We’re at a Data Privacy Crossroads. Where Do We Go From Here?
Skip to content
Policy Marketing Jul 1, 2019

We’re at a Data Privacy Crossroads. Where Do We Go From Here?

What individuals, regulators, and companies need to consider as we live more of our lives online.

Data makes up a woman's profile

Lisa Röper

Based on insights from

Jennifer Cutler

Samuel Goldberg

These days, most of us understand that when we visit a website, download an app, or post on social media, we are sharing data about ourselves with companies. We also understand that the consequences of such sharing will only become more profound as we live more of our lives online. So it is perhaps unsurprising that companies are facing new pressures to protect our digital privacy.

Add Insight
to your inbox.

And it’s about time. According to Jennifer Cutler, data sharing is not inherently bad—but it is inherently risky.

“There are plenty of benefits to collecting this data and analyzing it,” says Cutler, an associate professor of marketing at the Kellogg School. “For example, researchers can try to use it to make the world a better place. But the risks are also enormous, because the same information can be used nefariously.” And even when studied with the best of intentions, this data can produce unintended negative side effects.

According to Cutler and Kellogg PhD student Sam Goldberg, individuals, regulators, and companies all need to understand the privacy implications of an increasingly data-driven world.

Challenges Facing Individual Privacy

Data breaches and egregious cases of data misuse regularly provoke an outcry from consumers. Still, it is curious just how much misuse we actually tolerate.

One reason why we don’t see more consumer demand for privacy protections is that often consumers are not aware of their role as “participants” in both formal and informal studies involving giant data sets.

When signing up for a free service, or even applying for a lower interest rate on a credit card, “most people have no idea what they’ve agreed to, or what can be done with their information,” Cutler says. “There might be a general sense of unease, but not a concrete understanding of how their data is being used, and how these uses could potentially harm them.”

There have been some intriguing attempts to quantify the extent to which consumers value their privacy; the challenge is that consumers often lack the information they need to assess the risk in a meaningful way and thus have no reliable means of attaching a specific value to their privacy. If they knew the likelihood of harm to their credit score, reputation, access to health or life insurance, or even physical safety, they might value their personal data differently.

Moreover, most people have little choice but to accept the standard onerous trade-off that comes with adopting a new technology, because the costs of opting out altogether are often too great. “People use the apps they need for work and to stay on pace with life—they don’t read through a hundred-page terms-of-service agreement to find the one clause that’s unacceptable,” says Cutler.

People have little choice but to accept the standard onerous trade-off that comes with adopting a new technology, because the costs of opting out altogether are often too great.

Consumers also badly underestimate the amount of information that can be gleaned from even the most pedestrian online behaviors. One of Cutler’s research areas is making predictions based on people’s public Twitter and Facebook posts. While we might expect that these seemingly innocuous actions are not private per se, we might not consider the extent to which researchers are mining them.

“Even really innocuous things such as ‘liking’ a supermarket’s page can eventually build a very predictive profile of a person, including basic demographics, but also more sensitive things like someone’s political leanings, religious preferences, and health conditions,” Cutler says. “It’s hard to determine the cost of that.”

Finally, data collection is cumulative, and not always in ways that are easy to explain, track, or predict.

“A consumer might not care that a specific small app can access her iPhone photos,” Cutler says. “But when she realizes that companies are merging together, or merging their data, suddenly there’s this data beast that knows everything about you. That consumer might want to exercise more control over her data set.”

What Regulators Are Doing

Individual control is exactly what the EU is hoping to provide with the General Data Protection Regulation (GDPR), which has been pitched as the gold standard of data-protection regulation.

The GDPR, which went into effect in May 2018, is the most comprehensive policy attempt to establish rules for how companies process and handle data.“ The idea behind the regulation is to set the standard for how to treat data gathering and usage,” says Sam Goldberg, a Kellogg Ph.D. student focused on privacy issues. “And it does so within a framework that requires individual consent.”

Among several new rights and responsibilities in the GDPR for both users and firms—including the “right to be forgotten,” new rules for the reporting of incidents, and data-security requirements—is the shift from an “opt-out” to an “opt-in” default privacy setting. This new setting means that companies’ default state is not to track visitors. The GDPR additionally specifies that companies cannot deny service to those who opt out of having their data collected.

“So technically, a news publisher can’t say, ‘you have to opt in before you can read any articles,’” Goldberg says.

While overall the GDPR’s changes make significant, clear advances in firm reporting and structure, there are potential loopholes in this regulation. Companies are allowed to collect data for “necessary processing”—for instance, they can use cookies if they’re essential for running the website—and also for reasons of “legitimate interest,” an admittedly vague and broad stipulation which might undermine individual consent.

This raises questions about just how effective the GDPR will actually be in curbing data-collection abuses.

“‘Legitimate interest’ is potentially broad,” Goldberg says. “While the GDPR is clearly written, the way regulators might interpret compliance may not yet be clear, so companies are still experimenting and testing the legal boundaries.”

What about here in the U.S.?

Experts say that robust legal frameworks like the GDPR are unlikely to pass in the U.S., but they may not have to. For companies like Google and Facebook, maintaining country-specific privacy policies as they operate globally might be too cumbersome and risky, not to mention expensive, to make sense. Adhering to the most most stringent of these regulations may become the norm for global tech companies, similarly to the way airlines have adapted to the patchwork of national safety standards imposed upon them.

Privacy and the Structure of Our Society

However, providing individuals with more control over their own data may only go so far in alleviating the larger-scale, longer-term effects of having so much data collected about all of us.

It’s clear, for example, that large-scale data collection and analysis could have profound effects on the structure of our society, as predictive analytics can reinforce preexisting biases. If a bank uses social media to predict the likelihood of someone defaulting on a loan, or a police department relies on predictive models to determine whom it profiles, any racial, gender, or class prejudice found in the data can be reflected and potentially magnified by these models to yield discriminatory results. Correcting this isn’t always straightforward, and will require reflection on the part of the modelers.

It’s also important to keep in mind what researchers call “second-order effects,” or the repercussions that result from the consequences of an action. Using social-networking data for alternative credit scoring, for instance, does more than just help or hurt lenders and loan applicants—it may alter the very nature of credit access and how people use social-networking sites. Such shifting incentives may, for example, change the way individuals connect and disseminate information on social media. Similarly, using existing data to determine the likelihood of someone committing a crime may reinforce the racial and class disparities in our criminal justice system.

To Cutler, this suggests that additional data protections may be necessary, beyond simply asking individuals to opt in.

Given how rapidly this ecosystem has evolved—consider the rise of facial-recognition software or payment options connected to social media—even full transparency on the part of companies is unlikely to resolve the deeper uncertainty around how this escalation of data collection and usage will play out.

“We’re in uncharted territory,” says Cutler. “We are going to need interdisciplinary efforts by researchers in many fields to investigate how to balance innovation with consumer and societal protections as data availability increases.”

About the Writer
Drew Calvert is a writer based in Los Angeles.
Most Popular This Week
  1. How Much Do Boycotts Affect a Company’s Bottom Line?
    There’s often an opposing camp pushing for a “buycott” to support the company. New research shows which group has more sway.
    grocery store aisle where two groups of people protest. One group is boycotting, while the other is buycotting
  2. 5 Takeaways on the State of ESG Investing
    ESG investing is hot. But what does it actually deliver for society and for shareholders?
    watering can pouring over windmills
  3. Could Bringing Your "Whole Self" to Work Curb Unethical Behavior?
    Organizations would be wise to help employees avoid compartmentalizing their personal and professional identities.
    A star employee brings her whole self to work.
  4. When Do Open Borders Make Economic Sense?
    A new study provides a window into the logic behind various immigration policies.
    How immigration affects the economy depends on taxation and worker skills.
  5. Which Form of Government Is Best?
    Democracies may not outlast dictatorships, but they adapt better.
    Is democracy the best form of government?
  6. How Has Marketing Changed over the Past Half-Century?
    Phil Kotler’s groundbreaking textbook came out 55 years ago. Sixteen editions later, he and coauthor Alexander Chernev discuss how big data, social media, and purpose-driven branding are moving the field forward.
    people in 1967 and 2022 react to advertising
  7. What Happens to Worker Productivity after a Minimum Wage Increase?
    A pay raise boosts productivity for some—but the impact on the bottom line is more complicated.
    employees unload pallets from a truck using hand carts
  8. Why Do Some People Succeed after Failing, While Others Continue to Flounder?
    A new study dispels some of the mystery behind success after failure.
    Scientists build a staircase from paper
  9. What Went Wrong at AIG?
    Unpacking the insurance giant's collapse during the 2008 financial crisis.
    What went wrong during the AIG financial crisis?
  10. Why Well-Meaning NGOs Sometimes Do More Harm than Good
    Studies of aid groups in Ghana and Uganda show why it’s so important to coordinate with local governments and institutions.
    To succeed, foreign aid and health programs need buy-in and coordination with local partners.
  11. 3 Tips for Reinventing Your Career After a Layoff
    It’s crucial to reassess what you want to be doing instead of jumping at the first opportunity.
    woman standing confidently
  12. How Are Black–White Biracial People Perceived in Terms of Race?
    Understanding the answer—and why black and white Americans may percieve biracial people differently—is increasingly important in a multiracial society.
    How are biracial people perceived in terms of race
  13. Podcast: Does Your Life Reflect What You Value?
    On this episode of The Insightful Leader, a former CEO explains how to organize your life around what really matters—instead of trying to do it all.
  14. Immigrants to the U.S. Create More Jobs than They Take
    A new study finds that immigrants are far more likely to found companies—both large and small—than native-born Americans.
    Immigrant CEO welcomes new hires
  15. In a World of Widespread Video Sharing, What’s Real and What’s Not?
    A discussion with a video-authentication expert on what it takes to unearth “deepfakes.”
    A detective pulls back his computer screen to reveal code behind the video image.
  16. College Campuses Are Becoming More Diverse. But How Much Do Students from Different Backgrounds Actually Interact?
    Increasing diversity has been a key goal, “but far less attention is paid to what happens after we get people in the door.”
    College quad with students walking away from the center
More in Policy