What Californians Understand about Privacy Online

The volume of online commerce grows every year, in absence of a federal law setting baseline protections for the collection, use, and disclosure of personal information. Instead, information collected by websites are governed by individual privacy policies.In order to gauge Californians' understanding of privacy policies and default rules in the online environment, we commissioned a representative survey of adults in the State (N=991). The telephonic survey of Spanish and English speakers was conducted by the Survey Research Center of University of California, Berkeley.A gulf exists between California consumers' understanding of online rules and common business practices. For instance, Californians who shop online believe that privacy policies prohibit third-party information sharing. A majority of Californians believes that privacy policies create the right to require a website to delete personal information upon request, a general right to sue for damages, a right to be informed of security breaches, a right to assistance if identity theft occurs, and a right to access and correct data.These findings show that California consumers overvalue the mere fact that a website has a privacy policy, and assume that websites carrying the label have strong, default rules to protect personal data. In a way, consumers interpret "privacy policy" as a quality seal that denotes adherence to some set of standards. Website operators have little incentive to correct this misperception, thus limiting the ability of the market to produce outcomes consistent with consumers' expectations. Drawing upon earlier work, we conclude that because the term "privacy policy" has taken on a specific meaning in the minds of consumers, its use should be limited to contexts where businesses provide a set of protections that meet consumers' expectations.