Many people in the United States would like to control the information that companies can learn about them online. Yet when presented with a series of true-or-false questions about how digital devices and services track users, most Americans struggled to answer them, according to a report published on Tuesday by the Annenberg School for Communication at the University of Pennsylvania.
The report analyzed the results of a data privacy survey that included more than 2,000 adults in the United States. Very few of the respondents said they trusted the way online services handled their personal data.
The survey also tested people’s knowledge about how apps, websites and digital devices may amass and disclose information about people’s health, TV-viewing habits and doorbell camera videos. Although many understood how companies can track their emails and website visits, a majority seemed unaware that there are only limited federal protections for the kinds of personal data that online services can collect about consumers.
Seventy-seven percent of the participants got nine or fewer of the 17 true-or-false questions right, amounting to an F grade, the report said. Only one person received an A grade, for correctly answering 16 of the questions. No one answered all of them correctly.
Americans struggle to answer questions about online tracking practices and privacy policies
Researchers at the Annenberg School for Communication at the University of Pennsylvania asked 2,014 people in the United States a series of true-false statements. The correct answers are in bold.
Most people correctly understood some of the ways companies can track their activities online …
… but often misunderstood the limited role the federal government plays in regulating online tracking practices.
The survey results expose a stark knowledge gap among Americans as the Federal Trade Commission is poised to curb online consumer tracking by companies — or, as regulators have termed it, “commercial surveillance.” And the report could bolster regulators’ agenda as it highlights weaknesses in a framework that has for decades served as the basis for online privacy regulation in the United States.
That longstanding approach is known as “notice and consent.” It generally allows online services to freely collect, use, retain, share and sell a wealth of details about individual consumers — as long as the companies first notify users about their data practices and obtain users’ consent.
The report adds to a growing body of research suggesting that the notice-and-consent approach has become obsolete. Researchers and regulators say apps and sites often use long and sometimes unintelligible privacy policies to nudge people into agreeing to tracking practices that they may not understand. These critics say the “notice and consent” practices for online services may preclude informed consent.
Genuine “consent requires that people have knowledge about commercial data-extraction practices as well as a belief they can do something about them,” the Annenberg School report said. “Americans have neither.”
Seventy-nine percent of survey respondents said they had “little control over what marketers” could learn about them online, while 73 percent said they did not have “the time to keep up with ways to control the information that companies” had about them.
“The big takeaway here is that consent is broken, totally broken,” Joseph Turow, a media studies professor at the University of Pennsylvania who was the lead author of the report, said in an interview. “The overarching idea that consent, either implicit or explicit, is the solution to this sea of data gathering is totally misguided — and that’s the bottom line.”
Some prominent regulators agree.
“When faced with technologies that are increasingly critical for navigating modern life, users often lack a real set of alternatives and cannot reasonably forgo using these tools,” Lina M. Khan, the chair of the Federal Trade Commission, said in a speech last year.
In the talk, Ms. Khan proposed a “type of new paradigm” that could impose “substantive limits” on consumer tracking.
Leigh Freund, the chief executive of the Network Advertising Initiative, a digital ad industry group, said that while the “notice and consent” approach was “outdated in its application in many regards,” it could still be a helpful tool “in conjunction with reasonable limits on data collection and use, particularly with respect to sensitive data.”
She added that her trade group supported a current effort in Congress to pass a comprehensive federal consumer privacy law that would put meaningful limits on data use “while protecting the benefits of data-driven advertising for consumers, small businesses and the economy.”
Americans want control of their data, but don’t trust companies with it
Researchers at the Annenberg School for Communication at the University of Pennsylvania asked 2,014 people in the United States about their feelings toward control of their personal data and the privacy trade-offs consumers face online.
The survey results challenge a data-for-services trade-off argument that the tech industry has long used to justify consumer tracking and to forestall government limits on it: Consumers may freely use a host of convenient digital tools — as long as they agree to allow apps, sites, ad technology and marketing analytics firms to track their online activities and employ their personal information.
But the new report suggests that many Americans aren’t buying into the industry bargain.
Sixty-eight percent of respondents said they didn’t think it was fair that a store could monitor their online activity if they logged into the retailer’s Wi-Fi. And 61 percent indicated they thought it was unacceptable for a store to use their personal information to improve the services they received from the store.
Only a small minority — 18 percent — said they did not care what companies learned about them online.