Dr. Stephanie Mallette
BL 8113 Law, Ethics, and Alternative Dispute Resolution
26 June 2018
Privacy: What's in it for me?
Privacy can be loosely defined as the right to be left alone. Yet, only in the last year people all over the world have been made privy to the reality of consumer privacy. Scandals like Cambridge Analytica and Facebook's apparent lack of control over user information spawned quotes such as the one delivered by Senator Dick Durbin during Mark Zuckerberg's hearing. Upon being asked whether Zuckerberg would freely divulge information about his private life and the subsequent ‘no' he offered, Durbin was quoted saying “…I think that maybe what this is all about…Your right to privacy….and how much you give away in modern America.” It cannot be ignored that the real emphasis here should be on the word “modern”. The modern world has continually challenged the long-held understanding on privacy, continually morphing and shaping the very nature of the concept itself. The modern world eschews archaic interpretations of a private life and instead allows and often glamorizes the intimate details of online citizens. In a world such as this, it becomes difficult to not only define boundaries concerning privacy, but also to recognize when a breach of privacy has occurred. This paper attempts to identify the relationship between consumers and business from a legal and ethical standpoint concerning privacy.
In Griswold v. Connecticut, the majority concluded that “We deal with a right of privacy older than the Bill of Rights…” (486) when referring to the privacy of a couple's intimate affairs being impinged upon by the State. This ruling established one of the earliest precedents for a well-known and often quoted interpretation of the Constitution's provisions concerning privacy. More recently, the EU passed a comprehensive and strict overhaul of its privacy directive for EU citizens first established in 1995. Owing to the newer more invasive methods of tracking consumer behavior on the internet, the ruling forced companies across the world to update their standards when dealing with privacy. Although arguably the most pronounced effect of the new regulation was felt through memes, internet users across the world noticed a sudden and overnight pile of emails from different services notifying them of the recent updates to their privacy policies. In doing so, the GDPR overhaul forced companies to comply with a stringent and uncompromising set of rules guaranteeing privacy or risk breaching EU law. According to a May 4, 2018 article published in the HIPAA journal, retroactively gaining GDPR compliance could cost up to 800 million euros for Fortune 500 companies. This is a massive sum to pay for ensuring basic handling of sensitive consumer data and the rationale for strictness can be explained by how revealing the data really is. In a 2013 article published in the scientific journal PNAS, authors Kosinski et al. investigate how Facebook likes can be used to predict personal attributes. By analyzing information provided by 58,000 volunteers, they are able to predict homosexuality with 88% accuracy, race with 95% accuracy, and political affiliation with 85% accuracy (Kosinski et al. 1). They contend that “…predictability of individual attributes from digital records…can easily be applied [to people] without their individual consent and without them noticing.” (Kosinski et al. 4). This allows unwitting social media users to part with their private information in a seemingly harmless way, which reminds us that the days when privacy meant intimacy within one's home are far behind us.
The Privacy Rights Clearinghouse is non-profit based in California that annually publishes data about privacy breaches, often revealing the fragile state of information security in the modern age. In 2017 alone, of the nearly 1 billion records breached, about 84% was disclosed unintendedly (including mishandling and using public email) while about 15% was lost to hackers. The revelation of breaches is often followed by a media storm and impassioned debate, which often fails to capture the long-term consequences of the breach of trust that occurs between consumers and businesses. In a 2012 study published in the academic journal Computers in Human Behavior, authors Wu et al. attempt to identify the relationship between trust and privacy concerns with willingness to share personal information (Wu et al. 889). They find a significant and positive relationship between clarity and enforcement of privacy policies and willingness of Internet users to provide personal information (Wu et al. 895). The findings indicate that given an enforceable and transparent policy, Internet users are more than willing to provide businesses with the information they require to cater to consumer needs. Conversely, it can also be argued that the relationship of trust between businesses and consumers is more transactional than relational. In a 2009 paper published in The Journal of Advertising, authors Rapp et al. argue that consumers bear the burden of externalities resulting from a utilitarian approach to privacy. According to them “…[the] marketing community [justifies the] ever-more intrusive methods using a utilitarian ethical framework…” and that “…consumers bear entirely the downside of information sharing.” (Rapp et al. 58-59) The ideas presented here highlight the misconception among businesses that information shared by customers allow for a better exchange of goods and services, ultimately making all the parties better off. However, the supposedly utilitarian approach doesn't take into account the fact that consumers give up their privacy only to make it easier for businesses to market and sell their services. This unequal exchange characterizes a need for better handling of sensitive data, especially when it bestows businesses with a strategic advantage.
The five ethical schools of thought offer a comprehensive and evaluative means to analyze business decisions. Handling consumer data can be addressed in a similar manner to identify the best way to approach the issue ethically. To begin with, applying a legal precedent is not only suitably rigorous, but also substantial in validating a business stake in protecting consumer privacy. In Central Hudson v. New York, the Supreme Court established that for the government to pursue restrictions on free commercial speech, the courts must find a “substantial interest”, that can be “directly advanced”, and “is not more extensive than necessary” (573). Although free speech in the Constitutional sense is far more profound in its application, drawing inspiration from this ruling is an extolling but effectual standard to rely on. Once businesses have evaluated that they have a “substantial interest” in consumer privacy that can be “directly advanced” in a manner that is “not more extensive than necessary”, they can apply measures to control and protect consumer data to the best of their ability. The ethical schools of thought offer the following considerations:
1. Free-market–Businesses evoking a free-market perspective on consumer privacy may arrive at two opposing conclusions. Although consumer data can be profitable when sold to third parties (thereby increasing shareholder value), consumers also have the ability to take their business and attention elsewhere in the event of a breach or revelation of misuse. In a March 2018 article published on Fortune, Facebook lost about $35 billion in market value after reports of the Cambridge Analytica scandal surfaced. Undeniably, shareholder value was greatly diminished by the misuse of consumer data in a breach of trust.
2. Utilitarianism–In a utilitarian model, the decisions that result in the greatest good for the greatest number of people are considered ethically sound. In a 2000 paper published in the Journal of Public Policy and Marketing, authors Eve Caudill and Patrick Murphy contend that “…consumers are not hurt by corporations' collection and use of personal information but are annoyed…. [and] the information allows for a wide assortment of product choice” (Caudill and Murphy 16). The authors argue that collecting consumer data allows for both businesses and consumers to benefit, and thus implores businesses to better protect the interests of their customers.
4. Virtue ethics–From a virtue ethics perspective, businesses stand to gain exponentially more than they stand to lose. In a 2007 article published in the European Journal of Marketing, authors Murphy et al. attempt to establish a virtue ethic framework in engaging with consumers. The authors find that “if trust and commitment are going to solidify a relationship, recognition by both parties of virtues [must be] evident.” (Murphy et al. 49) Their argument summarizes that reaping the full benefits of having good relationships with customers necessitates a certain degree of care, transparency and diligence. By practicing virtue ethics, businesses stand to gain long fruitful partnerships with customers built on solid foundations.
5. Ethic of care–The ethic of care compels equal care that is reciprocated and duly practiced. Although it can be considered to be the most taxing among all the ethical schools considered so far, practicing an ethic of care can have unintended positive consequences. In a 2009 article published in the journal MIS Quarterly, authors Mary Culnan and Cynthia Williams discuss the relationship between constituting an ethical culture at a company and its subsequent consequences. Their research finds that establishing norms of privacy and embodying those principles in company culture benefits businesses by administering robust privacy standards both within and outside the company (Culnan and Williams 673). Furthermore, “many of the same protections that secure customer information can also help to protect sensitive corporate information…” (Culnan and Williams 683) which essentially implies that corporate privacy need not be seen as separate from consumer privacy. By practicing care in how corporations approach privacy in general, they can benefit from adhering to the well-being of both consumers and shareholders.
Based on the analysis presented above, it would seem that all five schools of ethics would support greater business awareness and consideration for consumer privacy. In certain situations, bolstering consumer privacy protections derives from a minimum moral and ethical standard of conduct regardless of costs or benefits. However, when applied in conjunction with the intended and unintended benefits residing in privacy enforcement measures, corporations tend to gain a lot more than they would lose.
The purpose of this paper was to comprehensively investigate the cumulative effects of consumer privacy measures on the relationship between businesses and consumers in legal and ethical terms. The notion of privacy has continually evolved over time and considerably expanded in its implications with the introduction of more advanced forms of collaboration and communication. Currently, the GDPR is the most rigorous set of rules governing privacy in the commercial sector and impacts businesses across the world due to their multinational–and inevitably European–operations. The substantial number of breaches that continue to occur despite modern means of prevention considerably question the efforts businesses put into consumer privacy, thereby challenging the values they hold in that regard. Based on ethical analysis, it seems imperative that businesses come to regard consumer privacy as inexorably tied-in with their own well-being and thus, commit to practicing exceedingly cautious methods to ensure consumer information remains protected. With legal ramifications slowly catching up with the modern Internet era, businesses owe it to themselves and their shareholders to protect consumer privacy and commit to establishing trust and diligence in their transactions.
...(download the rest of the essay above)