Privacy, for most businesses, is something that the compliance department has to worry about. The drivers for upholding privacy and data protection are legal responsibility and the fear of some kind of public scandal.

But as consumers become increasingly aware of privacy issues, there may be an opportunity to make privacy and data protection practices a point of commercial differentiation.

Earlier this year, software giant Microsoft announced that the next versions of its web browser, Internet Explorer 10, would ship with ‘Do Not Track’ – which prevents online advertisers from logging user behaviour – as the default privacy settings.

That can be taken as a sign that, in the highly competitive but largely undifferentiated browser market, Microsoft has identified strong privacy precautions as a carrot to attract new customers. It is especially remarkable given that Microsoft itself is in the online advertising business.

Predicting how privacy measures might influence buyer behaviour is difficult, however. Sören Preibusch, an economics researcher at Cambridge University, has conducted a number of experiments to determine the economic impact of privacy, and they reveal a complex interaction between privacy and buying behaviour.

Preibusch has shown that consumers are likely to answer fairly invasive questions in exchange for a discount on purchases – even quite a small discount. When it comes to services of the same price, however, consumers will generally prefer less invasive providers, as long as the difference is pronounced.

Some industries already use privacy to differentiate their products and services, Preibusch has found. The online registration pages of ecommerce sites, he has shown, are more likely to show which data fields are mandatory than those of free web services such as social networks or blogging platforms.

This is a sign, Preibusch says, that the company cares about privacy, as it lets customers know the minimum amount of information they can disclose. He believes the difference between sectors reflects their individual economic circumstances – free services differentiate on functionality, while online retailers that sell the same products can only otherwise differentiate on price. “This is in line with what economic theory would predict,” he says.

It is not possible to determine whether those retailers that attempt to differentiate on privacy are actually more successful – there are too many confounding factors. But Preibusch has shown that the people who are most concerned about privacy – i.e. who paid a premium to avoid invasive questions – also tended to spend more.

“In one study, we found that people who spent extra money for improved privacy went on to spend 80% more on products,” he says. “Privacy-aware consumers are typically better educated, so they have more money to spend.” Excelling at data protection and privacy, one can extrapolate from this, may be a way to attract more valuable customers.

Different strokes

This is somewhat confounded, however, by the finding that individuals vary wildly on what they consider to be sensitive information. “People are so diverse,” he says.

“Some people rate their preferred holiday destination to be more sensitive than the country they currently live in.”

Preibusch believes that the influence of privacy on buyer behaviour will be more pronounced as consumers become more aware of the issues. Policy measures, such as the EU’s e-Privacy Directive – which obliges website operators to warn users of their cookie-tracking practices – will help consumers make informed decisions about their online behaviour, he adds.

Next>> The privacy agenda

Page 2 of 2

Alan Mitchell, strategy director of marketing technology advisory Ctrl-Shift, likens the privacy agenda to the green agenda before it. “If you think about the way environmental responsibility became a point of competition, it wasn’t because there were millions of consumers analysing what their suppliers were doing,” he says.

“It was more that activists would do an exposé, and organisations would develop a reputation for being good or bad. I think privacy is going the same way, and it’s being led by a combination of activists and media.” Mitchell reports that some companies are being prompted to improve their privacy practices by customers withholding data. “Customers are going dark on them – they are opting out, and withholding permission and so on.

“So what companies are beginning to realise is that they need to have a certain degree of trust when it comes to privacy protection, so that they can get the data that they need.”

The key to building that trust is putting the customer in control, Mitchell argues, giving them a high degree of choice over what data they provide and how it will be used.

“We’ve seen some companies build easy- to-use privacy and preference dashboards, where customers can specify how they want to deal with the organisation,” he says.

“These work at two levels. The first is that it sends a signal that your organisation can be trusted because you’ve given them the ability to set the permissions. The second, slightly counter-intuitive, effect is that people are more willing to share information with organisations if they are in control of the process.”

Trust economy

The World Economic Forum (WEF) recently published a report into what it calls the ‘personal data economy’ –the flow of personal information between individuals, businesses and governments.

It concluded that this ‘economy’ is gravely threatened by dwindling trust among individuals in organisations’ ability to handle data safely and respectfully. “High-profile data breaches and missteps involving personal data seem to be reported almost daily by the media,” it said. “The result: a decline in trust among all stakeholders.”

The report looked at the macroeconomic impact of this effect, predicting that, unless rectified, this lack of trust could cost the G20 nations $4.6 trillion in unrealised economic opportunity over the next five years.

However, the warning still applies to individual businesses, says William Hoffman, head of the WEF’s telecommunications industry division.

“The way businesses view data is starting to change from defence – here’s what I need to protect – to an understanding that if they share data to create richer profiles, glean insights and form greater connections with people, it can be a differentiator,” he says. “But the table stakes for doing that are trust. You are not going to be able to get into that game if people think that you don’t operate with integrity and confidentiality, and you’re not an upstanding corporate citizen."

Hoffman reports that businesses are typically confident of their ability to handle the data appropriately within their organisation. “The risks come in when data flows between organisations,” he says. “For example, when a company buys a new marketing list but it’s not sure of the provenance of the data, or whether the relevant permissions have been shared appropriately.”

Two mechanisms that may aid trust in the exchange of personal data – both among individuals and businesses – are trust frameworks and trust marks, Hoffman says.

A trust framework is a system of authentication that allows organisations to share identity credentials with third parties on the grounds that certain privacy and security conditions have been met. The UK government’s Identity Assurance scheme, in which the public sector will use the authentication mechanisms of private sector identity providers, is one example.

A trust mark is a certification that demonstrates an organisation meets certain privacy obligations. Examples include the European Privacy Seal, or EuroPriSe, which certifies that an IT product or service meets the EU’s data protection requirements, and TRUSTe, a US organisation that offers website operators ‘privacy seals’ to denote that they comply with TRUSTe’s privacy requirements.

If the public’s awareness of privacy issues continues to grow, measures such as these may well help organisations build their reputation for privacy handling, and win customers’ trust as a result. However, Sören Preibusch offers a word of caution about standard privacy labels, as no two individuals view privacy in the same way. “The main problem with privacy seals is that they target an average person, but when it comes to privacy there is no average person,” he says.