Another data point on social media privacy

The buzz about privacy protections in social media research has fallen off some since August's Great Privacy Debate. That doesn't mean the issue is settled by any means, only that the professional and trade associations who have been driving the debate have taken the feedback they've gotten and to one degree or another are back at the drawing board.

For me the key issue is not traditional survey research ethics, Terms of Use or legislative privacy protections. It's really about the expectations of social media participants. The industry's future will be bleak if we rely on methods that rightly or wrongly appear to abuse our research subjects. In this connection most of the survey data I've seen say that people have expectations about privacy in social media that are at odds with those of at least some MR practitioners.

So I found this little piece in The Market Research Bulletin to be interesting. In it some folks from Maritz report on a survey of Twitter users suggesting that when someone complains about a brand on Twitter the vast majority of those people hope that the brand follows up with them. I guess it's a cry for help. Only about a third report such follow-up and of that third 80% plus are pleased that they did. So in this instance there does not seem to be an expectation of privacy. They might not like it if their tweet is featured in a commercial, but they like the personal attention.

While I like the study I feel compelled to cry "foul" on a methodological point. The methodology description includes an estimate of sampling error which makes no sense with a nonprobability panel. While this is an all too common misuse of the statistic in MR it's a bit more objectionable here given that in the next paragraph Maritz boasts (justifiably) that they are ISO 20252 certified and the standard clearly specifies that standard error should only be calculated for probability samples.

Nonetheless, it's still an interesting little study.

Addendum on Internet penetration and privacy expectations

A couple of weeks back I posted some data from an SSI survey in a number of Asian countries in which respondents were asked about the degree to which they agree or disagree with this statement:

Companies should be allowed to collect information from social networking sites when it is posted online in a public forum.

I did a quick correlation of percent agree (completely agree plus somewhat agree) with Internet penetration and came up with -.95.  In other words, the higher the country's Internet penetration the less likely they are to agree that that companies should be allowed to collect information from social networking sites when it is posted online in a public forum. From this I concluded that the more mainstream Internet penetration becomes the greater expectation of privacy in social media. Pete Cape from SSI then sent me data on the seven major EU countries to add into the Asia data to redo the exercise. I did that and the correlation fell to -.83. I only have an N of 13 but nonetheless I think my previous conclusion stands, my hypothesis confirmed. 

The other striking thing about these data is how few people agree with that statement, especially in the EU and US.


Geeks don’t care about privacy but real people do

Yesterday a colleague in our Hong Kong office passed on a few screen captures from an ESOMAR/SSI webinar on social media use in Asia. Given all of the recent hubbub about social media research and privacy I found this one to be especially interesting.    ScreenHunter_09 Sep. 01 15.31 As I have written here before, the argument the industry is having often comes down to disagreement about people's expectations when they post something on a social networking site.  For me, at least, the intriguing thing about these data is not the clear expectation of privacy in the US and the EU—I think most of us already knew that--but rather how to explain the sometimes dramatic differences among countries. I ran through various explanations in my head including culture, level of economic development, political system, etc. and none seemed to work. There was always an exception or two.

And then it hit me: Internet penetration! So I did a quick correlation of percent agreeing that "companies should be allowed to collect information from social networking sites when it is posted online in a public forum" with Internet penetration as reported by Internet World Stats. I know, only seven observations but bear with me. The correlation is -.96. So the more Internet use goes mainstream the greater the expectation of privacy.  Early Internet adopters don't care about privacy or at least accept it as a risk of being online, but real people do care and expect protection.

Privacy:not dead yet

I find it surprising that with all of the online chatter pre, post and during "The Great Privacy Debate" no one seems to have mentioned current happenings with Facebook and Google+. Sooner or later the online privacy debate almost always comes down to the assertion that people don't care about privacy any more, that it's gone the way of the hula hoop. Hula hoops

That's just nonsense and Google agrees. They learned the hard way with Google Buzz that there are lots and lots of people who want to be able to control who knows what about them. That learning is evident in the release of Google+ which has featured increased privacy protection as a major differentiator from Facebook. The point is not lost on Facebook as it scrambles to overhaul its privacy controls in response to what Google+ is offering. Of course, this sort of scrambling and backtracking on privacy is nothing new at Facebook. Do a Google search on facebook+apology+privacy and you'll get 11 million hits.  It's getting harder and harder to trick people into sharing what they don't want to share, at least publically.

I'm not about to defend the Google privacy policy which has a whole set of its own problems. My point is that they at least know that privacy is an issue with people and if you want to attract and retain users you need to deal with it in a straightforward way. I expect every other social networking site knows that as well but most choose to address it only when forced. There is a lesson here for our industry as well.

Keep your hands off my PII!

I was on vacation last week and while I was away the debate about research ethics and privacy, especially in the context of social media research, seems to have really heated up. (There is an online panel of worthies on this topic planned for next Monday. If you've not already done so you can get up to speed quickly and also get your ticket to the debate here.) The triggering event seems to have been the recent release of proposed ethical guidelines for social media research from CASRO, ESOMAR, and MRS. Opinions on the wisdom of these guidelines are all over the place but most of the noise in the online echo chamber where I live has come from people who worry that implementation of these guidelines will deal a death blow to the industry. More specifically, they worry that the guidelines will make it impossible for us to compete against companies outside of the traditional market research space who do not share our quaint twentieth century ideas about research participants' right to privacy and other human subject protections.

I confess that I am not particularly persuaded by arguments that focus on the potential financial rewards (or punishments) that might flow from one ethical stand versus another. Ethics are the province of principles and in research I think there are at least two that are timeless:

  1. Do no harm, that is, participants should suffer no consequences for having been research subjects.
  2. Do not sell, that is, remember that our job is to help clients understand their marketplace not to deliver prospects.

At least in the abstract I don't see how either of these necessarily conflicts with our ability to do good insightful observational research via social media. We should be able to define ethical practices for almost any kind of research and still be true to these principles. On the specifics of the current controversy, I think the MRS probably has gone too far in proposing that informed consent be required under any and all circumstances.  There are valid exceptions that many have pointed out. I am less sure about CASRO's and ESOMAR's masking requirements, especially where sound bites are concerned since masking them can easily dilute their meaning and research value. That's a discussion worth having. Other forms of PII (names, pictures, etc.) are in my mind more clear cut.

The larger worry for me is the deaf ear many in the industry are turning to the public's obvious concern about online privacy. The regular dustups we see when this site or that site changes its privacy policy should be all the evidence we need to convince us that people genuinely care about this stuff. Painfully long Terms of Use and privacy policies to the contrary, we all know that most people don't read them and only understand the consequences when they suddenly feel that their privacy has been compromised. Look no further than the latest Linkedin kerfuffle for the most recent example.

Whether we like it or not legislatures will draw the boundaries on privacy issues and the principal avenue available to us to impact that legislative process runs through our industry and professional associations. The shared belief among them, reinforced by past success, is that the most effective way to avoid the kind of smothering regulation that people fear is through compelling and effective self-regulation. They are not trying to stifle innovation, roll back the clock or destroy the industry. They are doing their best to protect it. In this they know more than most of us, or at least me.