We are frequently confronted with examples and rhetoric that people’s stated privacy preferences don’t match up with what they do in practice. For example, see Adam Thierer’s recent post, where he provides thoughts from Nick Carr, Bruce Schneier, and Jim Harper, all pointing to the conclusion that:
In a nutshell, ask anyone if they care about their privacy and almost 100% of them will say, yes, absolutely. But then ask them about what they do both online and offline on a daily basis and most of them will reveal a very different set of preferences or values when it comes to what “protecting privacy” would mean in practice.
While I agree that people’s stated privacy preferences often conflict with the actions they take, both online and off, we need to be careful when we use this as evidence that they actually hold a “very different set of preferences or values.”
Primarily, I fear the majority of people simply are ignorant to the kind of privacy trade-offs they are making with much of their online activities. Some of the blame, to be sure, falls on users themselves for not keeping themselves educated on these issues. But in an age where more and more of our information, communication, and commercial activities have shifted online, the ability to fully protect our privacy is often obscured (if not hiden) by the design of the tools and interfaces we rely on.
- Facebook’s initial design of Beacon, where the defaults where to opt-into the information sharing architecture.
- Facebook’s initial launch of News Feed, where all accounts had it activated (and even when they made a change, the default settings were set at the maximum amount of information sharing)
- The complexity of managing privacy settings on Facebook.
- And so on…
The lack of knowledge, the design of tools & default settings, etc all lead to an imbalance of both knowledge and power, leading millions to disclose and share information that perhaps they wouldn’t if they had full opportunity to learn, decide, and consent to these practices.
Do people value privacy? Yes. Do their actions sometimes contradict this preference? Yes. Does that mean the initial stated preference really doesn’t apply? No, and hopefully through better design, users can become better educated and more empowered to make the privacy-protecting decisions to meet their stated preferences.