Alain Samson Ph.D.


5 Reasons We Don't Protect Our Privacy Online

What would happen if we actually read every site's privacy agreement?

Posted Oct 21, 2015

Digital Genetics/Shutterstock
Source: Digital Genetics/Shutterstock

Americans’ confidence in organizations’ ability to keep their personal information safe is at an all-time low. In the post-Snowden era, this is particularly evident in relation to interactions with the government, but it also applies to companies operating on the Internet. In a recent survey, 69% of adults said that they were not confident that records of their activity maintained by social media sites will remain private and secure. Historically, most of us have had concerns about privacy information on the Internet, yet still share personal liberally online.

This trend is termed the "privacy paradox" in the academic literature.

What is the reason for this apparent gap between our attitudes and behavior? Online privacy researcher Alessandro Acquisti and his colleagues offer a couple of possible explanations. First, there may not be a paradox at all. According to this view, we can all agree that privacy is important to us in general. Still, in particular online situations, we may decide that the benefits of disclosure outweigh the costs. Second, while we may care about privacy, we’re uncertain about privacy trade-offs and our own preferences; our behavior is influenced by situational factors, often unconsciously.

Here are 5 reasons* why we often act against our own interests by compromising our online privacy, from the perspective of behavioral science:

1. Feeling secure.

People are more likely to share personal information online when they trust the party with whom they are sharing it, or when they feel in control. Unfortunately, this may be a false sense of security, with unintended consequences. A study found that people ended up sharing about 20% more of their sensitive information when they were given a greater sense of control over how of their information would be used. Naturally, that’s not what providing control is designed to achieve. Elsewhere, 62% of survey respondents incorrectly believed that the mere existence of a privacy policy indicated that a website could not share their personal information without a user’s consent. This means that a site can make consumers feel protected by simply referring to a privacy policy.

2. Cues.

The web is full of visual and verbal signals that affect the way we think or behave, including references to the privacy policies mentioned above. Seals like TRUSTe and BBBOnline explicitly serve as cues to increase trust. And the overall design of websites also influences privacy behavior. However, while we might expect the sight of more professional-looking sites to increase the likelihood of visitors sharing their information, the opposite can be the case: One experiment found that people were more likely to disclose personal data on an unprofessional-seeming site. Why? Although we might expect greater data security from a professional-looking site, people simply feel more comfortable sharing personal information in a more casual online environment.

3. Instant gratification.

Humans can be impulsive. We tend to live in the moment and value the here and now. Did you bother to inform yourself about the retailer’s privacy policy when you ordered that pair of sneakers online last week? Most likely not—your primary concern was probably to get your order finalized. Imagine what your life would be like if you did actually read all of this information. It has been estimated that the opportunity cost for U.S. consumers taking the time to read privacy policies would be around $781 billion.

4. Other people.

When we see other people reveal their personal information we’re more likely to reveal it ourselves. An online survey entitled "Test your Ethics" asked New York Times website visitors a number of sensitive questions regarding their engagement in questionable behaviors—"Have you had sex with someone who was too drunk to know what they were doing?"; "Have you stolen anything worth more than $100?" etc. After answering each question, people were given information about the responses of other survey participants, which was manipulated to show either high or low rates of admission. When respondents were made to believe that a majority of others had admitted a questionable behavior, their willingness to disclose their own engagement in other sensitive behaviors increased by 27% on average. Other people's actions strongly influence what we do on social media, where we disclose information as a matter of reciprocity. (But there still are "silent listeners.")

5. Defaults.

Online entities can change their online choice architecture to make information disclosure more likely. The best example of this are default settings—whether or not people have to opt in or opt out of options affecting their privacy. A classic case occurs with check boxes about future email marketing that pop up when we provide our email address online. A study that tested different question framing ("DO NOT contact me..." vs. "Contact me...") and default options (Yes/No checked vs. unchecked) found that different framing and default options can double the rate of agreement to be contacted. On Facebook, the default visibility settings of profile information has changed dramatically between 2005 and 2014. (For the 2005 to 2010 period, see Matt McKeon’s insightful graph.) Not surprisingly, historical changes in visibility defaults by Facebook have influenced how much personal information is shared.

This list is not exhaustive and could be expanded to include other variables, such as cultural context. Ultimately, according to Acquisti et al., policy approaches that rely on “empowering” or informing consumers are not enough, because they assume that people have all the mental tools to behave in their own interest. And sometimes policies may backfire. Thus, consumers need help to navigate an increasingly complex technological landscape. Behaviors that leave a personal data trail are becoming increasingly engrained in our everyday life, as evident in the growing "Internet of things." However, as The Economist recently wrote, “security is the last thing on people’s minds” in this new domain.

New challenges to our understanding of online privacy are almost certain to emerge.

  • Download the free Behavioral Economics Guide 2015.
  • Follow us on Twitter @behavecondotcom
  • For a discussion of these factors and a summary of behavioral research on information privacy: Acquisti, A., Brandimarte, L., & Loewenstein G. (2015). Privacy and human behavior in the age of information. Science, 347, 509-514.