|
Why Do Companies Violate Privacy?
A profit driven company will only pursue activities in which the net benefit is positive. Consequently, despite the privacy backlash against companies, there is obviously a positive return from the acquisition of personal data for direct marketing. In fact, this process is simply driven by the desire to screen out unlikely candidates from a marketing message.
This innocuous objective would seem likely to be greeted with enthusiasm from consumers. Unfortunately, the theory is not as pure as the execution. First, even a highly targeted direct marketing piece will only receive a 25-30 percent success rate, i.e. two out of three individuals are still receiving an unwanted advertisement. Secondly, individuals are more concerned with how a marketer attained their personal data rather than the fact that it has been attained. This is the breach of privacy: the individual has no knowledge or control of this flow of data. He cannot access the information, he cannot change the information, and he cannot delete the information -- even if he would like to correct inaccurate information to help the advertiser screen him out!
Many times, a company's acquisition of personal data is not initially perceived to be a violation of privacy. Consumers routinely provide information to companies with the expectation of receiving personalized services or shopping discounts. In fact, this personalized, one-to-one marketing is one of the most attractive promises held out by Internet technologies. However, the data's inherent value creates an seductive temptation to abuse the consumer's trust and utilize the data for other purposes (which GeoCities allegedly did).
Self-regulatory Initiatives
Self-regulatory proposals, such as TRUSTe and BBBOnLine, attempt to muzzle this temptation. However, the responsibility for privacy assurances sits in the hands of each Web site - designating the proverbial fox to guard the hen house. As Fred Davis, CEO of Lumeria puts it, "In the morning, the hens have disappeared, there's blood and feathers everywhere, and the foxes blithely state that the alarms didn't go off so there must not be a problem."
The Federal Trade Commission, the European Union, and the entire privacy community have noted that these systems offer minimal recourse beyond the Web site owner. The underlying problem is that a company's privacy policy is not legally binding. (In fact, some privacy advocates suggest that privacy policies are legal disclaimers!) Consequently, neither the government nor any other third party entity can step in to assist the individual. Moreover, even the self-regulatory organizations have demonstrated their impotence. For example, after the recent discovery that Microsoft software could track every document a user creates, TRUSTe (which receives considerable funding from Microsoft) concluded that the breach of privacy was not web site related and therefore Microsoft did not violate the terms of its license with TRUSTe.
