Privacy and Ethics in the Digital Age

The issues of privacy and data collection in both the online world and on mobile phones, is something I spent a lot of time working on at the Federal Trade Commission. Reading the article about the way the Apple and Google are using phones to gather location-based information, which they can then use themselves or sell to marketers, reminded me a lot about the work I did and the efforts that regulators are making to check the activities of some of the largest tech companies: Apple, Google, and especially Facebook.

At the FTC, I felt like the opinion of a lot of the people I work with is that each company takes a different approach to privacy and that some are better than others. Without saying which companies we thought were the most problematic in terms of their privacy policies, I will say that one thing we saw a lot of, and were extremely concerned with in the mobile space, was that people had absolutely no idea how to control their privacy settings, or if it was even possible to control their privacy settings on their mobile phones. Just as we saw in the article, Google and Apple collect data about location, and while many consumers know how to turn on or off their GPS tracker on their phones, what we found is that many consumers 1)have no idea that their
information is being tracked, and perhaps more problematic in my perspective 2) that they have no idea how to prevent their OS operator from doing so. At least in the online world, you know that there is a section of the Facebook website dedicated to privacy issues, as well as in all of the other social networking websites. On your smart phone, this is not available for users to control, or at least to control the type of tracking that was described in the article.

One interesting thing in this whole debate is the difference between the principle of the thing and the net result. For example: in principle, I think it is wrong for Apple to track your location without telling you or giving you the option to stop it. However, the net result of this activity is that they use the data to market coupons or local businesses that are located in the area where you are. My feeling, and the feeling of the majority of consumers according to surveys, is that if I’m going to be advertised to, I’d rather have it be ads that are relevant to me rather than completely random. This is an interesting legal distinction because traditionally consumer
protection laws, and I think this is absolutely a consumer protection issue, center around misconduct that leads to damages. For example, a business misleads consumers about being a charity, and causes them to pay money to the company that they would not have otherwise. In this example, there was misconduct that was wrong in principle, that also caused consumer damage (loss of money). Even a lot of the traditional privacy cases that were handled by the Division of Privacy and Identity Protection at the FTC had both misconduct and damage: someone would misuse personally-identifiable information about someone else in order to steal their money, or use their credit cards, or something of this nature. So there was clearly both misconduct and damage. However, as I mentioned above, while there may be misconduct regarding the way that consumer information is collected and transferred, there isn’t really damage to the consumer for the types of activity that were discussed in the article. In fact, most consumers feel they actually benefit from this activity because it means that the advertisements they receive are more meaningful. It is interesting to think that the law generally seeks to correct only the damage side of the transaction, and not the misconduct side. This might be why it is illegal to steal, but not to lie. The damage is clear in one case, and not so in the other.

So what does this mean for a marketer? I think from a legal perspective, most marketers are not liable for the collection practices of the technology companies, at least for the time being. From an ethical perspective though, should a marketer avoid using data collected by ethically-questionable means even if it means that they can do their job better? I think the answer is no because I don’t think the actual “service” that a marketer provides is in any way unethical or violating of the consumer’s rights. The act of having an advertisement placed before your eyes and your eyes only, does not cause the consumer any damage. Put differently, in a transaction
that has misconduct and no damage, I think it’s ethically OK to be confined to the piece of that transaction that has no damage, as the marketer is. I don’t think having an ad placed before you that is more specific to who you are, or where you are, is itself more offensive or inappropriate than having a random ad marketed to you. The issue that the individual being marketed to might not want anyone to know where they are, or that they have visited a certain website, or whatever the data is, isn’t necessarily relevant to the marketer. I don’t think it’s relevant because the marketer’s purpose is to put an advertisement before the eyes of that individual on their smart phone, while they have their smart phone with them. I think it would be unethical for them to place ads based on the individual’s collected data in public spaces where other people could see them. To use an extreme example, let’s say an individual frequents a lot of adult websites, and thus marketers want to advertise other adult products to that individual. If those ads were placed on that individual’s facebook page (as opposed to the way it is now on facebook, where, regardless of what page you are looking at, the advertising on the side is specific to you and your profile as long as you are signed in), then there would be damages to the consumer. Imagine if the individual’s son or boss saw those ads. There could be palpable damage, and then it would be an ethical concern. But as long as the relationship between the marketer and the individual is personal, I think the marketer is in the clear.