We’re at a Data Privacy Crossroads. Where Do We Go From Here?
Skip to content
Policy Marketing Jul 1, 2019

We’re at a Data Privacy Crossroads. Where Do We Go From Here?

What individuals, regulators, and companies need to consider as we live more of our lives online.

Data makes up a woman's profile

Lisa Röper

Based on insights from

Jennifer Cutler

Samuel Goldberg

These days, most of us understand that when we visit a website, download an app, or post on social media, we are sharing data about ourselves with companies. We also understand that the consequences of such sharing will only become more profound as we live more of our lives online. So it is perhaps unsurprising that companies are facing new pressures to protect our digital privacy.

And it’s about time. According to Jennifer Cutler, data sharing is not inherently bad—but it is inherently risky.

“There are plenty of benefits to collecting this data and analyzing it,” says Cutler, an associate professor of marketing at the Kellogg School. “For example, researchers can try to use it to make the world a better place. But the risks are also enormous, because the same information can be used nefariously.” And even when studied with the best of intentions, this data can produce unintended negative side effects.

According to Cutler and Kellogg PhD student Sam Goldberg, individuals, regulators, and companies all need to understand the privacy implications of an increasingly data-driven world.

Challenges Facing Individual Privacy

Data breaches and egregious cases of data misuse regularly provoke an outcry from consumers. Still, it is curious just how much misuse we actually tolerate.

One reason why we don’t see more consumer demand for privacy protections is that often consumers are not aware of their role as “participants” in both formal and informal studies involving giant data sets.

When signing up for a free service, or even applying for a lower interest rate on a credit card, “most people have no idea what they’ve agreed to, or what can be done with their information,” Cutler says. “There might be a general sense of unease, but not a concrete understanding of how their data is being used, and how these uses could potentially harm them.”

There have been some intriguing attempts to quantify the extent to which consumers value their privacy; the challenge is that consumers often lack the information they need to assess the risk in a meaningful way and thus have no reliable means of attaching a specific value to their privacy. If they knew the likelihood of harm to their credit score, reputation, access to health or life insurance, or even physical safety, they might value their personal data differently.

Moreover, most people have little choice but to accept the standard onerous trade-off that comes with adopting a new technology, because the costs of opting out altogether are often too great. “People use the apps they need for work and to stay on pace with life—they don’t read through a hundred-page terms-of-service agreement to find the one clause that’s unacceptable,” says Cutler.

People have little choice but to accept the standard onerous trade-off that comes with adopting a new technology, because the costs of opting out altogether are often too great.

Consumers also badly underestimate the amount of information that can be gleaned from even the most pedestrian online behaviors. One of Cutler’s research areas is making predictions based on people’s public Twitter and Facebook posts. While we might expect that these seemingly innocuous actions are not private per se, we might not consider the extent to which researchers are mining them.

“Even really innocuous things such as ‘liking’ a supermarket’s page can eventually build a very predictive profile of a person, including basic demographics, but also more sensitive things like someone’s political leanings, religious preferences, and health conditions,” Cutler says. “It’s hard to determine the cost of that.”

Finally, data collection is cumulative, and not always in ways that are easy to explain, track, or predict.

“A consumer might not care that a specific small app can access her iPhone photos,” Cutler says. “But when she realizes that companies are merging together, or merging their data, suddenly there’s this data beast that knows everything about you. That consumer might want to exercise more control over her data set.”

What Regulators Are Doing

Individual control is exactly what the EU is hoping to provide with the General Data Protection Regulation (GDPR), which has been pitched as the gold standard of data-protection regulation.

The GDPR, which went into effect in May 2018, is the most comprehensive policy attempt to establish rules for how companies process and handle data.“ The idea behind the regulation is to set the standard for how to treat data gathering and usage,” says Sam Goldberg, a Kellogg Ph.D. student focused on privacy issues. “And it does so within a framework that requires individual consent.”

Among several new rights and responsibilities in the GDPR for both users and firms—including the “right to be forgotten,” new rules for the reporting of incidents, and data-security requirements—is the shift from an “opt-out” to an “opt-in” default privacy setting. This new setting means that companies’ default state is not to track visitors. The GDPR additionally specifies that companies cannot deny service to those who opt out of having their data collected.

“So technically, a news publisher can’t say, ‘you have to opt in before you can read any articles,’” Goldberg says.

While overall the GDPR’s changes make significant, clear advances in firm reporting and structure, there are potential loopholes in this regulation. Companies are allowed to collect data for “necessary processing”—for instance, they can use cookies if they’re essential for running the website—and also for reasons of “legitimate interest,” an admittedly vague and broad stipulation which might undermine individual consent.

This raises questions about just how effective the GDPR will actually be in curbing data-collection abuses.

“‘Legitimate interest’ is potentially broad,” Goldberg says. “While the GDPR is clearly written, the way regulators might interpret compliance may not yet be clear, so companies are still experimenting and testing the legal boundaries.”

What about here in the U.S.?

Experts say that robust legal frameworks like the GDPR are unlikely to pass in the U.S., but they may not have to. For companies like Google and Facebook, maintaining country-specific privacy policies as they operate globally might be too cumbersome and risky, not to mention expensive, to make sense. Adhering to the most most stringent of these regulations may become the norm for global tech companies, similarly to the way airlines have adapted to the patchwork of national safety standards imposed upon them.

Privacy and the Structure of Our Society

However, providing individuals with more control over their own data may only go so far in alleviating the larger-scale, longer-term effects of having so much data collected about all of us.

It’s clear, for example, that large-scale data collection and analysis could have profound effects on the structure of our society, as predictive analytics can reinforce preexisting biases. If a bank uses social media to predict the likelihood of someone defaulting on a loan, or a police department relies on predictive models to determine whom it profiles, any racial, gender, or class prejudice found in the data can be reflected and potentially magnified by these models to yield discriminatory results. Correcting this isn’t always straightforward, and will require reflection on the part of the modelers.

It’s also important to keep in mind what researchers call “second-order effects,” or the repercussions that result from the consequences of an action. Using social-networking data for alternative credit scoring, for instance, does more than just help or hurt lenders and loan applicants—it may alter the very nature of credit access and how people use social-networking sites. Such shifting incentives may, for example, change the way individuals connect and disseminate information on social media. Similarly, using existing data to determine the likelihood of someone committing a crime may reinforce the racial and class disparities in our criminal justice system.

To Cutler, this suggests that additional data protections may be necessary, beyond simply asking individuals to opt in.

Given how rapidly this ecosystem has evolved—consider the rise of facial-recognition software or payment options connected to social media—even full transparency on the part of companies is unlikely to resolve the deeper uncertainty around how this escalation of data collection and usage will play out.

“We’re in uncharted territory,” says Cutler. “We are going to need interdisciplinary efforts by researchers in many fields to investigate how to balance innovation with consumer and societal protections as data availability increases.”

About the Writer
Drew Calvert is a writer based in Los Angeles.
Most Popular This Week
  1. One Key to a Happy Marriage? A Joint Bank Account.
    Merging finances helps newlyweds align their financial goals and avoid scorekeeping.
    married couple standing at bank teller's window
  2. Take 5: Yikes! When Unintended Consequences Strike
    Good intentions don’t always mean good results. Here’s why humility, and a lot of monitoring, are so important when making big changes.
    People pass an e-cigarette billboard
  3. How Are Black–White Biracial People Perceived in Terms of Race?
    Understanding the answer—and why black and white Americans may percieve biracial people differently—is increasingly important in a multiracial society.
    How are biracial people perceived in terms of race
  4. Will AI Eventually Replace Doctors?
    Maybe not entirely. But the doctor–patient relationship is likely to change dramatically.
    doctors offices in small nodules
  5. Entrepreneurship Through Acquisition Is Still Entrepreneurship
    ETA is one of the fastest-growing paths to entrepreneurship. Here's how to think about it.
    An entrepreneur strides toward a business for sale.
  6. Take 5: Research-Backed Tips for Scheduling Your Day
    Kellogg faculty offer ideas for working smarter and not harder.
    A to-do list with easy and hard tasks
  7. How to Manage a Disengaged Employee—and Get Them Excited about Work Again
    Don’t give up on checked-out team members. Try these strategies instead.
    CEO cheering on team with pom-poms
  8. Which Form of Government Is Best?
    Democracies may not outlast dictatorships, but they adapt better.
    Is democracy the best form of government?
  9. What Went Wrong at AIG?
    Unpacking the insurance giant's collapse during the 2008 financial crisis.
    What went wrong during the AIG financial crisis?
  10. The Appeal of Handmade in an Era of Automation
    This excerpt from the book “The Power of Human" explains why we continue to equate human effort with value.
    person, robot, and elephant make still life drawing.
  11. 2 Factors Will Determine How Much AI Transforms Our Economy
    They’ll also dictate how workers stand to fare.
    robot waiter serves couple in restaurant
  12. When Do Open Borders Make Economic Sense?
    A new study provides a window into the logic behind various immigration policies.
    How immigration affects the economy depends on taxation and worker skills.
  13. Why Do Some People Succeed after Failing, While Others Continue to Flounder?
    A new study dispels some of the mystery behind success after failure.
    Scientists build a staircase from paper
  14. Sitting Near a High-Performer Can Make You Better at Your Job
    “Spillover” from certain coworkers can boost our productivity—or jeopardize our employment.
    The spillover effect in offices impacts workers in close physical proximity.
  15. How the Wormhole Decade (2000–2010) Changed the World
    Five implications no one can afford to ignore.
    The rise of the internet resulted in a global culture shift that changed the world.
  16. What’s at Stake in the Debt-Ceiling Standoff?
    Defaulting would be an unmitigated disaster, quickly felt by ordinary Americans.
    two groups of politicians negotiate while dangling upside down from the ceiling of a room
  17. What Happens to Worker Productivity after a Minimum Wage Increase?
    A pay raise boosts productivity for some—but the impact on the bottom line is more complicated.
    employees unload pallets from a truck using hand carts
  18. Immigrants to the U.S. Create More Jobs than They Take
    A new study finds that immigrants are far more likely to found companies—both large and small—than native-born Americans.
    Immigrant CEO welcomes new hires
  19. How Has Marketing Changed over the Past Half-Century?
    Phil Kotler’s groundbreaking textbook came out 55 years ago. Sixteen editions later, he and coauthor Alexander Chernev discuss how big data, social media, and purpose-driven branding are moving the field forward.
    people in 1967 and 2022 react to advertising
  20. 3 Traits of Successful Market-Creating Entrepreneurs
    Creating a market isn’t for the faint of heart. But a dose of humility can go a long way.
    man standing on hilltop overlooking city
More in Policy