I recently published a short piece in the CASRO Journal on privacy and data protection in which I tried to make two points: (1) the burden of managing one’s privacy in our increasingly digital world is beyond reasonable and (2) the really important issue has become how well we manage and protect the personal data we collect. Recent work at the Pew Research Center makes it clear just how deep these problems go, at least in the US.
On the first point, a stunning 91% of US adults “agree or strongly agree that consumers have lost control of how personal information is collected and used by companies.” On the second, there is little confidence that the organizations holding that data will keep it “private and secure.” Pew did not ask about market research, but they did ask about online searches, social media, and online advertisers. The percent of respondents saying that they are very confident or somewhat confident their information will remain private across these three categories was 16%, 11%, and 7% respectively.
In 2014 GRBN raised many eyebrows when they reported the results from an online study showing that roughly 40% of respondents in the US and UK do not trust market research companies with their personal data. In light of the Pew findings, this looks overly optimistic, to say the least.
One frequently heard claim in discussions about privacy is that “Facebook has redefined privacy.” The argument goes something like this: digital natives are much less concerned about privacy than digital immigrants, and so concerns about privacy will decline as we hopelessly old-fashioned baby boomers die off. Not true, say the Pew data. Younger people are every bit as concerned about online privacy as their parents and are much more likely to take steps to protect it – delete cookies and browser history, erase social media posts, refuse to give contact details, etc. This problem is not going away.
What’s a market researcher to do?
There has been no shortage of dialogue within MR industry bodies about PR campaigns designed to convince people that their data is safe with us. That can’t hurt but it’s not the whole answer. What people want, or at least the respondents in this and other studies, is more protection from government. To quote Pew, “68% of internet users believe current laws are not good enough in protecting people’s privacy online; and 64% believe the government should do more to regulate advertisers.” One important form of that regulation is limits on what data can be retained and for how long.
Putting all of this in the context of an MR industry that is gradually relying less on asking people to give us their data (surveys) and more on harvesting data collected by others for purposes other than research suggests that the audience that counts most for us is not the public at large, but the regulators. Historically, at least, we have benefited by self-regulation aimed at distinguishing what we do from what marketers do. At first glance, the new EU General Data Protection Regulation seems to have honored that. Retaining that special status means that it is more important than ever that the line between research and marketing holds firm. In a world where companies (clients) seem more and more interested in detailed profiles of individuals to drive highly targeted marketing campaigns the temptations are many and often. Being steadfast is more important than ever.