Is Privacy Inevitable?

If you collect user information for one-to-one web marketing use, online privacy is equally as important as the technology you implement and the marketing messages you create for your personalized web campaign.

My goal is to give you a lay of the land so you can make suitable decisions for yourself and your customers.

Do Online Users Really Want Privacy?

IBM recently said “No” to advertising on web sites that don’t post a clear privacy policy. We saw an uproar over Intel admitting that it can identify web users from a computer chip serial number. Customers willing to give up their private information in order to snag a free computer swarm the new Free-PC service. The government is stirring up the privacy pot with threats of legislation, while the European Union’s ironclad data privacy initiative throws many US web sites doing business in Europe into a tailspin.

At the same time, 1998 online purchasing was up 300 percent over 1997. These conflicting data points can lead a web marketer to weep when it comes to figuring out the best tact for his or her online privacy policies.

I’m confused by contradictory actions from online consumers. One moment I think the most stringent privacy policy is called for because online customers are ranting about the protection of their personal information. A recent survey led by AT&T Labs found that users are less likely to provide personal information that is to be shared for marketing purposes. The AT&T survey, “Beyond Concern: Understanding Net Users’ Attitudes About Online Privacy,” revealed:

  • 48 percent of respondents said they would be more likely to provide personal information if there were a law preventing the site from using the information for any purpose other than processing their information request.
  • 28 percent of respondents said they would be more likely to provide it if the site had a privacy policy.
  • 58 percent of respondents said they would be more likely to provide it if the site had both a privacy policy and a privacy seal of approval (i.e., Better Business Bureau).

Then I read that over 1 million people signed up with Free-PC to receive one of the 10,000 free Compaq computers in exchange for their personal information. I guess everyone has a price! (My price: A Porsche Boxster, just in case anyone is wondering.) This event leads me to believe that the government may be a little heavy-handed with their privacy initiatives. I say to myself, “Why bother going to this effort to protect online user privacy, when users don’t care to protect their own privacy?” My opinion is that protecting privacy makes good business sense.

There is also a very practical reason for keeping yourself out of hot water with your customers or with the Federal Trade Commission. Last year, GeoCities got in trouble with the FTC (see FTC news release) because it was allegedly providing the personal information it was collecting from its members to third party marketers. According to the FTC allegations, the web registration form gave users the impression that the information was not going to be released to other companies without prior consent.

Privacy Practice Smorgasbord

Privacy policies are as variable as the variety of web sites on the Internet. The privacy practices of the five most popular online stores visited in December 1998 (according to Media Metrix) are:

  • — The Blue Mountain Arts web site privacy statement is strict and straightforward. Names and email addresses collected are not compiled into a mailing list. They do not share names or email addresses with any other company.
  • —’s privacy statement is in an easy-to-follow question and answer format. Amazon currently “does not sell, trade or rent personal information to others.” However, they say they may provide this information to third parties in the future. Amazon uses an opt-out policy where the customer must send an email to get off the list.
  • — eBay has an extensive privacy statement. They disclose user information to advertisers, but assure users’ identities are not disclosed. eBay doesn’t give users the ability to remove themselves from these marketing lists.
  • Barnes & Noble — Currently, Barnes & Noble does not give information to third parties without users’ consent. They plan to adopt an opt-out privacy practice in the future. Although accessible from the home page, they do not have a web page dedicated solely to their privacy statement.
  • — eToys has a simple and easy-to-understand privacy policy. They do elect to share customer information with third parties, but not at the “individual customer level.” eToys has an opt-out privacy policy to allow customers to take themselves off the marketing list.

It’s important to note that all privacy statements on these web sites are accessible right from the home page. And since IBM is taking a strong stand by only advertising on sites that display privacy policies, I suggest you take a look at IBM’s privacy policy.

As you can see from the above examples, opt-out privacy policies seem to be popular among e-commerce web sites. “Opt-in” is where the default action requires the customer to actively choose to participate in the registration/data collection process. The web site does not collect any information without the customer saying so first. “Opt-out” is where the default action already enrolls the customer in the registration/data collection process. Customers must actively take themselves out of the process.

An emerging privacy practice is to also display a privacy seal on a web site. As indicated by the AT&T study, using privacy seals along with a privacy policy increases online customer confidence. Many of the sites listed above participate in these programs. If you are interested in displaying a privacy seal of approval, look into three programs currently available: TRUSTe, Better Business Bureau Online (BBB OnLine) and CPA WebTrust.

Protect Thy Customer, Protect Thyself

Don’t put yourself in the same spot as GeoCities did with the government. Clear, understandable privacy policies can keep you out of trouble. When you write your policy, test it with customers and others outside the process to ensure that your policies are easy to understand.

Is privacy inevitable? Yes and no. I don’t give this answer because I’m still confused, but rather because there is no single privacy policy approach. It all comes down to what your customers prefer, and what will fulfill your online marketing objectives. Build a privacy policy that protects your customer — and yourself.

Next Week: More on one-to-one web marketing.

Related reading