Back to Gartner for Marketers Blog

How Much Would You Pay for Privacy

By Jennifer Polk | January 14, 2014 | 4 Comments

Last week, an article reported a class-action lawsuit against Facebook and allegations that the social network was selling data from private user messages to advertisers.  This is certainly not the first, nor will it be the last, accusation that a social networking site has collected and leveraged user data without clear communication to and agreement from its users.  Not only are consumers faced with the risk that a site might gather and sell their data without their knowledge or approval, but they also face the threat of social networks and other sites being hacked and their data being stolen and misused.

Most recently Snapchat, Target and Neiman-Marcus suffered security breaches that resulted in of users’ and consumers’ accounts being exposed. While these breaches aren’t the same as intentionally mining and selling private data, they may’ve resulted from insufficient investments in data security. Snapchat, for example, was warned a week before they were hacked that their code posed a security risk.  Social and ecommerce sites take steps to minimize security risks and mitigate tangible and intangible losses if a breach occurs, but are they doing enough? Is there a market for users to pay for guaranteed privacy?

The number of sites, apps and data access points is increasing. The volume of data shared is growing. Hackers are devising new methods of breaching security safeguards. Companies are investing just enough to meet legal requirements while maintaining margin. Is it time to take new, drastic measures, such as privatizing data security and privacy? Creating an exchange where people can track and manage their exposure? Pulling back the curtain, aggregating and reveal which companies have access to what data? Turning over control to users by giving them a single site where they can opt out of services, take educational courses to help them protect themselves or pay for better protection—thereby subsidizing costs of losses?

Cyber Security

These are just a few suggestions, but the overarching theme is that we now live in an information economy where more data is being mined, collected and traded everyday and where the owners of that data—consumers—know precious little about what is being collected, who gets to use it and how. As long as that is the case, individuals face the threat of having their data exploited. Companies and financial institutions face the threat of security breaches, erosion of consumer confidence and millions of dollars in financial losses. It’s time to share the control and responsibility for managing consumer data privacy and security with consumers.

Comments are closed


  • Jono says:

    It’s just far easier if we, as consumers, don’t expect privacy. The phrase ‘right to privacy’ is often touted in the outcries against sale of personal information; in reality we have no such right. We would like to think that our information isn’t used to make others money, but it’s naive to assume as such. If we want an online presence, the fact of the matter is we are offering up our lives to thousands of companies that will use that data however they see fit.

    We have very few rights on the internet. What makes people think privacy is among them?

  • Great article, Jennifer. It would be great if we had a marketplace where individuals and buyers would connect, and there is a transparent mechanism for exchanging data. Those who need user data can present a value for their data, and users can decide whether they can share or not. They should be able to revoke data sharing at any point of time.

    The other big opportunity is tracking user consent with the organizational data mine. If user had said no to sharing when registering with the service provider, how does the provider track it and protect the user data internally?

    • Thanks for your comment Balaji. You pose a really good question about how organizations track user consent internally. We would certainly need to address that challenge before any type of shared exchange system could be developed.

  • Hans Willems says:

    Balaji, already some companies store user consent in a single Big Customer Affinity Data set. This source is checked before any information exchange or user interaction.

    Google and Facebook have build their own sets and applications and use them to drive online customer engagement (although you can argue if they are transparant enough about the use of your data). The rest of us has to rely on – the first – commercially available solutions.