privacy as a competitive advantage - sören preibusch€—on privacy policy: 7 / 45 promoting...
TRANSCRIPT
Sören Preibusch
Privacy as a Competitive AdvantageSören Preibusch
PVNets Workshop St Andrews 4th August 2009
Sören Preibusch
1
2
3
4
Agenda
2
Design and Impact
Examples and Case Studies
Challenges and Perspectives
Privacy Policy Negotiations
Sören Preibusch
Mismatch in corporate and regulatory practice
Privacy policy paradigms:
take it or leave it
one size fits all
Customers’ privacy preferences:
dynamic
diverse
7
Sören Preibusch
Static privacy policies entail costs.
6% 29% 36% 29%
provide cancel cancel and switch lie
8
N = 72, 2008
opportunity costs toxic data
Sören Preibusch
Lost in transaction
2 in 3 offliners do not go online because of privacy concerns
1 in 3 onliners would buy more if not worried about privacy
1 in 4 onliners had abandoned shopping cart due to privacy
9
Teltzrow & Kobsa, 2004
Sören Preibusch
Balancing between optional and mandatory fields.
10
no fields all fields
mandatory
provided
legalminimum
practicableminimum
Sören Preibusch
Willingness to pay
Grossklags & Acquisti:
When 25 Cents is too much:An Experiment on Willingness-To-Sell andWillingness-To-Protect Personal Information,
WEIS 2007
12
Sören Preibusch
Willingness to pay – revisited
The Pirate Bay, April 2009:
IPREDator: 5 Euro / month for file sharing withoutIP address recording
113,000 pre-registrations within 2 weeks
13
Sören Preibusch
Privacy through choice of service alternatives
14
price
privacy
FastMail.fm
newsletters
Yahoo!Mail
FastMail.fm
Sören Preibusch
Rewards for email address: €5 / 20% discount
15
boc24.de, hm.com
Sign up and rake in the cash
€5 / email address
€10 p.a. / date of birth
Sören Preibusch
“Privacy vs. Personalisation”
16
price
privacy
FastMail.fm
newsletters
Yahoo!Mail
FastMail.fm
product
GoogleMail
Sören Preibusch
Take-home message 1
17
Privacy negotiations make data protection part of the marketing mix.
Sören Preibusch
In Privacy Negotiations ...
19
consumers and service providersestablish, maintain, and refineprivacy policies as individualised agreementsthrough the ongoing choice amongst service alternatives.
Preibusch, 2009
Sören Preibusch
1
2
3
4
Agenda
20
Design and Impact
Examples and Case Studies
Challenges and Perspectives
Privacy Policy Negotiations
Sören Preibusch
Timing of data collection
Pre-emptive
Contextual
Triggered
Deferred
Optional
21
Preibusch, 2009
d f
d ff
df
f fd
d
f2
f1
Sören Preibusch
Balloons generate higher data revelation ratios.
32
N = 72
sx
em
bd
sx+em
sx+bd
em+bd
sx+em+bd
balloonsex
balloonbirthday
balloonemail
treatment T1 / T2
0
31
0
1
2
0
0
1
1
23
0
0
7
0
5
0
0idealised time
no balloons with balloons
75%
92%
Sören Preibusch
In incentivised privacy negotiations ...
33
transaction partners may additionallybundle the personal informationcollection and processing schemes withmonetary or non-monetary rewards.
Preibusch, 2009
Sören Preibusch
Privacy negotiations pay off.
34
N = 72 / 44 / 12
100% higher transaction completion rate
24% lower price sensitivity
17% higher average order value
Sören Preibusch
Take-home message 2
35
Well-designed privacy negotiations yield a positive business impact.
Sören Preibusch
1
2
3
4
Agenda
37
Design and Impact
Examples and Case Studies
Challenges and Perspectives
Privacy Policy Negotiations
Sören Preibusch
Methodology and Scope
40
Survey of N=45 popular social networking sites‗ Snapshot as of February 2009‗ http://preibusch.de/publ/privacy_jungle/
250+ criteria evaluated for each site‗ General Site Characteristics‗ Privacy Claims‗ Privacy Controls‗ Privacy Policies
Imputed scores for privacy and functionality
Sören Preibusch
The bigger, the better
Privacy score increases with
‗ Alexa rank (p = 0.02)
‗ user count (p = 0.04)
‗ age of site (p = 0.07)
P3P deployment more often on large sites (p = 0.08)
42
Sören Preibusch 43
Privacy is Functionality, too
Kaioo Facebook
More functionality: better privacy controls (p < 0.01)
Niche sites: worse privacy controls (p = 0.03)
Sören Preibusch
Self-Promotion in Privacy Policies
Badoo’s privacy score: 0.23 (lowest in sample)
Sites promoting privacy have less favourable practices (p = 0.11).
47
At Badoo your privacy is of paramount importance. As the custodians of your personal information, we have developed this policy to ensure that your privacy is alwaysprotected while you are using the Badoo network.
Sören Preibusch
Act good and don’t make it known!
The Privacy Communication Game:
‗ avoid privacy awareness
‗ address existing privacy concerns
The Strategy:
‗ hide any privacy notices from mainstream users
‗ convince users who bother looking it up
‗ dissimulate concerns, avoid criticism, discourage critics
48
Sören Preibusch
Playing the Privacy Communication Game
Privacy seals:
‗ on main pages: 0 / 45
‗ on privacy policy: 7 / 45
Promoting privacy :
‗ on main page: 4 + 3 / 45
‗ on privacy policy: 34 / 45
49
Sören Preibusch
Just do it.
50
N = 45 social networking sites worldwide; p=0.08; p=0.10
Doing well on privacy pays off.
Mentioning it doesn’t.
Sören Preibusch
Friendship links are a double-edged sword.
Unilateral settings and the curse of enforced symmetry:
Socio-topological information is difficult to hide.
exposure ratio: 68% hiders have at least one friend
inference ratio: 97% of all friends inferable
57
N = 1,900 out of 120,000 users who hide their friends
A B
Sören Preibusch
Privacy choices on mobile devices
59
Preibusch, Beresford: Establishing Distributed Hidden Friendship Relations, SPW 2009
Sören Preibusch
Protocol engineering
62
Preibusch, Beresford: Establishing Distributed Hidden Friendship Relations, SPW 2009
Sören Preibusch
1
2
3
4
Agenda
63
Design and Impact
Examples and Case Studies
Challenges and Perspectives
Privacy Policy Negotiations
Sören Preibusch
Take-home message 4
64
Privacy negotiations require engineering.
incentive schemes
user interfaces
downstream data processes
Sören Preibusch
Thank you very much.
Questions and comments
are welcome and highly appreciated.
66
[email protected] – http://preibusch.de/