Why Not Privacy by Default?
74 Pages Posted: 5 Nov 2013 Last revised: 23 Aug 2014
Date Written: November 4, 2013
We live in a Track-Me world, one from which opting out is often not possible. Firms collect reams of data about all of us, quietly tracking our mobile devices, our web surfing, and our email for marketing, pricing, product development, and other purposes. Most consumers both oppose tracking and want the benefits tracking can provide. In response, policymakers have proposed that consumers be given significant control over when, how, and by whom they are tracked through a system of defaults (i.e., "Track-Me" or "Do-Not-Track") from which consumers can opt out.
The use of a default scheme is premised on three assumptions. First, that for consumers with weak or conflicted preferences, any default chosen will be "sticky," meaning that more consumers will stay in the default position than would choose it if an affirmative action were required to reach the position. Second, that those consumers with a fairly strong preference for the opt-out position — and only those consumers — will opt out. Third, that where firms oppose the default position, they will be forced to explain it in the course of trying to convince consumers to opt out, resulting in well-informed decisions by consumers.
This article demonstrates that for tracking defaults, these assumptions may not consistently hold. Past experience with the use of defaults in policymaking teaches that Track-Me defaults are likely to be too sticky, Do-Not-Track defaults are likely to be too slippery, and neither are likely to be information-forcing.
These conclusions should inform the "Do-Not-Track" policy discussions actively taking place in the U.S., in the E.U., and at the World Wide Web Consortium. They also cast doubt on the privacy and behavioral economics literatures that advocate the use of "nudges" to improve consumer decisions about privacy.
Suggested Citation: Suggested Citation