Out-Law / Your Daily Need-To-Know

Out-Law News 2 min. read

Privacy awareness not backed up by behaviour, survey finds

UPDATED: Almost 90% of UK internet users are prepared to give away private data despite 84% of the same users claiming to be very guarded about online privacy.

While conducting research about targeted behavioural advertising, online content and advertising company AOL found that most of the 1,000 online consumers it surveyed claimed to be very conscious about their privacy and claimed to guard carefully their personal details.

It found that 84% of those people said that they would not give away income details online but then found that 89% of the those surveyed were willing to do exactly that.

“Our research identified a significant gap between what people say and what they do when it comes to protecting sensitive information online,” said Jules Polonetsky, AOL’s chief privacy officer

The survey asked participants a series of questions about their attitudes to privacy and, according to an AOL spokesman, also asked them to indicate which of a choice of income brackets they fitted into. It found that 87.3% of those who had said they guarded income details actually gave them away, the spokesman said.

The survey discovered that the message that users should protect their privacy is getting through, though. While 34% of people expected to experience credit card fraud, just 11% had actually experienced it.

AOL said that its research found that the more that people understood about the risks of online privacy violations, the less concerned they were about them.

AOL commissioned the research from consultancy Promise as part of its campaign to raise awareness of the privacy implications of targeted behavioural advertising, the practice of monitoring a person's internet use and sending them adverts the company believes are relevant to them.

Behavioural advertising has attracted adverse publicity in some cases from privacy activists and regulators worried about the monitoring of users' behaviour. Such monitoring could be an illegal interception of a communication unless it is done with the consent of both parties to any communication.

A company called Phorm ran into trouble earlier this year when internet service provider (ISP) customers reacted angrily to suggestions that their ISPs were about to install Phorm's traffic-monitoring system to better help websites to display adverts related to people's surfing.

Polonetsky recognised that there were risks attached to behavioural advertising.

"Personalising content and delivering relevant advertising online will only succeed for consumers and for advertisers if it is done in a trustworthy and transparent manner," he said. "In addition, business and government will need to offer approaches that recognise that at certain times personalisation and data use will be welcomed, and in other cases, users will demand limits on the use of their data.”

AOL's research was presented at a seminar at the House of Commons last month, where the Information Commissioner Richard Thomas, the UK's privacy regulator, spoke.

He said that companies had to make sure they followed simple, clear guildelines, or risked losing their customers.

“By taking a practical, down-to-earth approach to data protection and privacy, we can simplify good practice for the majority of organisations who seek to handle personal information well," said Thomas. "If organisations fail to meet their data protection obligations they not only risk enforcement action by the ICO, they also risk losing the trust of their customers."

AOL used to be an internet service provider but is now a content and advertising business. Like other online advertising companies it carries out behaviourally-targetted advertising by using cookies to see what sites a visitor has previously viewed and serving ads it believes are relevant to that person.

Editor's note, 14/08/2008: This story has been tweaked since it first appeared after a reader correctly pointed out that interception rules require the consent of both parties to a communication, not just the user of a computer. For discussion of this point, see our analysis of RIPA in The law of Phorm, OUT-LAW News, 01/05/2008.

We are processing your request. \n Thank you for your patience. An error occurred. This could be due to inactivity on the page - please try again.