By Alain Samson
Americans’ confidence in organizations’ ability to keep their personal information safe is at an all-time low. In the post-Snowden era, this is particularly evident in relation to the government. But it also applies to various companies operating on the internet. In a recent survey, 69% of adults said that they were not confident that records of their activity maintained by social media sites will remain private and secure. Historically, most of us have been concerned about information privacy on the internet. But when it comes to our actual behavior, many of us liberally share personal information online, a finding termed the ‘privacy paradox’ in the academic literature.
Why this apparent gap between attitudes and behavior? The prominent online privacy researcher Alessandro Acquisti and his colleagues offer a couple of possible explanations. Firstly, there may not be a paradox at all. According to this view, we can all agree that privacy is important to us in general, but when it comes to particular online situations, we may decide that the benefits of information disclosure outweigh the costs. A second explanation holds that, while we care about privacy, we’re uncertain about privacy trade-offs and our own preferences, and our behavior is influenced by situational factors — often unconsciously.
Here’s five reasons* why we often act against our own interest by compromising our online privacy from the perspective of behavioral science:
Feeling secure
People are more likely to share personal information online when they trust the party that they are sharing information with or when they feel in control. Unfortunately, this sense of security may be either false or have unintended consequences. A study found that people ended up sharing about 20% more of their sensitive information when they were given a greater sense of control over how of their information would be used. Naturally, that’s not what providing control is designed to achieve. Elsewhere, 62% of survey respondents incorrectly believed that the mere existence of a privacy policy indicated that a website could not share their personal information without a user’s consent. This means that a site can rightly or wrongly make consumers feel protected by simply referring to a privacy policy.
Cues
The web is full of visual and verbal signals that affect the way we think or behave, including references to the privacy policies mentioned above. Seals like TRUSTe and BBBOnline explicitly serve as cues to increase trust. The overall design of websites also influences privacy behavior. However, while we might expect professional looking sites to increase the likelihood of visitors sharing their information, the opposite can be the case. One experiment found that people were more likely to disclose personal data on an unprofessional looking website. Why? Although we might expect greater data security from a professional looking site, people simply feel more comfortable sharing personal information in a more casual online environment.
Instant gratification
Humans can be quite impulsive. To put it more mildly, we tend to live in the moment and value the here and now. Did you bother to inform yourself about the online retailer’s privacy policy when you ordered that pair of sneakers the other day? Most likely not. Your primary concern was probably to get your order finalized. Imagine what your life would be like if you did in fact read all of this information. It has been estimated that the opportunity cost for U.S. consumers taking the time to read privacy policies would be around $781 billion.
Other people
When we see other people reveal their personal information we’re more likely to reveal it ourselves. An online survey entitled ‘Test your Ethics’ asked New York Times website visitors a number of sensitive questions regarding their engagement in questionable behaviors (e.g. ‘Have you had sex with someone who was too drunk to know what they were doing?’, ‘Have you stolen anything worth more than $100?’, etc). After answering each question, people were given information about the responses of other survey participants, which was manipulated to show either high or low rates of admission. When respondents were made to believe that a majority of others had admitted a questionable behavior, their willingness to disclose their engagement in other sensitive behaviors increased by 27% on average. Of course, other people’s actions have a particularly strong effect on what we do on social media, where we disclose information as a matter of reciprocity. But there are ‘silent listeners’.
Defaults
Online entities can change the online choice architecture to make information disclosure more likely. The best example of this are default settings – whether or not people have to opt in or opt out of options that affect their privacy. A classic case occurs with check boxes about future email marketing when we provide our email address online. A study that tested different question framing (‘DO NOT contact me…’ vs ‘Contact me…’) and default options (Yes / No checked vs unchecked) found that different framing and default options can double the rate of agreeing to be contacted. On Facebook, the default visibility settings of profile information has changed dramatically between 2005 and 2014. (For the 2005 to 2010 period, see Matt McKeon’s insightful graph.) Not surprisingly, historical changes in visibility defaults by Facebook have influenced how much personal information is shared.
This list of factors that affect information privacy is not exhaustive and could be expanded to include other variables, such as cultural context. The bottom line, according to Acquisti et al., is simply this: Policy approaches that rely on “empowering” or informing consumers are not enough, because they assume that people have all the mental tools to behave in their own interest. Sometimes policies may even backfire. Thus consumers need help in navigating an increasingly complex technological landscape. Behaviors that leave a personal data trail are becoming increasingly engrained in our everyday life, as evident in the growing ‘internet of things’. However, as The Economist) recently remarked, “security is the last thing on people’s minds” in this new domain. New challenges to our understanding of online privacy are almost certain to emerge.
* For a discussion of these factors and a summary of behavioral research on information privacy: Acquisti, A., Brandimarte, L., & Loewenstein G. (2015). Privacy and human behavior in the age of information. Science, 347, 509-514.