The Internet was in an uproar recently about a tweet from Netflixâ€™s official account spotlighting (and shaming) 53 of its users for watching a specific Christmas movie on 18 consecutive days. Spotify has come under fire for running similar ads about its own usersâ€™ listening habits. Privacy advocates and consumers alike decried the marketing tactics as â€ścreepy.â€ť
The ads arenâ€™t whatâ€™s creepy, though. Reality is creepy. But we can fix it.
Itâ€™s true that, generally, companies like Spotify and Netflix are collecting more and more data on consumers. But thatâ€™s not the real problem. The real problem is a disconnect between privacy reality and privacy expectations.
The negative reaction to Netflixâ€™s tweet and Spotifyâ€™s ads shows that the average consumer likely does not realize the sheer amount of data that such services collect on every single user. Essentially, almost every Internet-related company collects a significant amount of data on its users - from your ISP collecting browsing history (even in incognito mode!) to half the apps on your phone collecting data through hidden trackers. You have probably encountered the phenomenon of looking at a product for sale somewhere online and then being offered ads for that product or that brand everywhere you go on the Internet afterward. This happens because web trackers embedded in common online advertising networks follow you around as you visit different sites across different devices.
There are, of course, legitimate reasons companies like Netflix and Spotify collect and use large amounts of user data. Netflix uses viewersâ€™ watching preferences to influence development of new movies and television shows. Did you love â€śStranger Things?â€ť Then you should probably thank Netflixâ€™s collection and use of user data to create new shows based on what genres, actors and directors existing users already enjoy watching.
But the negative public reaction does reveal some lessons tech companies and individuals can follow to bridge the gap between privacy expectations and privacy reality.
Companies should recognize their responsibility to their users and to the broader goal of creating a strong environment that supports privacy protection for future generations.
All companies, but especially tech companies, must invest in maintaining strong privacy and cybersecurity protections, including implementing Privacy by Design protocols in product development, enforcing internal guidelines and training on privacy and data security, and publishing clear and accurate privacy policies.
As technology progresses, it is likely that companies will collect increasingly large amounts of data on users. To fix the disconnect between consumer privacy expectations and actual privacy reality, consumers need more information from the industry to fully understand how consumer data can be used for good (or bad). Modern, tech-savvy consumers can be sophisticated enough to understand that giving up data to companies often yields benefits, like more tailored services. Itâ€™s up to tech companies to be better at telling that story and educating the public on how consumer data can be used to help the rest of us.
Consumers can take simple steps to educate themselves on privacy and protect their data. Periodically check the privacy settings for your mobile devices and turn off permissions for apps that donâ€™t need
Being aware of how your data is being used is the first step to bridging the gap between consumer expectations of privacy and actual practice.
Whatâ€™s at stake here isnâ€™t whether Spotify or Netflix will be able to run â€ścreepyâ€ť marketing campaigns in the future. The choices companies and individuals make regarding privacy today will affect how our society understands privacy expectations in the future.
Tiffany Li is an attorney and resident fellow at the Information Society Project at Yale Law School.