Consumers continue to express concerns around data privacy. One important dimension is with online consent.
Someone who has been discussing this topic for some time is data privacy expert and CEO of DataGrail, Daniel Barber. Before co-founding one of today’s top data privacy companies, Barber worked behind the scenes, selling applications with consumer data – making him qualified to unpack this issue, its implications for businesses, and how we can ensure the basic right to privacy is protected.
According to Barber, however you look at it, the way businesses gather consent for cookies and data tracking needs a makeover.
He breaks this down into three areas that require assessment:
Consumers are unaware of what they’re consenting to online
Constantly inundated with banners full of legal jargon, consumers are trigger-happy to agree to using cookies when visiting websites. But do they even know what they’re consenting to?
When surveyed, Barber observes, less than half (46 percent) of respondents based in the U.S. felt at least somewhat confident they understood what cookies are and what they do. Even for those who understand and opt out of their data being tracked, it may not make a difference.
The survey report states: “While most people say they lack a strong knowledge of cookies, more than one in three (36%) claim they are at least somewhat confident they understand what cookies are and how they work.”
Businesses are unintentionally ignoring privacy preferences
A recent audit of 5,000 businesses’ websites revealed that 75 percent of organisations did not honour a person’s right to opt out of being tracked by online trackers.
Barber states that while most businesses are not trying to be malicious, the inherent tracking properties of popular e-commerce add-ons continue tracking data even if the consumer does not consent… and the legal ramifications are real.
Existing legislation creates legal risks
Aside from costly civil lawsuits and big-ticket settlements, data privacy legislation is a patchwork of regulations that make it hard to ensure compliance.
As an example, Barber cities the Vermont data privacy bill which was struck down by the legislature for its private right of action component being “too risky”, while a private right of action has been in place in California for years.