by Adam Tanner
Personal.com received a fair amount of media coverage, but some of the articles set unreasonable expectations that users would soon be able to cash in on their self-curated personal information. “Unless you have millions and millions of users, no one cares about you—and, in fact, they scoff at you,” Green says. “It hasn’t always been easy: there have been some really rough ups and downs.” Part of the problem stemmed from their inability to make users money. “I was more bullish at that time than was warranted about the willingness of partners to work with us,” Green says in retrospect. “That was a miscalculation on our part. And [we] never ended up launching that side of the business.”
With relatively few users signing up, the Personal.com team discussed more than a dozen other ideas to attract more interest. One idea proposed using information from a person’s vault to fill out forms when buying airline tickets or prescription eyeglasses, or when registering on e-commerce sites. Green initially resisted, as did his technology guru, Kurspahic. “When you look at cool tech companies and the kind of stuff that they do, this does not sit at the top of the food chain. And from that perspective that wasn’t appealing to most of us. We all want to do supercool stuff,” Kurspahic says.
But people who saw demonstrations of the feature really liked it, and Personal.com launched “Fill It” in 2013. For the first time, entering all their data into the encrypted vault directly helped users. Personal.com started signing agreements with entities such as Geico insurance, schools, and the Department of Education, which placed a copy of users’ insurance information or student loan details into the vault. The idea was to get businesses to pay the $30-per-user annual subscription as a service to attract customers. Another company called FileThis connects data from users’ bank accounts, credit card statements, phone bills, mutual funds, and other merchants, and places a copy directly into their Personal.com vaults. Slowly, the service was coming alive.7 By spring 2014, one hundred thousand users had signed up for Personal.com. The company also created a second site, fillit.com, to help promote the service, and it continued to map thousands of website forms every week to expand its capabilities.8
Out in California, Reputation.com, focusing on its core business, delayed launching its own data vault, with Fertik hoping it would go live later in 2014. Other companies with similar ideas—such as mydex.org, ownyourinfo.com, qiy.nl, myinfosafedirect.com, and datacoup.com—have not taken the world by storm. In 2014, datacoup.com actually started paying people for their data, but it has struggled with the same chicken-and-egg problem that has vexed others. Datacoup.com offered as much as $8 a month to users, but on average paid just $1.56 in February 2014 as it sought to find buyers for the data.9
Selling other people’s data with or without their knowledge remains far more profitable than protecting and selling data on behalf of consumers, at least for now. Yet the ideas are intriguing and may continue to evolve into an empowering solution for consumers. In 2014, even Acxiom was talking about the possibility of paying users for their data, especially to know when they were in the market for a car or other big-ticket items, a move that could herald a major transformation of marketing and advertising.10 Because it already has hundreds of millions of files on people and many clients, a data broker like Acxiom could overcome the chicken-and-egg dilemma.
Todd Cullen, a former Acxiom vice president for global data products, is convinced the balance of power will ultimately shift to consumers, away from anonymous data brokers and middlemen. He says companies such as Personal.com will crawl, walk, and then run, meaning it will take time. “The model today is completely backwards,” says Cullen, now the chief data officer at advertising firm Ogilvy and Mather. “Consumers are beginning to realize data itself has value.”
That’s the way it should be. Customers should have the final say in how and with whom they share their data. Privacy tools can help, but they are only part of a solution that protects consumers against possible abuses. Companies have to be open and responsible about what personal data they gather, and government rules may be needed to assure certain intimate data are not abused.
19
Empowerment
Insiders’ Mixed Emotions
The harvesting and use of personal data across businesses of all kinds are now a reality, whether we like it or not. That does not mean the public should passively accept every new effort to expand their collection. Customers should know what companies are doing, and should have the final say in how it is shared. With societal boundaries on personal data still largely undefined, the potential for abuse is strong.
Fears that marketers will violate private spheres long predate the Internet. In The Hidden Persuaders, Vance Packard wrote, “It is about the way many of us are being influenced and manipulated—far more than we realize—in the patterns of our everyday life. Large-scale efforts are being made, often with impressive success, to channel our unthinking habits, our purchasing decisions, and our thought processes by the use of insights gleaned from psychiatry and the social sciences.”1
Later he added, “The most serious offense many of the depth manipulators commit, it seems to me, is that they try to invade the privacy of our minds. It is this right to the privacy in our minds—privacy to be rational or irrational—that I believe we must strive to protect.”2 Packard wrote those words not about Google, Facebook, or other digital-age corporations. He was writing in 1957 about the growing sophistication of marketing and advertising.
A decade after Packard’s book was published, Lester Wunderman, who is often credited with creating the term “direct marketing,” described a future in which companies would gather vast amounts of personal data to further their marketing strategies. His 1967 speech makes fascinating reading today because much of his vision has long since come to pass:
A computer can know and remember as much marketing detail about 200,000,000 consumers as did the owner of a crossroads general store about his handful of customers. I can know and select such personal details as who prefers strong coffee, imported beer, new fashions, bright colors. Who just bought a home, freezer, camera, automobile. Who has a new baby, is overweight, got married, owns a pet, likes romantic novels, serious reading, listens to Bach or The Beatles . . . Those marketers who ignore the implications of our new individualized information society will be left behind in what may well come to be known as the age of mass production and marketing ignorance.3
Wunderman, ninety-three years old at the start of 2014, was still working long after his vision became reality in the era of big data. I called him to discuss the current marketing landscape and heard a mixed assessment of how marketers use personal information today. “I get mail that I discard or I get some that offends me, where they are misusing the information that they have. But I think there are always outlaws and the outlaws in the marketing business are obviously those who would misuse data,” he said. “Now we have all these dating sites or people-meeting-other-people sites. And those, I think, would be subject to abuse, where people who feel isolated may, in fact, enter data that could come back at them. . . . In a data-driven world, the potential for abuse may be something we have to spend more time considering than we used to where such information was not available.”4
The potential for abuse makes many marketers cautious about what information they share about themselves. They know from experience both how useful personal data are for their work and how revealing they can be. “I don’t know if I want all these websites to know I am visiting them,” said Netta Kivilis, who for a time managed online marketing for Amazon’s MYHABIT, a flash fashion sales site. “Most of online marketing is evil. . . . On the flip side, as a marketer, it is super useful.
“I sometimes find myself appalled to see where the line is constantly being moved,” she said. “The line is getting farther and farther away.”5
Changing Norms
As businesses try to move the line, social norms will evolve. In some cases, practices that once appeared invasive or creepy may becom
e accepted. “User expectations change over time, and this decade they have changed more than they probably have in the last century,” says Emanuel Pleitez of people search site Spokeo. “For example, five years ago location data on people and people’s behavior—it would have been crazy to think that people would be updating it themselves and putting it out there and sharing it across networks. . . . Now anyone can aggregate Foursquare and all these other location-based—Instagram—and all these other data-aggregating systems,” he says. “Any example you can give me today, in two years can be different in terms of user, consumer expectations.”
In other instances, industry practices will provoke public outcry and government and legal action that may rein in certain practices. Spokeo paid an FTC fine in 2012 related to the marketing of its information for job employment purposes. At that time the site sold especially detailed dossiers that included a person’s ethnicity, political affiliation, religion, hobbies, education level, wealth level, and credit estimate as part of a low-cost subscription. Since then Spokeo has decided to eliminate some of these details. “Spokeo deleted certain content from its services in 2012, in order to help stem potential misuse,” cofounder Harrison Tang said.6
The line on what is fair game in personal data can move both ways, even if the overall trend is in the direction of more data gathering. Mary Culnan, a senior fellow at the Future of Privacy Forum and a professor emeritus at Bentley University, has been working on consumer privacy and marketing since the 1990s, when mailing lists and database marketing were the big concern. “Every time I think I have seen it all, something new comes along. There is a big flap about the latest new thing, and then people get used to it (or maybe never really knew about it), and life goes on,” she says. “Sort of like the frog in the pot of cold water and you turn on the stove and the frog eventually boils to death as the water heats up slowly. The information collection proceeds the same way.”
Highly degreed experts and ordinary Joes will continue to argue about what uses of data constitute great marketing and what creep into an intrusive zone. Opinions are going to differ. Former Las Vegas Mayor Oscar Goodman is outspoken on the topic. “This kind of ‘Big Brotherism’ I don’t think has any place in America, in the free world,” he says. “They find out what you like, what you dislike, then they appeal to you either personally or as a matter of advertising. That’s the nature of that beast. I don’t like it. I don’t want people to know my business.”
Everyone should reflect on the issue of personal data and decide for himself where the line should be. My prescribed solution—openness on the part of the data hunters and choice to the data hunted—accommodates a wide span of opinions, from those convinced that privacy is dead so get over it to those who want more control over what the commercial world knows about them.
The Price of Free
Consumers should expect that companies offering free services want to make money from personal data. Internet firms could do a better job of explaining what they are doing and how advertising underwrites the free stuff. The perception of underhandedness can badly damage a company or an entire industry. Facebook and Google continue to arouse suspicions by changing the rules on users from time to time.
Think before accepting free, and consider the consequences. For example, Scholarships.com tells high school students, “We can help you find money for school, even as colleges discover and recruit you. FREE!” The site includes a detailed series of pages where students add personal information, including sensitive categories like ethnicity, religion, and disabilities such as those related to cancer, obesity, or genetic predisposition to Alzheimer’s. Another page includes the information box for “Lesbian/Gay/Bisexual/Transgender (LGBT) or Parent LGBT.” “Any and all of your responses during your search could impact your search results, so don’t skip anything!” the site tells visitors.
Former Las Vegas Mayor Oscar Goodman (right). Source: Author photo.
Because the service is free, Scholarships.com makes money selling personal data via list broker American Student Marketing, which is located at the same address. About fifty thousand people visit the site every day, and 80 percent share information about themselves. “It’s opt-in on the front page—nobody else has opt-in on the front page,” says Larry Gerber, president of Scholarships.com, who calls his site a valuable service that matches students with the right funding sources.
However, some say high school students volunteering the information don’t really understand that they have exposed themselves in the open marketplace. “Certainly this type of marketing poses real privacy risks to individuals, particularly young people that might be reliant on their family but not out to them,” says Michael Cole-Schwartz, a spokesman for the gay rights group Human Rights Campaign.
Many firms offer free services or contests in exchange for data, often vaguely explaining their practices in lengthy fine print.7 Online quizzes and surveys that offer insights on your health or wealth or other issues typically collect personal data. Publishers Clearing House encourages people to share details to enter lucrative sweepstakes or receive incentives such as gift cards. Some of its pharmacy offers ask about high blood pressure, smoking, sleep disorders, or diabetes. “I personally don’t think there is anything taboo if you explicitly explain why you are collecting the data,” says Mike Zane, senior director of online marketing.
A drawing to win more than $1,000 in PlayStation gaming goods asked for name, phone, date of birth, and email to enter. With this information Sony can easily use other commercially available data to learn more about you, as well as to sell your data if it chooses to do so. If you don’t want such information on the marketplace, don’t enter the contest.
“Consumer awareness is far and away the most important ingredient in consumer privacy. The more people know how things work, the more they’ll be positioned to take the steps they want to protect their privacy,” says Jim Harper, a founding member of the Department of Homeland Security’s Data Privacy and Integrity Advisory Committee, now at the Cato Institute. Among the steps Harper takes is entering some false information when filling out Internet forms, thus potentially confusing aggregators. An example of such a practice happens when people give wrong ZIP codes to prevent stores from figuring out who they are. Harper also maintains several accounts at different social networks, and uses multiple logins and accounts on different platforms such as his Android phone, Twitter, and other services.
In the end, if you want the service for free, you may have to pay some price in personal data—or buy access. “I think we need to move away from advertising-supported business models because these models are inimical to privacy. There is a steady drumbeat for more and more personal information, for more finely grained targeting, with no end in sight,” says Chris Hoofnagle, director of the Berkeley Center for Law and Technology’s information privacy programs. “I’d like to move back to a subscription world—which is not a privacy utopia—to better align interests between consumers and firms, and to put consumers in a better posture with regard to consumer protection laws, some of which do not apply when the service offered is ‘free.’”
Imagine, then, dishing out a monthly fee for your social network, another for your email account, perhaps a third for your data vault. That’s the alternative vision. You may not like this concept and prefer free. Just know the price is personal data.
The Role of the Government
Many have seen a 2012 photo of Britain’s Prince Harry, then third in line to the throne, naked in his hotel suite after playing strip billiards with some women he had met at a Las Vegas bar. R&R Partners, the advertising agency that came up with the slogan “What Happens Here, Stays Here,” responded by running ads promoting discretion when it comes to personal information.
Under the slogan “Know the Code,” the campaign warned against oversharing. “I promise to follow the code of Las Vegas by not tweeting, tagging, posting, telling, whispering, emoting, defining, drawing up, writing about or in any way r
evealing the all-powerful What Happens Here, Stays Here moment of me or anyone else in my party to others not on said trip,” part of the promotional pledge says.
Matthew Mason, vice president of digital strategy and development at R&R Partners, said the campaign sought to shame the people who had broken the code. “When the Prince Harry thing happened we very explicitly felt that went over the line,” he said. “We’ve got a set of rules we’d like to establish as a city and we’d like to enforce those rules and, of course, we do that in a tongue-and-cheek way. It’s very much about pushing back against this pervasive sharing thing that seems to be okay everywhere else. We’d like it to maybe be not so okay when you come to Vegas.”
Of course, the code is itself a clever marketing gambit to highlight all the fun Las Vegas can offer. Yet the same type of self-regulation and self-monitoring is mostly what guides data brokers and marketers today. Such a code is not always enough. Even some industry insiders say the government should do more to regulate what is and is not okay in the private-sector collection and proliferation of personal data.
“‘No regulation, no transparency’ risks having an environment where the most aggressive companies win,” says Matthew Monahan of PeopleSmart.com. Even Acxiom, the master data collector itself, wants more rules. “You might be surprised, but we are in favor of regulation of the industry,” says Acxiom CEO Scott Howe. “There is enough bad stuff going on that having tighter legislation around data collection, visibility, and choice would be good.”
US law allows firms to share and sell most data, with some exceptions for financial, medical, and employment-related data.8 The United States also limits the gathering of data and marketing to children. The US Congress and the Federal Trade Commission have stepped up their examination of data brokers, raising the possibility of future restrictions. Medical data remains a problematic area. Health providers face limitations on how they can share under the Health Insurance Portability and Accountability Act (HIPAA) of 1996. Yet commercial marketers collect and freely traffic in medical data, drawing details from shopping histories, web browsing, survey results, and other information.