Can You Understand Me Now? Privacy Policy Basics

Published June 27, 2018

This week DNA testing service MyHeritage reported that 92 million customer email addresses were exposed, a report that follows on the heels of a virtually constant stream of reports about hacks of consumer information. Why all of the attention about consumer data protection, or put another way, about consumer privacy?

Despite coughing up reams of information about themselves in exchange for often minimal benefits, consumers are now suddenly concerned about their privacy. The concern is not wrong; many of the proposed solutions are.

Some have thought it right to vilify companies that have benefited from the information voluntarily given up by consumers. Yet others would regulate companies out of existence or destroy them with antitrust law. These are all solutions brewed in the D.C. swamp—a centralized government for an increasingly decentralized world. What people really want, and the solution that should be sought, is to preserve the ability to make their own decisions in regards to their privacy.

A cornerstone of the free market is the freedom to contract. The cornerstone of a contract is that parties entering into the contract actually understand what they’re agreeing to. To that end, privacy policies should be made easy to understand, explaining what data is collected and the ways it may be used. This one change alone would truly give consumers more control over their data, as they then could decide whether they really wanted or not to use a certain app or visit a certain website.

Ultimately, the alternative is grim for online companies in a free market. The reality is that pressing the “agree” button to accept the terms of use is really the consumer saying “I trust this company,” because terms of service go unread. If that trust is lost because consumers realize that their lack of understanding results in a bad deal for them, then consumers will flee.

In addition, any set of privacy principles that are enacted must apply broadly. That is to say, consumers will be protected when privacy rules are consistent across the entire internet ecosystem, from internet service providers, to edge providers, to online services. A consistent treatment with consistent rules for all those who compete in the internet ecosystem with access to data is clearly the best way to ensure that consumers understand their protections and adjust expectations accordingly.

A solution to protecting consumer privacy is a slippery prospect, not least because of wide ranging connotations of privacy and often a fundamental misunderstanding of how the internet ecosystem operates. The increasingly normal response to “technology problems” in D.C., Congress openly admitting to being ignorant of how systems operate but proposing legislation regardless, needs to end. If a real, consumer-benefiting paradigm is to be reached, the members of Congress will have to proceed cautiously, armed with a real understanding of the impacts and implications of their action.

[Originally Posted at The Institute for Policy Innovation]