Privacy for Sale, Questioning Consent & AI Regulation: Feb 2023 Newsletter

Privacy for Sale: ‘Pay-for-Data’ Arrangements for a Post-Cookie World

Will consumers trade personal information for direct compensation? Forrester notes that new B2C startups, looking forward to a post-cookie world, are increasingly implementing measures for increased zero-party data collection, including direct ‘pay-for-data’ arrangements where customers are remunerated for voluntarily sharing specific kinds of personal information with brands.  New apps featuring these pay-for-data arrangements include Caden, TIKI, Tapestri, and Invisibly, each offering a range of benefits,  from free access to paywalled media content, to direct cash rewards for access to users’ mobile-device data.

Our Take

First-Party Loyalty Programs—many of which provide rewards and incentives for increased access to customer information—are nothing new. But both B2C and B2B loyalty/rewards programs are also increasingly being targeted by both the FTC as well as California’s Attorney General’s office (newly empowered by CCPA) for abusive business practices as well as lack of transparency with end users.  They have also been a popular target by hackers and data thieves who see them as easy-to-exploit, one-stop-shops for troves of user personal information, as well as cash equivalent forms of data (like loyalty ‘points’ or coupon codes) that can be sold in dark-web exchanges. Whether these new business models will survive scrutiny in a regulatory environment demanding greater transparency remains to be seen.

UPenn Study Argues ‘Americans Can’t Consent’ to Uses of Personal Data they Fundamentally Don’t Understand

UPenn’s Annenberg School for Communication has released a research report arguing “Consent” has become a broken concept in the online economy.  

“Genuine opt-out and opt-in consent requires that people have knowledge about commercial data-extraction practices as well as a belief they can do something about them…discoveries from our survey paint a picture of an unschooled and admittedly incapable society that rejects the internet industry’s insistence that people will accept tradeoffs for benefits and despairs of its inability to predictably control its digital life ”

The report makes a case that even recently-enacted state privacy regulatory frameworks (like California’s and others) are insufficient in that they presume consumers have the ability to make informed and rational choices about data sharing.

Our Take

The piece makes a case for “a paradigm shift in information-economy law and corporate practice,” which, while compelling as theory, has little likelihood of influencing lawmakers or business leaders, who —even when sympathetic—are constrained by the legal frameworks we already have. Furthermore, they have enough of a challenge to make incremental improvements to these legal frameworks, as ongoing debates around Federal data privacy laws like ADDPA have shown.

Are Regulators Ready for the AI Arms Race?

With Microsoft’s recent acquisition of OpenAI and rapid implementation of its ChatGPT tool into its Bing search-engine functionality (followed by Google’s Me-Too launch of Bard), lawmakers are coming to grips with the reality that technology is quickly moving beyond the scope of existing regulatory frameworks.  While primary concerns at the moment are around issues of national security and potential for spread of ‘disinformation’, data-privacy risks are also coming to the forefront, as Amazon warns its employees against use of the tools after discovering confidential company information appearing in ChatGPT results.

Our Take

It’s unlikely DC will make any immediate changes to the current self-regulatory environment around AI tools until examples of adverse events using the technology make themselves apparent.  But those examples may not be far-off; the boom in government services fraud during the COVID pandemic has prompted many in Congress to pay greater attention to how new technologies have enabled information abuse at scale, and rules around stricter identity authentication may eventually result in requirements that AI tools disclose themselves as such to 3rd parties.

3 Personal Information Insights to Help Companies Protect Themselves Against Hackers

How does personal information removal help companies protect themselves against hackers? To answer this question, DeleteMe’s CEO Rob Shavell sat down with ethical hacker Rachel Tobac in a recent webinar. 

The full recorded version of this webinar is available for download. If you are responsible or concerned about your organization’s cyber security (or executive safety) in 2023, it’s unmissable. 

Check Out Our Latest Guides

• Data Broker Opt-Outs for CEO Fraud Prevention
• The Ultimate Guide to Executive Privacy and Executive Security Online

DeleteMe in the News

• Check out our running log of DeleteMe in the news in 2023.

Upcoming Events

• DeleteMe @ SecureWorld Boston 2023 [March 22 – 23]