Question: What’s the difference between marketing-related data mining of consumer behaviors (either online or in the “real world”) and the recent revelations about NSA domestic surveillance? My guess is that it would be very challenging for you to distinguish the two.
In the case of NSA PRISM, the agency is accused of capturing huge volumes of consumer online activity without their knowledge or consent. The government, in the wake of the revelations, said that there are safeguards built into the system and privacy is protected. Effectively the government is saying “trust us,” we’re not really doing anything improper.
With marketing-related “big data” it’s much the same. Huge volumes of consumer behavior and transaction data are being compiled, analyzed and combined. Most of the data mining from online and offline sources are being captured entirely behind the scenes without consumer awareness or (informed) consent. (Clicking “accept” on legal boilerplate terms does not true consent make.)
Ad networks, marketers and related data vendors say that consumer privacy safeguards are built into the system. Effectively this is the same as the US government’s “trust us” statement. The online ad industry wants to “self-regulate” and doesn’t want burdensome disclosure and opt-in rules imposed on it by the FTC or US lawmakers.
While I certainly understand that position, self-regulation as it stands is insufficient to protect consumers from data abuses — especially by third parties who can access the data (e.g., the US).
Perhaps the one major difference between the two scenarios above is the “ad choices” button and the corresponding ability to opt out of behavioral targeting online. Indeed, you can’t opt-out of NSA snooping. But as a practical matter most consumers don’t really know about or understand “ad choices.”
As many surveys have shown, US consumers don’t like being profiled, tracked and targeted by marketers. They want relevant ads but don’t like the idea that their “movements” are being watched. This is also what made so many people uncomfortable following the NSA-Verizon data mining revelations.
As the NSA episode has shown, self-regulation and “trust us” assurances don’t adequately protect against abuse of the rules. In online advertising some mix of externally imposed requirements and self-regulation could work but self-regulation by itself won’t provide for sufficient consumer protection.
The NSA revelations are adding new urgency to Europe’s consumer privacy initiatives and will undoubtedly inform the online privacy debate in the US. But I’m curious to know what you think: has government spying become inextricably bound up with the discussion of online consumer privacy?
There may be more distinctions between big data collection and NSA surveillance but I’m not sure they’re particularly meaningful. I’d be interested to hear your thoughts and arguments — if you can formulate them — about why the two are or are not different.