By now, it’s an expected right-of-passage. As you enter credit card information for an online purchase, up pops two familiar words: “Privacy Notice.”
Does seeing those words make you more confident about the transaction, knowing that the company will safeguard your private information? Or does it make you feel less safe by making you conscious of just how much you are giving away?
A new working paper finds that it’s more likely to be the latter.
“Even if a privacy policy is meant to be assuaging, it can prime you to think about privacy, and that can make you clam up a bit,” says Leslie John, Marvin Bower Associate Professor of Business Administration at Harvard Business School.
“When people weren’t presented with a privacy notice, their purchase interest was about twice that of those who had been shown the privacy notice.”
The study, co-written with Utah State’s Aaron Brough and Ohio State’s David Norton, compares the phenomenon to seeing bulletproof glass at a bank.
“Bulletproof glass is something meant to protect us, but sometimes its very presence can make us aware of the dangers we hadn’t previously been paying attention to,” says John. “So ironically, it can make us feel less safe.”
If companies do provide a notice, however, they must abide by it. For that reason, companies often make them as broad and sweeping as possible—perhaps triggering customers to worry about what the company might do with their data.
How privacy statements backfire
The researchers explored the phenomenon in a series of six experiments, testing whether it is possible to write one in such a way to make a customer feel more safe rather than less safe.
In one experiment, for example, they presented online participants with the opportunity to buy a pair of sunglasses. Some subjects saw a privacy notice at checkout, with language drawn from actual notices used by Nordstrom and Macy’s; other’s didn’t. Asked to rate on a scale of 1 to 100 how likely they were to go through with the purchase, the notice-aware group averaged 26, compared to 47 for the no-notice cohort.
“It was a huge effect,” says John. “When people weren’t presented with a privacy notice, their purchase interest was about twice that of those who had been shown the privacy notice.”
In another experiment involving a car GPS system, the researchers showed some people a warning about how their location data could be misused. Others received a privacy notice meant to reassure them their data would be used responsibly. When asked about purchase intent, the two groups showed no difference in their willingness to buy. A third group not shown either notice was significantly more likely to purchase.
Interestingly, the researchers found that the participants all rated the monetary value of the product the same—showing they considered the product equally desirable. However, the groups shown the notices reported a lower level of trust, with a rating of 33 compared to 47.
“It’s not that a privacy notice makes you think the product is worthless,” says John. “It’s that you specifically don’t want to buy it because you don’t feel secure.”
Better not to have a policy?
The researchers found, however, that they could manipulate how secure shoppers felt. In the previous studies, researchers had exposed someone to a privacy notice or not—but in their next study, they showed them two products side by side, one with a privacy notice and one without. In this case, the respondents were slightly more inclined to purchase the product with the privacy notice.
“The direct comparison makes you realize that it’s probably not a good thing not to have any privacy policy,” John says. It’s almost as if you had the choice of two banks in a sketchy neighborhood, one with bulletproof glass and one without.
For their last experiment, the researchers consciously tried to craft a privacy notice that would be more reassuring to customers. Again, they tested two conditions separately, one that spoke about the company’s intent to “collect” customer data, and the other that spoke about its desire to “protect” customer information. They even had a separate group of participants read the two policies, and confirm the second policy made them feel safer.
“I would suggest having a privacy policy that is reasonable, but not making it super-salient.”
Once again, participants found no difference in their willingness to buy based on the content of the notice. Meanwhile, a third group, which was shown a link to the company’s privacy notice, but not allowed to view it, was more willing to buy.
“Even when the content of the privacy policy is written in a way that uses reassuring language, it still makes you less interested to buy relative to no promises at all given by the firm,” John concludes.
The results don’t necessarily mean companies shouldn’t have policy notices—after all, given the choice, customers do seem to prefer them. The research does suggest, however, that companies might be better off setting them, and letting customers forget them.
“I would suggest having a privacy policy that is reasonable, but not making it super-salient,” says John. “People who are already thinking about privacy will know where to look for it. For those who aren’t, it’s best not putting it at the top of their mind.”
About the Author
Michael Blanding is a writer based in Boston.
[Image: stockcam]
Related Reading
- Warning: Scary Warning Labels Work!
- What’s the Antidote to Surveillance Capitalism?
- Would You Live in a Smart City Where Government Controls Privacy?
Do you pay attention to privacy policies?
Share your insights below.