You may not have read the New York Times Privacy Project yet, but if not, now is the time to do so. They have begun a series on the nature of tracking individuals via cellphones, armed with a treasure trove of over 50 billion pings on 12 million phones. The results are dramatic, showing just how easy it is to identify a single person with location data, even when those person is a high ranking Pentagon official, a celebrity, or someone just like you. The report is thorough and detailed, if a bit breathless, about the pervasiveness of tracking technology and surveillance.
The problem is that it probably isn’t going to change anyone’s mind.
An Embedded System
The problem, as we see it, is that our data hoarding culture is fueled by perverse incentives: we think we need and want highly-detailed, extremely precise data about individuals and what they do, so much so that we are willing to pay dearly. Consider the data points set out in the Privacy Project report. Collecting, storing, and analyzing each of those 50 billion pings carries a cost, both in terms of resources, personnel, and risk of regulatory crisis (either a breach or a change in the law). Why would companies like Four Square amass these datasets and bear those costs unless there was a market for resale? And why would anyone pay for the data or for the insights they generate unless there was a promise of profit?
The tempting answer to those questions is a table thumping “privacy is not for sale!”
But it obviously is, because…you know, they’re selling it. So you might say that we could come up with a legislative solution like GDPR or CCPA. True, but wholesale data tracking has not halted in the 18 months since GDPR became effective, and the original drafters of CCPA are so concerned that the law will continue to be watered down that they already have a new, more stringent privacy law set before California voters for the fall. The reality is that legislative solutions, unless extremely targeted, are going to be riven with the kind of exceptions that swallow rules whole, particularly in areas like technology and tracking. Can you imagine Mark Zuckerberg explaining how Facebook plans to strip out tracking tools from third party SDKs in a Senate hearing? The legislative options are as limited as the legislators’ interest in the subject matter (with notable exceptions).
So what about the prospect of self-regulation by businesses themselves? Couldn’t that create the kind of robust protections for consumers and ethical frameworks that give meaning to company pledges to “respect your privacy?”
Self-regulation is where we are now, and no one seems happy with it. The problem with these kinds of frameworks (like the IAB’s Code of Conduct) is that they’re little more than a statement of what would be nice. Lawyers call this kind of thing “precatory language” which is how lawyers make the word “unenforceable” into something expensive. Even the companies that do try to respect user privacy can’t punish offenders for violations, and there is certainly no incentive for pushing for that kind of enforcement. Nobody likes a tattle tale.
Does it Have to Be This Way?
It would appear that we’ve shot down every potential option for how to address concerns about tracking — are we simply stuck with the status quo? The honest answer is that it is probably going to stay the same or even get a little worse before it gets better. The solution, though, is one that comes in two parts, and we think both of them will come to pass in time.
The first change is the most important: the recognition that hyper-specific tracking is actually not a good investment of time or resources. Obviously, treating customers like they’re in the panopticon is disrespectful and reductive. It literally turns customers into numbers and contributes to the unhealthy, “depersonalized” approach to working with data. But more than this, it really doesn’t work all that well. Marketing departments love it, of course, because it gives them tools to dissect and segment markets. But ask yourself, when was the last time you clicked on an ad online? Ever? Anywhere? These aren’t the kind of questions CMOs like to hear.
Okay, you might suggest, what about when I get those very specific ads in my Instagram stream? Those are sometimes useful or valuable and I sometimes click on them. That’s fine — they don’t need, at all, to be based on your location, because they’re often based on the preexisting segmentation and analysis about you from your interests. If you follow thirty eco-tourism accounts, like photos of the Maldives and Bali, and enter Lonely Planet contests, it’s probably a decent idea to serve ads about deals on flights or hotels.
Is it necessary to track location to get that information? No. Would it be even better to deliver an ad that provides a link to flights from the user’s present location to a preferred destination? Not necessarily: in fact, this is one of those times that the misplaced assumptions about targeting show up. No one who lives in Dallas is going to click an ad for flights from New York to Shanghai just because they happen to be in New York right this minute. These assumptions are everywhere in targeted and tracking-based ads, and they’re part of the reason dissatisfaction with ads (and, correlatively, use of adblocking software) is at an all-time high.
This is where concepts like contextual targeting (ads relevant to the subject matter of a site) or verified answers demonstrate their value. The reality is that, for most companies, it’s not particularly helpful to know what Customer Jane Doe is doing at any particular moment, despite all of the talk about the “Marketing Holy Grail” of delivering the exact right ad to the exact right person at the exact right time. Frankly, we doubt anything of the sort is possible, but we’re certain that getting the timing right is a fool’s errand: if it were possible, you wouldn’t continue getting ads for new cars eight months after your friend borrowed your phone to show you the car he wanted to buy.
The idea is that you want to know what your customers want, not what an individual wants, because understanding the people who want and use your product/service/incredibly blocky looking truck is more about trends and intentionality than precise location. Over time, we predict that the shift towards this kind of marketing and audience identification will actually tilt the balance away from creepy tracking and nonstop surveillance. The process may already have begun in earnest, as Forrester reports a major swing away from outsourcing data to third parties in favor of bringing it inside the company. But it will take time, unless there is another force at work.
The Other Force
That kind of pressure may, in fact, finally come from the public, but in a way that’s hard to predict. We come back to the Privacy Project’s report and our prediction that it will not spur people to action. Our thinking on that point is pretty clear: the Times has already published an earlier, highly dramatic article about tracking, and things have continued apace. This is simply another part of a long-running saga about the nature of privacy in a society as monitored as our own.
But societies are mutable things, driven to change by factors that are hard to pin down and even harder to trace. At some point, we believe public opinion in the United States will shift from the so-called “privacy paradox” to real concern, and with sufficient force to become politically powerful. It’s a little bit like the person who holds in their frustrations or anger over a long period and then absolutely erupts over what, in context, seems small. Inevitably they say something like “You know what? I don’t know why, but that’s it!” and engage in a little tuna sandwich smashing. We can’t predict how and when it will happen, but we imagine that something along those lines will develop in the United States, as it has for many other phenomena. Public demand for privacy protections will become a powerful force for change, and rapid change at that, arrayed against tracking that doesn’t even serve the purposes it uses to justify itself. When that happens, which side will we find you on?