Moving from “opt-out” to “opt-in” culture

“We’re here for consumers. Why, without them, we’d have nobody whose privacy we can invade so that we can exploit them to advertisers.”

Comment about Google under user comments on:

Teaching courses on digital marketing and ethics in information technology has been a great learning experience for me. In discussions on topics such as information privacy and security, critical issues such as identity theft, spamming, and robocalling have sparked great interest because these are personal matters for all of us as well as for the reputation management of the businesses we represent.

Encouraging learners to confidentially share their experience with these ethical and legal abuses of information technology, I have become aware of the damage that these practices can inflict on people in their personal and professional lives.

  • Automated phone calling (robocalling) from marketers that wakes people in the early morning and disturbs home life in the evening.
  • Email spam that clutters Inboxes and phishing attempts to lead the unsuspecting to Web sites where malware can be dropped onto the users’ system.
  • Credit reporting agencies that share consumer data, but do not clearly inform or provide sufficient control for users of that data sharing.
  • Web site privacy policies that don’t include, or otherwise hide or make difficult to understand any information about user profiling along with the data gathering and sharing that are its outcomes.

This is but a sampler of the many ways that as individuals, we are left with little protection and less information that could help us make sense out of preserving our privacy and security.

And while acknowledging that there are regulations which attempt to address these abuses, they are not comprehensive and typically contain loopholes which are used to perpetuate these practices. Enforcement is often toothless in this situation.

Among the greatest loopholes is the notion that as users, we need to opt-out of practices for which we don’t want to participate. In the case of Web sites and services, we should take responsibility for reading the privacy policy prior to using the service, but in many cases, we either miss the details amid the fine print or the data gathering and data sharing are not made evident. In other cases, we are simply not made aware of these practices, such as with credit reporting agencies.

It’s a shame that we as individual citizens have to hunt and peck through these hidden resources and fine print to find ways to opt-out of what is essentially an unethical practice in terms of our privacy and security, especially when it is so clear what damage that uncontrolled data gathering and sharing can cause.

Think of how much more elusive finding ways to opt-out will be with increasing use of small mobile devices such as smartphones or the family Internet-capable TV.

Rather than detail the ethical and legal abuses in which we are engulfed with our increasing dependency on online communication and transactions or the impotence of chasing after abuse with regulation, I submit that we need to overturn the current system of “opt-out” abuse and move toward a more universal “opt-in with informed consent” regulatory framework.

Yes, overarching regulation of this type can place more responsibility and cost on businesses and other organizations, but that is what we should expect in terms of our broader constitutional rights.

I am not recommending the shot-gun approach to regulation such as in the SOPA and PIPA legislative efforts where the regulation itself is abusive of those rights, but rather more focused on the mechanism of individual informed consent.

Would there be a cost in shifting the focus from requiring users to opt-out to providing informed consent of any data gathering and data sharing prior to its use on Web sites and other channels of communication?

Yes, but I propose that the cost of shifting these mechanisms in favor or transparency and choice will actually create more benefit for both providers and users in the long run.

As it stands right now, as in many aspects of our ethical and legal landscape, we have a short-term view of gain that is already failing.

As individuals increasingly become aware and experience the damage associated with unregulated and uncontrolled use of their personal data and the intrusion of their personal privacy, they will take the means to opt-out of a system that does not merit their trust and thus, their participation.

In reply, I welcome your comments on these issues and the solutions that you feel are warranted,


P.S. As of only a few hours after writing this message, I received important information related to these issues.

I received an email from Google informing me of an upcoming change in their privacy policy which allows them to share more data internally while presumably protecting user privacy with a statement “we’ll never sell your personal information or share it without your permission (other than rare circumstances like valid legal requests).”

A subsequent examination of this new policy might reveal the extent to which the above are correct in all respects or might not fully reveal the nature and extent of user profiling and data sharing, but as I have already stated, this takes some time and effort. Should I trust Google and continue using its free services (which are of great value) or cancel my accounts? That is a choice that users must now make according to Google.

Update: Here is a quote and a link to an online article in The Wall Street Journal for case-based reasoning on this broader issue of privacy protection: “Google Inc. and other advertising companies have been bypassing the privacy settings of millions of people using Apple Inc.’s Web browser on their iPhones and computers—tracking the Web-browsing habits of people who intended for that kind of monitoring to be blocked.”

Also, on the topic of robocalling, I learned via broadcast TV news, that the FCC issued new regulations on this intrusive, automated phone calling practice. While it provides some teeth in placing a legal definition of this abusive practice, it only limits automated calling, but not calls placed by people using the loophole of making some connection to an exempt non-profit organization. Thus, as in the other abusive practices, it is still a cat and mouse game where as users we are the mice.

Here are links to information on the FCC site on this topic and on opt-out practices for communications in general.

FCC Strengthens Consumer Protections Against Telemarketing Robocalls:

Unwanted Telephone Marketing Calls:

This entry was posted in blogs for business, customer experience, customer experience management, digital marketing, human factors in information systems design, information architecture, information ethics, management of information systems and technology, social change, social media, user experience, user-centered design and tagged , , , , , , , , , , , . Bookmark the permalink.

2 Responses to Moving from “opt-out” to “opt-in” culture

  1. Joe says:

    If you’re interested in privacy issues, you should read The author is the CTO of the company I used to work for and he is a well-known speaker in the privacy arena. He’s also a really nice guy (extremely smart too!).

    As far as the opt-in vs. opt-out…I don’t see it happening anytime soon. Companies that develop software and offer free services count on the fact that you won’t take any action beyond installing and using their software. A lot of people know that gmail “machine reads” your email and customizes ads based on that, I do. I’m not particularly overjoyed by that but I understand they are a business and have to make money. However, I would pay a small fee to get rid of all the advertising and all the other issues you have to deal with when you use the free stuff. It’s more about economics than privacy to some extent but if I was ever bothered by my “digital footprint” online, there’s really nothing I could do to eliminate it. In the digital world, your footprint can literally last forever.

  2. Doc says:

    Thanks Joe, for sharing that link and your insights into this issue. I would have to agree that a polar shift from opt-out to opt-in is unlikely anytime soon. Nonetheless, there are examples that are emerging. For example, Ghostery provides a useful social purpose as a free Web tracking blocker, but as explained in their Website FAQ, they need to support this free software service as a business.

    Although many software producers support free software with ad banners and similar revenue models, Evidon as the company behind Ghostery has chosen to support their free Ghostery service with an opt-in feature of its software that collects data about trackers and the ad servers behind them.

    This ranking data is collected from Ghostery users who opt-in to allowing this data to be collected and shared with the company. Evidon can then sell this data to the ad providers to support its business.

    As stated on Evidon’s FAQ page, users and their personal data are kept anonymous and the ranking service is limited to opt-in.

    Assuming that this position is clearly identified, transparent, and useful to users and advertisers alike, I think that the Evidon Ghostery business model works on an ethical level.

    Thanks for sharing,


    Ghostery™ FAQs

Leave a Reply

Your email address will not be published. Required fields are marked *