Microsoft, allies try to head off privacy protection, prefer voluntary guidelines

Voluntary guidelines, self regulation work better than real rules, study, consortium claim

Giant, powerful PR companies are not first on the source list of reporters looking for objective opinions or research about the privacy and security of consumers.

As with ad agencies, the more a PR company knows about the online activities of that target audience the easier it is to figure out what message and what medium would be most effective in reaching that audience.

So, when a customer survey or other piece of research comes in over the transom from a big PR company – like Edelman Worldwide, for example – I take it with a grain of salt.

I try not to assume that behind any public-spirited-seeming survey is an effort to promote something that's exactly the opposite of the goal it claims to support.

Hence my hesitation over the consumer-protecting tone and survey titled Privacy & Security: The New Drivers of Brand, Reputation and Action, conducted and distributed by Edelman Worldwide, the giant PR company that has been the right hand of Microsoft since time immemorial. (Executive summary PDF; Full study PDF.)

Misgivings over top-line result on privacy, vendor consortium ready to "protect" it

The survey itself provides much the same ragged picture about consumer privacy as those from analyst, vendor and consumer-protection groups in the past: 68 percent of consumers feel they've lost control of their private information; 57 percent think their security has not improved over the past five years and 85 percent want companies to which they trust their data to do more to protect it.

It's that last bit that turns out to be the whole point of the survey, at least for Edelman, Microsoft and the rest of the tech industry.

Unlike the Electronic Privacy Information Center (EPIC) and Electronic Frontier Foundation (EFF), which support regulations that would require companies to offer better protection for customer data and exploit it less, Edelman and Microsoft are pushing the idea that the same companies responsible for the shoddy state of online privacy should be trusted to create and stick to voluntary measures to protect customer data.

Under the auspices the Online Trust Alliance (OTA), a vendor consortium dedicated to creating the appearance that its members are concerned about user privacy, Edelman and Microsoft are trying to head off efforts from the White House to create privacy rules vendors can't ignore when they choose.

This morning the White House formally announced the "Consumer Privacy Bill of Rights," a blueprint designed to serve as a starting point for the development of privacy regulations whose development will be led by the Commerce Department and enforced by the Federal Trade Commission.

The case for laws protecting consumer privacy

"American consumers can’t wait any longer for clear rules of the road that ensure their personal information is safe online," the announcement quoted President Obama as saying. "For businesses to succeed online, consumers must feel secure. By following this blueprint, companies, consumer advocates and policymakers can help protect consumers and ensure the Internet remains a platform for innovation and economic growth."

In addition to the Edelman survey and its membership in the OTA, Microsoft is one of the companies cited by the White House as having agreed to comply with the Do Not Track initiative announced by the White House last year, along with Google, Yahoo and AOL.

Together the four make up 90 percent of the market for behavioral online advertising – the type most dependent on behavioral profiles of individual consumers, according to the White House.

Though the reasoning they use to back up their case for self regulation, neither Edelman nor Microsoft's interest in privacy is public spirited or philanthropic.

Can self-interest drive vendors to respect consumer privacy rights?

"Edelman’s study indicates that data security and privacy issues have the potential to affect a businesses’ bottom line," according to a blog entry accompanying the Edelman survey by Pete Pedersen, global chair, technology for Edelman's Data Security & Privacy group."Customers are taking data security and privacy into account at the checkout counter; surprisingly, when it comes to smartphones, personal computers and tablet computers, data security and privacy are as important to them as a product’s design, style and size."

When privacy and security become decision points in the buying process, vendors take notice.

Theoretically at least, the chance that a company will lose sales due to invasive privacy practices should trump the potential benefit of using private data to advertise for more customers.

A customer in the hand is worth a lot more than a prospect who has yet to be lured into the sales process – at least for companies like Microsoft that sell actual products, rather than those like Google and Yahoo that sell customers and information about them to advertisers.

"Consumers will abandon companies they do not trust to protect their personal information," Pedersen wrote. "[Companies that are] able to manage data security and privacy effectively will bring unexpected value to consumers by demonstrating that they understand the importance of protecting the information people hold most valuable."


That's not a newly discovered principle. It's among the more obvious to either vendors or customers using online services and has been among the most contentious consumer-protection issues of the past decade.



  • companies know their customers place a high value privacy and security;
  • that customers resent any effort to exploit or manipulate them using data they prefer not to supply;
  • vendors with a reputation for protecting customers benefit because customers are drawn to them
  • 46 percent of consumers have left or avoided companies that suffered a data breach ;
  • and between 75 percent and 80 percent of customers would prefer to leave an online service company if their personal data was accessed without their permission, according to the Edelman study…


Savvy companies must have shifted en masse toward policies that protect the privacy and loyalty of customers rather than risk losing them.


  • "A majority of people (57%) report either no change or a decline in the security of their personal information in the last five years," Pedersen wrote about the results.
  • "While 92% of people say security is important to them in when doing business with the financial sectors, just 69% trust the industry to protect their personal information – trust lags by 23 points."
  • "In online retail…while security is important to 84% of those doing business with online retailers, just 33% trust them to protect personal information – a 51 point gap."


So either…

  • … the connection between profits and privacy isn't as obvious to decision-makers at online service companies as it is to those reading customer surveys;
  • or customers aren't as likely as the survey implies to abandon vendors that abuse their privacy;
  • or companies figure the cost of being known as a weasel is less important than the benefit of chasing every scrap of inappropriate information on customers like an obsessive/compulsive spy in a secret-document warehouse.


So the Edelman study – like studies from EFF, EPIC and any number of other analyst, vendor or consulting companies who have studied consumer attitudes toward privacy in the past – found that most consumers are mad about abuses of their personal data, but aren't willing enough to change their buying habits to persuade most online companies to shape up the way they treat private information.

In fact, new, more intrusive policies from Google, Twitter and others make it looks as if even members of the OTA have decided it's easier to gloss over privacy issues by giving customers minimal control over some aspects of their private data than to give up the look into customers' souls they get from gathering and exploiting every bit of it they can get.

So…while the timing of the Edelman study makes clear once again how critical customers are of the way vendors handle their private information, neither Edelman, Microsoft or any of the other members of the OTA appear to want to use the information to reform themselves.

Instead they are presenting the survey and the talkfests sponsored by the OTA as evidence the industry is making great strides toward self-regulation – appealing to the better natures of their members to benefit themselves by doing good for their customers.

"With the recent news of the data collection and tracking missteps, now is the time for businesses to make privacy and data protection a priority," according to Craig Spiezle, executive director and president of the Online Trust Alliance.

The real priority held by Spiezle and the OTA are clear from the last part of that sentence: "…make privacy and data protection a priority or face legislation which can stifle innovation and commerce."

That doesn't necessarily mean the OTA isn't concerned about consumer privacy and security for reasons that are public-spirited and ethically sound.

They could very well simply respect their customers' rights as individuals and have found the determination to do well by them.

It's much more likely they're waving the Privacy banner like a flag of truce so they can walk the battlefield safely in what look like an effort to bury the fallen and tend to the wounded when, in fact, it's much more likely they're only there to rob the dead.

If self regulation worked, there would be no diet or self-help industries (or, possibly, a recession)

Self regulation? The way the financial industry self-regulated before the financial scandals and meltdowns that crashed the U.S. and world economies, pulled the rug out from under the real estate market that made up the bulk of the wealth of most Americans and then begged for subsidies to avoid going bankrupt rather than accepting indictments so those responsible for gross violations could be sent to jail?

Yes, that's exactly the kind of self regulation that technology product and service companies would endorse. Not follow, just endorse, as a way to argue that they're already on the way to a utopian balance of commerce and privacy to avoid having to accept actual regulations and laws that would force them to behave in ways they pretend to admire.

I hate to be cynical about the intentions of players in the technology business. I try to give them the benefit of the doubt when there's any doubt to be found.

In this case – in the whole issue about whether vendors or individuals should control the private information of customers – vendors consistently ride with the invaders of privacy, not those making an effort to protect it.

Skip the OTA conferences and press releases and expressions of concern over the sorry state of privacy and commerce on the Internet.

It's right; privacy in commerce is in so sorry a state it has almost ceased to exist. The OTA and its allies are not the source of salvation for consumer privacy, however.

They're the ones that destroyed it in the first place.

Read more of Kevin Fogarty's CoreIT blog and follow the latest IT news at ITworld. Follow Kevin on Twitter at @KevinFogarty. For the latest IT news, analysis and how-tos, follow ITworld on Twitter and Facebook.

ITWorld DealPost: The best in tech deals and discounts.
Shop Tech Products at Amazon