Sören Preibusch

Privacy as a Competitive AdvantageSören Preibusch

PVNets Workshop St Andrews 4th August 2009

Sören Preibusch

1

2

3

4

Agenda

2

Design and Impact

Examples and Case Studies

Challenges and Perspectives

Privacy Policy Negotiations

Sören Preibusch

Static privacy policies ...

3

Sören Preibusch

... do not serve customers optimally.

4

Sören Preibusch

Static privacy policies ...

5

Sören Preibusch

... are widespread.

6

Sören Preibusch

Mismatch in corporate and regulatory practice

Privacy policy paradigms:

take it or leave it

one size fits all

Customers’ privacy preferences:

dynamic

diverse

7

Sören Preibusch

Static privacy policies entail costs.

6% 29% 36% 29%

provide cancel cancel and switch lie

8

N = 72, 2008

opportunity costs toxic data

Sören Preibusch

Lost in transaction

2 in 3 offliners do not go online because of privacy concerns

1 in 3 onliners would buy more if not worried about privacy

1 in 4 onliners had abandoned shopping cart due to privacy

9

Teltzrow & Kobsa, 2004

Sören Preibusch

Balancing between optional and mandatory fields.

10

no fields all fields

mandatory

provided

legalminimum

practicableminimum

Sören Preibusch

FastMail.FM: Privacy starting at $4.95 per year

11

Sören Preibusch

Willingness to pay

Grossklags & Acquisti:

When 25 Cents is too much:An Experiment on Willingness-To-Sell andWillingness-To-Protect Personal Information,

WEIS 2007

12

Sören Preibusch

Willingness to pay – revisited

The Pirate Bay, April 2009:

IPREDator: 5 Euro / month for file sharing withoutIP address recording

113,000 pre-registrations within 2 weeks

13

Sören Preibusch

Privacy through choice of service alternatives

14

price

privacy

FastMail.fm

newsletters

Yahoo!Mail

FastMail.fm

Sören Preibusch

Rewards for email address: €5 / 20% discount

15

boc24.de, hm.com

Sign up and rake in the cash

€5 / email address

€10 p.a. / date of birth

Sören Preibusch

“Privacy vs. Personalisation”

16

price

privacy

FastMail.fm

newsletters

Yahoo!Mail

FastMail.fm

product

GoogleMail

Sören Preibusch

Take-home message 1

17

Privacy negotiations make data protection part of the marketing mix.

Sören Preibusch

In Privacy Negotiations ...

19

consumers and service providersestablish, maintain, and refineprivacy policies as individualised agreementsthrough the ongoing choice amongst service alternatives.

Preibusch, 2009

Sören Preibusch

1

2

3

4

Agenda

20

Design and Impact

Examples and Case Studies

Challenges and Perspectives

Privacy Policy Negotiations

Sören Preibusch

Timing of data collection

Pre-emptive

Contextual

Triggered

Deferred

Optional

21

Preibusch, 2009

d f

d ff

df

f fd

d

f2

f1

Sören Preibusch

Example: pre-emptive data collection

22

tesco.com

Sören Preibusch

Example: deferred data collection

23

ebay.co.uk

Sören Preibusch

Example: contextual data collection

26

https://secure.johnlewis.com/

Sören Preibusch

Example: triggered data collection

28

2008

Sören Preibusch

Example: contextual data collection

30

2008

Sören Preibusch

Balloons generate higher data revelation ratios.

32

N = 72

sx

em

bd

sx+em

sx+bd

em+bd

sx+em+bd

balloonsex

balloonbirthday

balloonemail

treatment T1 / T2

0

31

0

1

2

0

0

1

1

23

0

0

7

0

5

0

0idealised time

no balloons with balloons

75%

92%

Sören Preibusch

In incentivised privacy negotiations ...

33

transaction partners may additionallybundle the personal informationcollection and processing schemes withmonetary or non-monetary rewards.

Preibusch, 2009

Sören Preibusch

Privacy negotiations pay off.

34

N = 72 / 44 / 12

100% higher transaction completion rate

24% lower price sensitivity

17% higher average order value

Sören Preibusch

Take-home message 2

35

Well-designed privacy negotiations yield a positive business impact.

Sören Preibusch

1

2

3

4

Agenda

37

Design and Impact

Examples and Case Studies

Challenges and Perspectives

Privacy Policy Negotiations

Sören Preibusch

The global picture

38

www.oxyweb.co.uk/blog

Sören Preibusch

Methodology and Scope

40

Survey of N=45 popular social networking sites‗ Snapshot as of February 2009‗ http://preibusch.de/publ/privacy_jungle/

250+ criteria evaluated for each site‗ General Site Characteristics‗ Privacy Claims‗ Privacy Controls‗ Privacy Policies

Imputed scores for privacy and functionality

Sören Preibusch

The bigger, the better

Privacy score increases with

‗ Alexa rank (p = 0.02)

‗ user count (p = 0.04)

‗ age of site (p = 0.07)

P3P deployment more often on large sites (p = 0.08)

42

Sören Preibusch 43

Privacy is Functionality, too

Kaioo Facebook

More functionality: better privacy controls (p < 0.01)

Niche sites: worse privacy controls (p = 0.03)

Sören Preibusch

Growth is primary

45

Badoo

Sören Preibusch

Self-Promotion in Privacy Policies

Badoo’s privacy score: 0.23 (lowest in sample)

Sites promoting privacy have less favourable practices (p = 0.11).

47

At Badoo your privacy is of paramount importance. As the custodians of your personal information, we have developed this policy to ensure that your privacy is alwaysprotected while you are using the Badoo network.

Sören Preibusch

Act good and don’t make it known!

The Privacy Communication Game:

‗ avoid privacy awareness

‗ address existing privacy concerns

The Strategy:

‗ hide any privacy notices from mainstream users

‗ convince users who bother looking it up

‗ dissimulate concerns, avoid criticism, discourage critics

48

Sören Preibusch

Playing the Privacy Communication Game

Privacy seals:

‗ on main pages: 0 / 45

‗ on privacy policy: 7 / 45

Promoting privacy :

‗ on main page: 4 + 3 / 45

‗ on privacy policy: 34 / 45

49

Sören Preibusch

Just do it.

50

N = 45 social networking sites worldwide; p=0.08; p=0.10

Doing well on privacy pays off.

Mentioning it doesn’t.

Sören Preibusch

Positive privacy of friendship relations

54

Sören Preibusch

Negative privacy of friendship relations

55

Sören Preibusch

Friendship links are a double-edged sword.

Unilateral settings and the curse of enforced symmetry:

Socio-topological information is difficult to hide.

exposure ratio: 68% hiders have at least one friend

inference ratio: 97% of all friends inferable

57

N = 1,900 out of 120,000 users who hide their friends

A B

Sören Preibusch

Privacy choices on mobile devices

59

Preibusch, Beresford: Establishing Distributed Hidden Friendship Relations, SPW 2009

Sören Preibusch

Take-home message 3

61

Privacy negotiations can be deployed subtly.

Sören Preibusch

Protocol engineering

62

Preibusch, Beresford: Establishing Distributed Hidden Friendship Relations, SPW 2009

Sören Preibusch

1

2

3

4

Agenda

63

Design and Impact

Examples and Case Studies

Challenges and Perspectives

Privacy Policy Negotiations

Sören Preibusch

Take-home message 4

64

Privacy negotiations require engineering.

incentive schemes

user interfaces

downstream data processes

Sören Preibusch

Thank you very much.

Questions and comments

are welcome and highly appreciated.

66

sdp36@cam.ac.uk – http://preibusch.de/