Privacy in the Era of Big Data: A Q&A with Professor Joseph Turow

Talking to Professor Joseph Turow about privacy and data security is never a vastly reassuring experience—but always an illuminating one.

After all, by most estimates, very little about our digital lives is private, from the emails mined by Google to serve up targeted ads, to the profile retailers build of us every time we swipe our credit cards, to the location data given out by many of our devices.

In a report last summer, “The Tradeoff Fallacy: How Marketers are Misrepresenting American Consumers and Opening Them Up to Exploitation,” Turow and colleagues Michael Hennessey and Nora Draper (Gr’14) present national survey data to argue that Americans are unhappy about giving up their personal data to marketers, but also resigned to the inevitability of it.

Last month, Turow was an invited speaker at PrivacyCon, the Federal Trade Commission’s first-ever competitive-paper summit for researchers, academics, industry reps, government regulators, and others to discuss the latest research and trends in consumer privacy and data security.

Turow’s forthcoming book, The Aisles Have Eyes: How Retailers Track Your Shopping, Strip Your Privacy, and Define Your Power, will be published by Yale University Press this fall.

With those experiences in mind, we asked Turow about the state of privacy in the digital marketplace and what lies ahead.

What is the “privacy paradox?”
 

The vast majority of Americans say they hate marketers taking their personal data, but the seeming paradox is that their actions say otherwise: Those same people regularly give up their data for coupons and other small things.

Marketers unpack the paradox by saying that while in the abstract, people don’t like giving up their data, they do find that the value of what they get in exchange is worth it.

But what our research shows is that Americans don’t feel giving up personal information is worth the benefits — they simply feel powerless to do anything about it. “I have to live my life, so I’m going to give up my information to do it.”

Is it purely an issue in the commercial sphere?
 

Data are valuable for any kind of marketing, including political. I’ve been reading the privacy policy of the Democratic National Committee, and it’s just as bad as the worst privacy policy in the commercial sphere.

They say they can share a user’s personal information “with candidates, organizations, groups, or causes that we believe have similar political viewpoints, principles, or objectives.” That’s extremely vague. And how do they use the information? Among the many ways is “for any other purpose for which the information is collected.” Which literally means anything.

Most people don’t even get to the point of reading these things. If they did, they’d either say “I’m going to sit in my chair and never do anything online” or they’d do what most people do — shrug and figure that agreeing to it won’t cause imminent harm, so they might as well tick the “I agree” box and go ahead.

Has your research changed your own online behavior?
 

I am cautious about going to certain apps and sites, and I sometimes use ad blockers, but I have a sense of resignation too. There are so many ways to track you that one or another countermeasure isn’t likely to work.

Apart from the direct tracking that sites like Google and Facebook do, marketers who may not have you personally identified can still do something called “probabilistic tracking.” Statistically, very few people have their devices set in the exact same way. Companies can therefore use heavy-duty computers to follow you persistently based on the features of your device—your desktop, say, or your mobile phone.

Then, based on the proximity of the devices in time and space, they can infer that you are the same person who owns several specific devices. So as you move from your tablet at home to your phone to your work computer, companies can map these patterns. In many cases they can link at least one of the devices to your name. In that case they know even more about you and your movements. All this is perfectly legal in the U.S. at present.

Most people know, or at least have a sense, that marketers have lots and lots of information about us. Apart from overt security breaches, why should that concern us?
 

We’re moving into a new era with the amount of data being collected about us, and we’re only at the beginning. To make sense of this, it helps to take an historical perspective.

As I show in my new book, until the mid-19th century retail prices in America were totally opaque. Peddlers and shopkeepers knew their customers, developed relationships with them, and charged what they thought they could get away with.

For a variety of reasons that changed drastically. From the late 19th century until around the end of the 20th century, the U.S. developed a democratized ideology around the marketplace. Stores posted prices—often by law—and the idea was that as long as you had the money, you could see and buy anything.

I argue that this democratized ideology of the marketplace is fading dramatically, largely because of the ways marketers are using new forms of data and technology.

We’re moving into a world where information about the individual is driving the retailing and marketing train. We’re going back to a situation not unlike pre-1850 where the way people are treated, the ads they see, the prices they get, even the products they see will be different based on the profiles marketers have about the individual shopper.

There will be winners and losers in that system, and it may be hard to know which camp you’re in. Certain people with favorable marketing profiles– for example people with money or who are in a desirable demographic – are treated better than those marketers deem less valuable. (In this world of segmentation, people not part of the target audience are literally called “waste.”) As we get older, we’re less interesting to marketers, and so today’s winner could be tomorrow’s loser.

Isn’t there an argument to be made that we’re all losers in such a system?
 

Sure. There is something about our ability to control our personal information that is being lost in this whole set of transactions. Wherever you’re treated well or not, you’re giving up your ability to define yourself. That’s a really important right we should have. That and the information respect that comes along with it make up the first issue of concern.

Beyond that, there’s the issue of discrimination and prejudice. Discrimination in a very literal sense takes place when marketers examine data and sort differences between men and women, people of different ages, people of different ethnic and geographic groups. Inevitably, some of those discriminations become prejudicial, particularly among groups and individuals marketers don’t deem as important as others. For example, some stores will give certain people better discounts than others because of the data they have about them.

We have no idea what profile companies have about us. It’s going to happen more and more that we’re in the dark about the kinds of data are being tracked and how that affects us.

So what can “We the Resigned” do about this?
 

Part of the problem is that while government officials say they are interested in respecting the public desire for privacy, they also believe they have to allow the market to proceed in a way that will keep major US data-collecting firms such as Google and Facebook thriving.

It’s a tough needle to thread. Making it even tougher is that politicians are also using data-collecting technologies in their own election campaigns. So there are conflicting currents. The environment is highly political and charged.

That doesn’t at all mean we should stop insisting on the public’s right to information respect and openness. We as individuals should tell stores and other marketers that we want to be able to limit the data they have about us and also to know exactly how they will use the information.

We have to support advocacy organizations that work hard to try to make data-gathering more transparent and less intrusive. We should also make our views known at the FTC, and the FCC (which because of a change of regulation is now going to be more involved).

We are just at the beginning of this era of personal data use by marketers. It will raise increasingly important questions about how people navigate their reputation, status, and the possibility of success based on profiles companies have about us — information that is almost impossible for us to access.

The dilemmas will face our children and grandchildren even more than us. The first step to doing something about it is to understand in detail what is taking place, to the extent we can. The next step is to express anger and demand change.