Table of Contents
- Executive Summary
- Introduction
- Behavioral Advertising, Which Encourages Extensive Data Collection, Is One of the Most Dominant Online Business Models
- The Behavioral Advertising Business Model Can Harm Individuals
- Legislation Could Promote Privacy-Protective Business Models
- Concerns Remain over the Potential to Harm Innovation through Overly-Prescriptive Legislation
- It Is Unclear Whether Preventing Online Companies from Charging a Higher Price to Protect Privacy Is Beneficial Overall
- Conclusion
The Behavioral Advertising Business Model Can Harm Individuals
Though the behavioral advertising business model may provide some benefits to consumers, it is a myth that the ad-supported products and services are entirely “free”—users pay by giving up their privacy and submitting themselves to potential privacy harm. As Maréchal said, “The cornerstone of this business model is non-consensual data collection at a massive scale. That, in and of itself, is a privacy violation, and it’s really a testament to how embedded these business models are into our society, and how readily we’ve accepted Silicon Valley’s narrative that many people don’t see that as a harm.”1 And as Rejouis pointed out, “the exchange isn’t mutual. [Companies are using] algorithms [to collect] data in undetected ways,” using proxies to infer information about users that they do not directly provide companies.2 Gray added that the large tech companies
need that data more for their current business models than they need to show you the ad. Because … [that] data is then used to maybe not show you an ad, but to show so many millions of other people an ad, and every pipeline they can get to feed into the big data machine that helps them determine what is going to be the most manipulative content to show you so that you click on the ad.3
Thus, the true price of these services is exposure to increased privacy risks.
The behavioral advertising business model contributes to a number of additional harms. First, any collected data is vulnerable to breaches if the company stores it, and as mentioned above, companies often collect a lot of data even when it is not necessary. One Gartner executive disclosed that over 70 percent of data collected and retained by companies remains “dark,” or unused, but nonetheless is kept for the possibility that they might eventually be able to monetize it.4 The data that companies collect can be stolen, and these breaches can lead to significant consumer harms, particularly if the data is financial or health related.5
Second, the non-consensual, secondary use of data for purposes beyond those for which it was collected can harm users. While OTI’s prior panel on civil rights and privacy addressed secondary use of data with regard to discrimination,6 it remains an issue in other areas as well, including when companies sell data to data brokers, which then sell it to other organizations that use that data to inform decisions about employment or credit. For instance, in Spokeo, Inc. v. Robins, plaintiff Thomas Robins argued that his employment prospects had been harmed by data broker Spokeo’s listing of factually inaccurate information. Spokeo’s database misrepresented Robins by stating that he “was in his 50s, … married, … employed in a professional or technical field, and … has children” and “that he has a graduate degree, that his economic health is ‘Very Strong[,]’ and that his wealth level [is in] the ‘Top 10%.’”7 This inaccurate data made Robins seem “overqualified for jobs he might have gained, expectant of a higher salary than employers would be willing to pay, and less mobile because of family responsibilities.”8 Any potential employer consulting the Spokeo database on Robins would have had incorrect information about him, which could have led the potential employer to unfairly reject his application. Thus, by encouraging vast data collection (whether accurate or not), the behavioral advertising business model creates further risks of unanticipated and potentially harmful secondary uses.
Third, even the appearance of companies tracking and following users around the internet can be viewed as harmful. In fact, “[a] wide variety of studies show that people find online ads intrusive, [and] annoying. … These unsolicited, even somewhat aggressive (and occasionally offensive) ads are unwanted interruptions.”9 Other surveys have shown that people find behavioral advertising “too aggressive” and “creepy.”10 Consumers may even be more likely to engage with ads if the advertiser is not using “creepy” tactics.11 These descriptors show that users experience a privacy harm even if they cannot identify it with precision. Much like in the physical world, consumers want and expect a certain amount of privacy, yet behavioral advertising violates those expectations.
Citations
- Natasha Duarte, Megan Gray, Keir Lamont, Nathalie Maréchal, Gabrielle Rejouis, and Lee Tien, “Paying for Our Privacy,” (Panel, Washington, DC, July 16, 2019), source.
- “Paying for Our Privacy,” (Panel, Washington, DC, July 16, 2019).
- “Paying for Our Privacy,” (Panel, Washington, DC, July 16, 2019).
- Allen St. John, “Stopping the Data Breach Epidemic,” Consumer Reports, December 21, 2018, source.
- For one example of the extent to which consumers can be harmed financially by data breaches, see the recent Federal Trade Commission (FTC) settlement with Equifax over a significant data breach, in which the FTC required Equifax to pay out a maximum of $20,000 per person for damages related to unauthorized charges on an account, fees incurred as a result of the breach, and time spent dealing with breach-related issues, among other things. “Equifax Data Breach Settlement,” Federal Trade Commission, July 2019, source.
- Becky Chao, Eric Null, Brandi Collins-Dexter, and Claire Park, Centering Civil Rights in the Privacy Debate, (Washington, DC: New America, 2019), source.
- Spokeo v. Robins, 578 U.S. ___ (2015), Case No. 13-1339 slip op., dissent (Ginsburg, J.) at 1-2.
- Spokeo v. Robins, 578 U.S. ___ (2015), Case No. 13-1339 slip op., dissent (Ginsburg, J.) at 1-2.
- Tim Fisher, “Online Ads: Why They Follow You Around the Web,” Lifewire, July 22, 2019, source.
- Ross Benes, “Five Charts: Why Users Are Fed Up with Digital Ads,” eMarketer, October 16, 2018, source.
- Louise Matsakis, “Online Ad Targeting Does Work–As Long As It’s Not Creepy,” Wired, May 11, 2018, source.