You might think that as we grow increasingly concerned about the way our personal information is used online, we are choosing to turn away from those that infringe on our privacy. However, sites that adopt the most intrusive policies when it comes to user information continue to be the most successful.
Our research, published in the academic journal Telecommunication Policy, shows that the more intrusive a website’s approach, the more traffic it enjoys. In European legislation, privacy is considered a fundamental right. This is enshrined in a 1995 EU directive that assured individual protection related to the processing and free movement of personal data.
There is an ongoing debate about how this directive should be reformed to fit with the changed world we live in but there has been limited work so far on whether allowing websites to self-regulate is a viable option or whether the rules need to be dictated from the top down. The results of our work would suggest that the latter may well be the most appropriate.
We constructed an original dataset containing information about the digital business models of the top ranked websites in France, collected by Alexa top sites ranking. This included Google, Facebook, Amazon, Le Monde and Le Figaro.
The aim was to look at whether firms are interested in respecting their customers’ private information or if, in doing so, they might lose visitors. Websites differ in their approaches to gathering information about users. Some gather data through cookies and others ask visitors to subscribe to services. Some take a name, some take an email address and others take a full postal address. We found a very strong correlation between the intrusiveness of privacy measures such as these and web audience.
Previous work shows that individuals have a certain level of tolerance of intrusive advertising when they visit an e-commerce website, because they perceive personalised advertising as providing information. Users now provide a huge amount of information about themselves, their families and their colleagues when they use websites and are rewarded with location-based services and personalised content as a result. When we sign up for these services, we value instant gratification over our longer-term privacy and companies are benefiting from this trade off while users may not be getting [such a good deal](individual user’s privacy](http://www.oecd.org/dataoecd/8/51/46968784.pdf).
The truth remains that the more intrusive the site, the better able it is to customise its offer and to attract and retain its audience. Firms do not come up against significant opposition to using this data and it brings economic returns. They therefore have a strong incentive to provide a personalised service in order to increase the attractiveness of their websites.
This makes it less likely that the businesses themselves will take the initiative to protect user privacy. Why give up profitable activity if you don’t have to? Policymakers and regulators should acknowledge this and take action to inform consumers about the possible risks associated with the disclosure of their private information when they use websites.
From a regulatory perspective, this might mean looking carefully at the business models these websites have in place to find out more about the relationship between gathering information on users and generating profit, such as through advertising.
Consumers are wiser these days about their personal data being gathered but that does not necessarily equate to a desire to take action against it from happening - especially if the trade-off is a loss of access to email or online shopping.