Consumers comprehensively reject the practice of brands, publishers and platforms tracking their internet behaviour without their explicit consent, according to research commissioned by Which-50.

Yet few sites or services allow for this, and instead assume implicit acceptance based on terms and conditions which few consumers have read — and even fewer understood.

The results represent the complete repudiation of a set of standard practices that the industry calls data marketing, but critics increasingly refer to as surveillance capitalism.

Which-50 asked Pureprofile to survey 1000 consumers about their attitudes to fairly common advertising-technology (adtech) industry behaviours — such as cookie tracking, device ID tracking, and the purchase of third-party consumer data.

The research builds on another study we conducted in February this year and which we reported in a Cover Story at the time, entitled Now Every Brand Is Creepy As Consumers Overwhelmingly Reject Data Surveillance.

If anything, the latest results seem to indicate a hardening of already hostile consumer attitudes.

According to Paul Robertson the Head of Marketing at ROLLER Software, which provides software to the attractions, entertainment, and leisure venues market, “Many consumers have an understanding they are being tracked but they are not aware of the extent of tracking capabilities.”

Robertson has an added perspective as a marketing trainer. “I teach an email marketing class and when I talk about some of the triggers that can be used for email marketing (such as a person visiting a page on a website), they react in amazement that they can be tracked to that degree. I have also taken business leaders through user experience (UX) software and even they are amazed that you can view a recording of someone’s session when they are on your site. “

“Consumers understand they are being tracked but in my experience, many are not aware of the degree of detail behind tracking capabilities,” he said.

In our study, on most questions consumers indicated — by margins from eight-to-one or nine-to-one — that organisations should not track their behavior without getting explicit permission first.

Further reading:

Starting with the most common technique used by digital marketers — dropping a cookie onto a machine then tracking it around the web — 86 per cent of consumers rejected this. The strongest hostility was among baby boomers, 97 per cent of whom rejected the practice in the absence of explicit permission. But even amongst the most tolerant cohort — Gen Z — the sentiment ran eight-to-one against.

88 per cent of consumers reject cookie tracking, without explicit consent.

Furthermore, 92 per cent of consumers said companies should not be allowed to track their online behaviour on the internet using a unique mobile phone device ID without their explicit permission.

Facebook and Google

The two giant digital platforms that hoover up the bulk of Australia’s digital ad dollars didn’t escape either. Ninety-three per cent of consumers said it was unacceptable for Facebook to track them without explicit permission. Yet Facebook does this all the time, irrespective of whether users are logged in or not, or even whether they are using the site.

The relevant section in its help centre helpfully notes that “If you’re logged into Facebook and visit a web site with the Like button, your browser sends us information about your visit. Since the Like button is a little piece of Facebook embedded on another web site, the browser is sending info about the request to load Facebook content on that page.”

Not logged in? Not even a customer? Facebook is still watching you.

Even if you are logged out, or not even a user, it still tracks you.

On its web site, Facebook acknowledges “If you’re logged out or don’t have a Facebook account and visit a web site with the Like button or another social plugin, your browser sends us a more limited set of info. For example, because you’re not logged into Facebook, you’ll have fewer cookies than someone who’s logged in. Like other sites on the Internet, we receive info about the web page you’re visiting, the date and time and other browser-related info. We record this info to help us improve our products.”

According to Facebook, “As our Data Policy indicates, we use cookies to show you ads on and off Facebook. We may also use the info we receive when you visit a site with social plugins to help us show you more interesting and useful ads.”

The sentiment against Google’s YouTube was actually slightly harsher — though not significantly so, with 94 per cent of consumers demanding explicit consent before the video giant tracked them.

Consumers also overwhelmingly rejected the practice of organisations tracking them using data acquired from third parties — again, unless they explicitly consent to such behaviour.

There is basically no good news for the adtech community in the results. Whichever way you slice the data — age, gender, location — the results are consistent, and consistently bad.

According to Pureprofile COO Melinda Sheppard, “The majority of consumers said it was unacceptable for companies to track their online behaviour without their explicit permission.

Pureprofile COO Melinda Sheppard

“From Gen Z to Baby Boomers, it’s clear from the survey results that a majority of people are very protective of their privacy.

“There were similar results regardless of the proposed mechanism for online behaviour tracking — whether it was Facebook, YouTube, cookies or third parties, more than 90 per cent rejected the notion that companies should be allowed to track them online without prior permission.”

Sheppard says the results demonstrate that by and large, people still fiercely guard their privacy, despite living in an age of oversharing on social media.

Privacy Law

A large majority (70 per cent) of those surveyed said they wanted the definition of personal information in the Australian Privacy Act upgraded to include technical data such as IP addresses, device IDs, or location data.

Around 20 per cent said “no” while the rest didn’t know.

Such a move would extend protections already found in the Telecommunications Act into the Privacy Act. And with sources telling Which-50 that the ACCC wants to move privacy law under consumer law, the implications for marketers are significant.

Sheppard told Which-50 “The reality is the Telecommunications Act already covers technical data such as IP addresses, device IDs, location data, etc. I suspect a large majority of people don’t realise this, which is worrying.”

Consumers want Privacy Act updated.

The Office of the Information Commissioner notes that although not explicitly recognised as personal information under the Privacy Act, information may be explicitly recognised as personal information under other legislation.

For example, under the Telecommunications (Interceptions and Access) Act 1979 (Cth), certain telecommunications data (sometimes referred to as “metadata”) is taken to be personal information for the purposes of the Privacy Act, according to the OIC.

“Such metadata for the purposes of the Telecommunications (Interceptions and Access) Act 1979 includes subscriber and account details for telecommunications services and devices; information about the sources and destinations of communications; the date, time and duration of communications; and the location of equipment or line used in connection with a communication (s 187AA).”

There is an interesting demographic split on this question, however, as Sheppard noted. “Of those who said no to this question, the largest cohort was Gen Z (35 per cent) — which doesn’t come as a surprise given this generation’s approach to privacy. I believe they too aren’t aware of the ‘personal information’ provisions under the Telecommunications Act.”

She said, “Generation Z share everything and anything online — whether it’s checking in to every restaurant they visit or their next visit to the GP. They redefine the term ‘transparency’ with their oversharing nature, where privacy is an afterthought or in most cases under the radar.”

Muscling up

Australia’s regulators are increasingly muscling on privacy. As we reported earlier this year when the ACCC released its report into the impact of digital platforms in Australia it called for reforms to Australian privacy law to bring it in line with current practice. At the time the regulator said it had little faith in the ability or intention of the US tech giants to address the problems on their own.

As further evidence of a more muscular posture, a fortnight ago the ACCC revealed legal proceedings against Google in Australia, alleging the search giant engaged in misleading conduct. It said this included making false or misleading representations to consumers about the personal location data Google collects, keeps and uses.

In August meanwhile, the Office of the Australian Information Commissioner (OAIC) released its 2019/20 corporate plan, in which it described how it intends to increase public trust and confidence in the protection of personal information and access to government-held information.

The OAIC plan set out four strategic priorities for the year ahead:

  • Advance online privacy protections for Australians;
  • Influence and uphold privacy and information access rights frameworks;
  • Encourage and support the proactive release of government-held information;
  • A contemporary approach to regulation.

In the foreword of the plan, Australian Information Commissioner and Privacy Commissioner Angelene Falk wrote, “The plan responds to our changing environment and sets a clear vision: to increase public trust and confidence in the protection of personal information and access to government-held information.”

There be monsters 

We asked Roller Software’s Robinson about the implications if the industry’s tracking capabilities get too far ahead of the consumers’ understanding of those capabilities.

Paul Roberston, Head of Marketing at ROLLER Software
Paul Roberston, Head of Marketing at ROLLER Software

We saw what happened with the Cambridge Analytica situation if people’s data is harvested without their consent. I believe that many people are willing to forgo their privacy if they trade it in for something that is considered valuable to them such as Facebook or a Gmail account.

Robertson said, “On one hand, you could say that people who truly care about their privacy would not have a Facebook or Gmail account. On the other hand, these services are so ubiquitous now that many professionals and people may not be able to live without them.”

He suggested that overreach by the adtech industry could ultimately threaten their business models. “Services such as Facebook and Gmail may switch to a paid model whereby they charge a subscription fee in return for ad-free services. We are already seeing this with ad-free experiences on YouTube Premium. I switched to YouTube Premium last year and I don’t miss the ads at all.”

Disclosure: Which-50 and data

For each visitor to the site, we collect non-personally identifiable information, including but not limited to browser type, version and language, operating system, pages viewed while browsing the site, page access times and referring web site address. This information is used solely internally for the purpose of gauging visitor traffic, trends and delivering personalised content to you while you are at this site.

LinkedIn
Previous post

Neobank customers rate keeping up with technology much more highly than their peers

Next post

GitHub Digs In On ICE Contract

Join the digital transformation discussion and sign up for the Which-50 Irregular Insights newsletter.