising, which is the most well-known use of personal information. The best example of such backlash is the result of Amazon.com’s “dynamic pricing” system, in which the company varied its offerings and pricings to customers based on information gathered about them from prior uses. The result was a severe backlash that cost Amazon business until it ended the policy.[1] This has led to a blunting of the desired outcome of such marketers who experience declines in uptake rather than increased and more efficient reach of marketing. Furthermore, the targeted marketing that arises from these forms of information storage and sale can tend toward stereotypes, using programmes that favour broad brushstrokes in their marketing, resulting in stereotyped services on the basis of apparent race and gender. When this happens it is all the more alienating.
[1] Taylor, C., “Private Demands and Demands For Privacy: Dynamic Pricing and the Market for Customer Information”, Duke University, September 2002, http://public.econ.duke.edu/Papers/Other/Taylor/private.pdf p.1
COUNTERPOINTIt is simply not true that people are bothered by their personal information getting out, or at least they are unwilling to do anything about it. In a recent survey 85% of respondents said they were aware that they were being profiled by advertisers as they browse the Internet.[1] They know that this data is what companies use to enable sophisticated advertising directed at them and to determine what the market wants. While some people feel it a bit disconcerting that their computer seems to know what might interest them, as in the case with targeted advertising based on personal search data, many others have found that the targeted advertising has made the seeking out of desired goods and services far easier. Also, a policy of disclosure such as that mandated in the EU might be employed in which services inform users that their data will be collated and give them the option to leave the site before this occurs so as to ensure that individuals really are aware.
[1] Ives, D., “Anonymizer, Inc. Survey Finds Most Consumers Confused About Online Safety Measures”, Anonymizer, 19 October 2010, https://www.anonymizer.com/company/pressroom/archive/20101019-anonymizer-survey-finds-consumers-confused-about-online-safety/
Data breaches can result in huge amounts of personal data falling into unscrupulous hands
The data collected and sold by companies is not safe. Servers with even the most sophisticated security systems are susceptible to hackers and other miscreants seeking to exploit the personal data of unsuspecting customers. Identity theft is a ubiquitous threat in the Information Age, one that increases every year as the arms race between data protection designers and invaders rages on. Data breaches have been rapidly increasing[1] and although the total number declined from 412 million exposed records in 2011 to 267 million in 2012 this has increasingly been due to hacking rather than simple negligence.[2] The result of these breaches is huge costs to individuals who have their identities and also to firms that appear to be unsafe. As individuals see companies as being uncaring of their information they tend to punish them in the market.[3] There is no opt-in because the individual has no means of seeing to whom the data is sold, and how secure their servers might be, putting them doubly at risk. Firms are better off not playing with fire and keeping data that could have huge potential costs to them if it is lost, and individuals are better off not having their information disseminated across cyberspace without any guarantee of its safety.
[1] Federal Trade Commission. “Privacy online: Fair information practices in the electronic marketplace: A report to Congress. Technical report, Federal Trade Commission”. May 2000. http://www.ftc.gov/reports/privacy2000/privacy2000.pdf
[2] Risk Based Security, “Historically, Over 1.2 Billion Records Exposed According to Risk Based Security, Inc.” Risk Based Security, 22 February 2012, http://www.riskbasedsecurity.com/2012/02/historically-over-1-2-billion-records-exposed-according-to-risk-based-security-inc/
Risk Based Security, “2012 Sets New Record for Reported Data Breaches”, PR Newswire, 14 February 2013, http://www.prnewswire.com/news-releases/2012-sets-new-record-for-reported-data-breaches-191272781.html
[3] Acquisti, A. “The Economics of Personal Data and the Economics of Privacy”. OECD. 2010, http://www.oecd.org/sti/interneteconomy/46968784.pdf
COUNTERPOINTCompanies have been making great strides in the realm of data protection and will no doubt continue to do so as it is in their interest to keep any information they have to themselves. They have far more resources and much more sophisticated equipment than the hackers, and while there are resourceful individuals out there, the power of the corporate structure allows them to fend off attacks with greater and greater effectiveness. As these security technologies become more advanced people should feel more and more comfortable with companies holding their data.
Points Against
Collecting and selling personal information is a major violation of privacy
The gathering of personal data that companies undertake is done in a fashion that is fundamentally invasive of individuals’ privacy.
When individuals go online they act as private parties, often enjoying anonymity in their personal activities. Companies, particular online services, collate information and seek to use it to market products and services that are specifically tailored to those individuals. In the context of the internet, this means that individuals’ activities online are in fact susceptible to someone else’s interference and oversight, stealing from them the privacy and security the internet has striven to provide since its inception. At the most basic level, the invasion of privacy that collating and using private data gleaned from customers is unacceptable.[1] There is a very real risk of the information being misused, as the data can be held, and even resold to third parties that the customers never consented to giving their data and might well not want to come into possession of their personal details. This can lead to serious abuses of individuals’ private information by corporations, or indeed other agents that might have less savoury uses for the information, most obviously the more places your personal information is the more likely it is to be lost in a data breach with 267million records exposed in 2012.[2] Even when the information is not exposed it may be used in ways that have a real impact on the individual such as determining credit scores.[3] People as a matter of principle should have control over who gets access to their private information. Giving companies that are driven by profit motive to sell on their customers’ data to anyone that might offer a suitable price stands as an absolute theft of personal information and privacy.
[1] The Canadian Press. “Academics Want Watchdog to Probe Online Profiling”. CTV News. 28 July 2008. http://www.ctvnews.ca/academics-want-watchdog-to-probe-online-profiling-1.311784
[2] Risk Based Security, “2012 Sets New Record for Reported Data Breaches”, PR Newswire, 14 February 2013, http://www.prnewswire.com/news-releases/2012-sets-new-record-for-reported-data-breaches-191272781.html
[3] Morris, J., and Lacandera, E., “Why big companies buy, sell your data”, CNN, 23 August 2012, http://edition.cnn.com/2012/08/23/tech/web/big-data-acxiom
COUNTERPOINTMuch of the “personal” data that is kept, collated, and sold is freely available online already and can be protected in many ways. The programmes that are used to collect information online, where most of this collation takes place, often do not ever gain real access to individuals’ identities, but rather only have access to search details. It is highly unlikely that any of this information could be used to identify actual individuals, and where it can it is safeguarded by laws regarding privacy. Furthermore, the information in question is put into the public sphere by individuals availing of services and may well not be guaranteed any form of special protection. They exist and are revealed in the public sphere, and belong there.
Consumers tend to feel alienated by spreading of their personal information for profit
People experiencing the use of their personal details by companies have largely been found to see the process as extremely invasive and unsettling. Many have felt violated by the exploitation of their personal lives to market them products, often from people to whom they never consented to hand over information. This feeling has been demonstrated through significant public outcry and backlash, as well as empirical results showing these attitudes becoming more and more widespread, particularly in the case of online targeted advertising, which is the most well-known use of personal information. The best example of such backlash is the result of Amazon.com’s “dynamic pricing” system, in which the company varied its offerings and pricings to customers based on information gathered about them from prior uses. The result was a severe backlash that cost Amazon business until it ended the policy.[1] This has led to a blunting of the desired outcome of such marketers who experience declines in uptake rather than increased and more efficient reach of marketing. Furthermore, the targeted marketing that arises from these forms of information storage and sale can tend toward stereotypes, using programmes that favour broad brushstrokes in their marketing, resulting in stereotyped services on the basis of apparent race and gender. When this happens it is all the more alienating.
[1] Taylor, C., “Private Demands and Demands For Privacy: Dynamic Pricing and the Market for Customer Information”, Duke University, September 2002, http://public.econ.duke.edu/Papers/Other/Taylor/private.pdf p.1
COUNTERPOINTIt is simply not true that people are bothered by their personal information getting out, or at least they are unwilling to do anything about it. In a recent survey 85% of respondents said they were aware that they were being profiled by advertisers as they browse the Internet.[1] They know that this data is what companies use to enable sophisticated advertising directed at them and to determine what the market wants. While some people feel it a bit disconcerting that their computer seems to know what might interest them, as in the case with targeted advertising based on personal search data, many others have found that the targeted advertising has made the seeking out of desired goods and services far easier. Also, a policy of disclosure such as that mandated in the EU might be employed in which services inform users that their data will be collated and give them the option to leave the site before this occurs so as to ensure that individuals really are aware.
[1] Ives, D., “Anonymizer, Inc. Survey Finds Most Consumers Confused About Online Safety Measures”, Anonymizer, 19 October 2010, https://www.anonymizer.com/company/pressroom/archive/20101019-anonymizer-survey-finds-consumers-confused-about-online-safety/
Data breaches can result in huge amounts of personal data falling into unscrupulous hands
The data collected and sold by companies is not safe. Servers with even the most sophisticated security systems are susceptible to hackers and other miscreants seeking to exploit the personal data of unsuspecting customers. Identity theft is a ubiquitous threat in the Information Age, one that increases every year as the arms race between data protection designers and invaders rages on. Data breaches have been rapidly increasing[1] and although the total number declined from 412 million exposed records in 2011 to 267 million in 2012 this has increasingly been due to hacking rather than simple negligence.[2] The result of these breaches is huge costs to individuals who have their identities and also to firms that appear to be unsafe. As individuals see companies as being uncaring of their information they tend to punish them in the market.[3] There is no opt-in because the individual has no means of seeing to whom the data is sold, and how secure their servers might be, putting them doubly at risk. Firms are better off not playing with fire and keeping data that could have huge potential costs to them if it is lost, and individuals are better off not having their information disseminated across cyberspace without any guarantee of its safety.
[1] Federal Trade Commission. “Privacy online: Fair information practices in the electronic marketplace: A report to Congress. Technical report, Federal Trade Commission”. May 2000. http://www.ftc.gov/reports/privacy2000/privacy2000.pdf
[2] Risk Based Security, “Historically, Over 1.2 Billion Records Exposed According to Risk Based Security, Inc.” Risk Based Security, 22 February 2012, http://www.riskbasedsecurity.com/2012/02/historically-over-1-2-billion-records-exposed-according-to-risk-based-security-inc/
Risk Based Security, “2012 Sets New Record for Reported Data Breaches”, PR Newswire, 14 February 2013, http://www.prnewswire.com/news-releases/2012-sets-new-record-for-reported-data-breaches-191272781.html
[3] Acquisti, A. “The Economics of Personal Data and the Economics of Privacy”. OECD. 2010, http://www.oecd.org/sti/interneteconomy/46968784.pdf
COUNTERPOINTCompanies have been making great strides in the realm of data protection and will no doubt continue to do so as it is in their interest to keep any information they have to themselves. They have far more resources and much more sophisticated equipment than the hackers, and while there are resourceful individuals out there, the power of the corporate structure allows them to fend off attacks with greater and greater effectiveness. As these security technologies become more advanced people should feel more and more comfortable with companies holding their data.
The sale of personal data makes for better advertising that benefits consumers
By targeting demographics and personal profiles by way of acquiring and utilizing personal data, businesses are able to put forward their services in a more targeted fashion in order to reach their target markets and to more effectively understand the broader market more generally. The limited budgets that constrain all companies has traditionally forced producers in the mass market to advertise to broad demographics and majority markets, resulting in a relative dearth of niche markets and breadth of services available in the mass market. Utilizing personal data effectively allows firms to enrich the lives of all consumers by expanding the range of marketable products and the furnishing of services to more eclectic tastes.[1] The vast numbers of websites and services proliferating online makes it much harder for people to find what they are looking for, but more importantly what they are not looking for but would want if they knew it existed. Data-mining allows for the channels of information to flow more effectively to consumers (Columbus, 2012). On the individual level companies are able to create individual profiles from information, so they can target them directly with things that might interest them. This strategy is used on Facebook, for example, users are shown ads that most fit their profiles giving them access to services they might not have ever found without the service.
[1] Deighton, J. and J. Quelch, “Economic Value of the Advertising-Supported Internet Ecosystem”. IAB Report. 2009, http://www.iab.net/media/file/Economic-Value-Report.pdf
COUNTERPOINTIt is difficult to see how this advertising is better for business overall. The consumer still has the same amount of money so will overall still spend the same amount. They may spend it on different things as a result of more targeted advertising, assuming that the consumer is not alienated by the personalised advertising, but is that a benefit? Moreover even if companies are successful in advertising their wares more effectively to their customers, it does not change the fundamental violation of privacy upon which such advertising relies. The norm of selling personal data is hugely dangerous to engender in society, as it produces more and more a sense of entitlement to others’ personal lives.
The sort of information being kept and sold is legitimate for firms to utilize in this fashion
Personal information given to companies is dispersed into the public sphere in a limited fashion. Once placed into the hands of a firm it ceases to be any sort of absolutely protected private right (if it ever was), and is instead now within the sphere of the company with which the individual has opted to interact. It is the natural evolution of how people’s information informs the economic sphere.[1] With regard to selling that information on, it is clearly information the individual is willing to disclose in the realm of commerce so it should make little difference what commercial entity is in possession of the data, especially considering that the information is then only utilized to make their experience online more efficient and valuable. It is also important to consider the exact kinds of information conventionally revealed through the personal data mining efforts of firms. They rarely even access the true identity of the user, but rather make use of second-hand information gathered from search histories, cookies, etc. to generate a consumer profile the firm hopes reflects the preference map of the user. The individual's identity is not revealed in these most frequent cases and the information is usable through the impermeable intermediary of security settings, etc. Thus firms get information about users without ever being able to ascertain the actual identity of those individuals, protecting their individual privacy, if such is a concern.[2] For this reason it cannot be said that there is any true violation of privacy. All of these data-gathering efforts of companies reflect the continuation of firms’ age-old effort to better understand their clients in order to best cater to their desires.
[1] Acquisti, A. “The Economics of Personal Data and the Economics of Privacy”. OECD. 2010, http://www.oecd.org/sti/interneteconomy/46968784.pdf
[2] Story, L. “AOL Brings Out the Penguins to Explain Ad Targeting”. New York Times. 3 September 2008, http://bits.blogs.nytimes.com/2008/03/09/aol-brings-out-the-penguins-to-explain-ad-targeting-ok-saul-and-louise-post-with-article/
COUNTERPOINTFirms’ data collection serves as a very real threat to individuals’ privacy and identity on the internet. Anonymity is certainly not wholly guaranteed through these tactics, and the information is not entirely safe. When individuals use the internet they often do not pay close attention to what is happening with their personal data. When they do not even know what information they are giving out they cannot meaningfully keep track of their privacy. Many hackers have made use of companies’ data collection efforts to gain access to peoples’ personal information, thus revealing information that individuals clearly never consented to. There must be some boundaries in the physical and digital world that marketers should not cross. Keeping and selling potentially sensitive information of clients certainly falls in this category.
The storing and sale of personal data aids companies by making marketing more efficient and allows niche markets to thrive
Businesses have been able to use consumers’ personal information to produce far better, more efficient, and more targeted advertising. Traditionally advertisement has been used to reach mass markets and has thus been used mostly as a blunt instrument, targeting the largest and wealthiest demographics in order to get the most efficient use of scarce advertising budgets. The focus on large markets has often left smaller, more niche, markets by the wayside.[1] Yet with the advent of the internet, targeted marketing, and data collection services, firms have been able to create whole new markets that cater to less homogenous needs and wants. The result has been a Renaissance of specialty manufacturers and service providers that could never arise if it were not for the collection of personal consumer data. By targeting their advertising, firms have been able to scale back on the broader advertising, making the whole endeavour less costly and more efficient. On the broader level, companies are able to utilize the vast amounts of individual data compiled to allow them to determine broader changes in society’s consumer desires, to establish aggregate trends.[2] E-commerce accounts for more than $300 billion in the US. This information gathering makes all businesses more responsive to consumer demands and to cause them to change their offered services and products far more swiftly, to the benefit of all consumers. Businesses have thus been able to flourish that might once have languished without access to a means of accessing their market or been unable to change with changing tastes. Because of the proliferation of personal information aggregation we can enjoy a far more efficient business world, with lots of producers that can compete with the larger mainstream on a more even footing, and a mainstream that is more able to meet the ever-changing demand structure of consumers.
[1] Columbus Metropolitan Library. “Using Demographics to Target Your Market”. 2012. http://www.columbuslibrary.org/research/tutorials/using-demographic
COUNTERPOINTIt is not particularly reassuring that it is large organisations and in particular big business that keeps these immense datasets. They have their own agendas for how they use this information and if this is simply for pushing products then many people would want no part of it. Analysis are wary about how big businesses will use big data as there is the concern that it will be manipulated, misread or even just plain wrong.[1] While the information may benefit small businesses it is not these companies that have control of the data; they are reliant on it being shared with them by the already dominant much bigger firms who are likely to choose to do business with other big businesses.
[1] PewInternet, “The Future of Big Data”, Pew Research Center, 20 July 2012, http://pewinternet.org/Press-Releases/2012/The-Future-of-Big-Data.aspx
Bibliography
Acquisti, A. “The Economics of Personal Data and the Economics of Privacy”. OECD. 2010, http://www.oecd.org/sti/interneteconomy/46968784.pdf
Columbus Metropolitan Library. “Using Demographics to Target Your Market”. 2012. http://www.columbuslibrary.org/research/tutorials/using-demographic
Deighton, J. and J. Quelch. “Economic Value of the Advertising-Supported Internet Ecosystem”. IAB Report. 2009. http://www.iab.net/media/file/Economic-Value-Report.pdf
European Commission Justice, “Commission proposes a comprehensive reform of the data protection rules”, 25 January 2012, http://ec.europa.eu/justice/newsroom/data-protection/news/120125_en.htm
Federal Trade Commission. “Privacy online: Fair information practices in the electronic marketplace: A report to Congress. Technical report, Federal Trade Commission”. May 2000. http://www.ftc.gov/reports/privacy2000/privacy2000.pdf
Ives, D., “Anonymizer, Inc. Survey Finds Most Consumers Confused About Online Safety Measures”, Anonymizer, 19 October 2010, https://www.anonymizer.com/company/pressroom/archive/20101019-anonymizer-survey-finds-consumers-confused-about-online-safety/
Linden, G., B. Smith, and J. York. “Amazon. com recommendations: Item-to-item collaborative filtering.” IEEE Internet computing 7(1), 76–80. January-February 2003. http://www.cs.umd.edu/~samir/498/Amazon-Recommendations.pdf
Morris, J., and Lacandera, E., “Why big companies buy, sell your data”, CNN, 23 August 2012, http://edition.cnn.com/2012/08/23/tech/web/big-data-acxiom
PewInternet, “The Future of Big Data”, Pew Research Center, 20 July 2012, http://pewinternet.org/Press-Releases/2012/The-Future-of-Big-Data.aspx
Pinsent Masons. “US Web Users Reject Behavioural Advertising, Study Finds”. Out-Laws. 30 September 2009. http://www.out-law.com/page-10410
Risk Based Security, “2012 Sets New Record for Reported Data Breaches”, PR Newswire, 14 February 2013, http://www.prnewswire.com/news-releases/2012-sets-new-record-for-reported-data-breaches-191272781.html
Risk Based Security, “Historically, Over 1.2 Billion Records Exposed According to Risk Based Security, Inc.” Risk Based Security, 22 February 2012, http://www.riskbasedsecurity.com/2012/02/historically-over-1-2-billion-records-exposed-according-to-risk-based-security-inc/
Story, L. “AOL Brings Out the Penguins to Explain Ad Targeting”. New York Times. 3 September 2008, http://bits.blogs.nytimes.com/2008/03/09/aol-brings-out-the-penguins-to-explain-ad-targeting-ok-saul-and-louise-post-with-article/
Taylor, C., “Private Demands and Demands For Privacy: Dynamic Pricing and the Market for Customer Information”, Duke University, September 2002, http://public.econ.duke.edu/Papers/Other/Taylor/private.pdf
The Canadian Press. “Academics Want Watchdog to Probe Online Profiling”. CTV News. 28 July 2008. http://www.ctvnews.ca/academics-want-watchdog-to-probe-online-profiling-1.311784
Have a good for or against point on this topic? Share it with us!