When Should We Hit the Panic Button on Privacy Concerns?

ITIF‘s latest report—“The Privacy Panic Cycle: A Guide to Public Fears About New Technologies”—analyzes the stages of public fear that accompany new technologies. Fear begins to take hold when privacy advocates make outsized claims about the privacy risks associated with new technologies. Those claims then filter through the news media to policymakers and the public, causing frenzies of consternation before cooler heads prevail, people come to understand and appreciate innovative new products and services, and everyone moves on. This phenomenon has occurred many times—from the portable Kodak Camera in 1888 to the  commercial drones of today. And yet, even though the privacy claims made about technology routinely fail to materialize, the cycle continues to repeat itself with many new technologies.

The privacy panic cycle breaks down into four stages:

1. In the “Trusting Beginnings” stage, the technology has not been widely deployed and privacy concerns are minimal. This stage ends when privacy fundamentalists, a term coined by the noted privacy researcher Alan Westin, begin raising the alarm creating a “Point of Panic.”
2. In the “Rising Panic” stage, the media, policymakers, and others join the privacy fundamentalists in exacerbating concerns until these fears hit their peak at the “Height of Hysteria.
3. The “Deflating Fears” stage takes place as consumers begin to interact with the technology and understand its benefits, and concerns begin to fade until the “Point of Practicality.”
4. Finally, in the “Moving On” stage, the majority of the public no longer fears the technology and has come to appreciate its benefits.

As ITIF Vice President Daniel Castro explained at an event to discuss the report, policymakers should not jump to conclusions when they are confronted with polls that highlight heightened public concern over the privacy harm of technologies because we have seen time and again that those fears rarely materialize. Rather than legislating to prevent hypothetical harms, policymakers should intervene when there is clear privacy harm.

There was general agreement among the panelists that policymakers should be careful not to jump to conclusions about privacy concerns for private sector technologies. Morgan Reed, the executive director of the App Association, explained that there is often information asymmetry between customers and businesses, where a customer does not understand why a specific service requires access to their information. For example, Spotify faced a backlash from various publications for changing its privacy statement without clarifying why it wanted access to its users’ data that sent its customers into a panic. Once the company explained its new policy, many fears were assuaged. The panelists agreed that one challenge is how best to explain services to customers so that the “Point of Panic” is never reached.

However, some panelists felt there was a difference between privacy concerns stemming from the public sector versus the private sector. Carl Szabo, policy counsel for NetChoice, said government uses of technology often come with privacy concerns that the free market forces would otherwise address if it were a private sector technology. Reed expressed concern that the government could use the report as justification for its privacy violations. All of the panelists agreed, noting there should be more care taken when evaluating privacy concerns associated with government use of technology.

So what is next? Adam Thierer, a senior research fellow with the Mercatus Center at George Mason University, suggested advocates and policymakers need a better way to decide when it is necessary to actually hit the “panic button,” alerting the majority of the public to concerns over a technology and revving up the privacy panic cycle. The panelists also discussed the need for research on how to reduce the impact of the cycle when it does occur, especially if it occurs over false or anticipated claims.

As Castro noted, the goal of this report is not to vilify privacy fundamentalists, as they serve an important role in identifying consumer harm, but instead is to urge privacy groups to focus on realized rather than anticipated harms. Furthermore, privacy groups can have greater effect finding solutions if they work with the company to solve problems rather than cause panic by immediately launching a new panic cycle.

Want to learn more? Don’t panic. Watch the event video here.