Editing Consumer privacy

{{Short description|Data collection practices on people}}
{{more citations needed|date=September 2012}}

'''Consumer privacy''' is [[information privacy]] as it relates to the consumers of products and services.

A variety of social, legal and political issues arise from the interaction of the public's potential [[expectation of privacy]] and the collection and dissemination of [[data]] by [[business]]es or [[merchant]]s.<ref>{{Cite journal|last1=Foxman|first1=Ellen R.|last2=Kilcoyne|first2=Paula|date=March 1993|title=Information Technology, Marketing Practice, and Consumer Privacy: Ethical Issues|journal=Journal of Public Policy & Marketing|volume=12|issue=1|pages=106–119|doi=10.1177/074391569501200111|s2cid=158361537|issn=0748-6766}}</ref> [[Consumer]] privacy concerns date back to the first commercial [[courier]]s and bankers who enforced strong measures to protect customer privacy. In modern times, the [[ethical code]]s of various professions specify measures to protect customer privacy, including [[medical privacy]] and [[client confidentiality]]. State interests include matters of [[national security]]. Consumer concerned about the invasion of individual information, thus doubtful when thinking about using certain services.<ref>{{Cite journal |last1=Cao |first1=Gaohui |last2=Wang |first2=Ping |date=2022-05-16 |title=Revealing or concealing: privacy information disclosure in intelligent voice assistant usage- a configurational approach |url=https://www.emerald.com/insight/content/doi/10.1108/IMDS-08-2021-0485/full/html |journal=Industrial Management & Data Systems |language=en |volume=122 |issue=5 |pages=1215–1245 |doi=10.1108/IMDS-08-2021-0485 |s2cid=248313942 |issn=0263-5577|url-access=subscription }}</ref> Many organizations have a competitive incentive to collect, retain, and use customer data for various purposes, and many companies adopt [[security engineering]] measures to control this data and manage customer expectations and legal requirements for consumer privacy.

'''Consumer privacy protection''' is the use of laws and regulations to protect individuals from privacy loss due to the failures and limitations of corporate customer privacy measures. Corporations may be inclined to share data for commercial advantage and fail to officially recognize it as sensitive to avoid [[legal liability]] in the chance that lapses of security may occur. Modern consumer privacy law originated from telecom regulation when it was recognized that a [[telephone company]] had access to unprecedented levels of information. Customer privacy measures were seen as deficient to deal with the many hazards of corporate [[data sharing]], [[Mergers and acquisitions|corporate mergers]], [[employee turnover]], and theft of data storage devices (e.g., [[hard drives]]) that could store a large amount of data in a portable location.

Businesses have consumer data and information obtained from consumer and client purchases, products, and services. Thus, businesses have the responsibility to keep these data and information safe and confidential. Consumers expect that businesses will take an active stance when protecting consumer privacy issues and supporting confidential agreements.<ref>{{Cite news |last=Morey |first=Timothy |last2=Forbath |first2=Theodore “Theo” |last3=Schoop |first3=Allison |date=2015-05-01 |title=Customer Data: Designing for Transparency and Trust |url=https://hbr.org/2015/05/customer-data-designing-for-transparency-and-trust |access-date=2024-04-22 |work=Harvard Business Review |issn=0017-8012}}</ref>{{Citation needed|date=November 2020}} Whether a firm provides services or products to consumers, firms are expected to use methods such as obfuscation or encoding methods to cover up consumer data when analyzing data or trends for example. Firms are also expected to protect consumer privacy both within the organizations themselves and from outside third entities including third party providers of services, suppliers who provide product components and supplies, and government institutions or community partnership organizations. In addition, businesses are sometime required to provide an agreement/contract to service clients or product consumer that states customer or client information and data will be kept confidential and that it will not be used for advertising or promotional purposes for example. The US government, including the FTC, have [[consumer protection]] laws like The [[Telephone Consumer Protection Act]] and Data Transparency and Privacy Act. Individuals States have laws and regulation that protect consumers as well. One example of this is The [[California Consumer Privacy Act]].

== Legislation ==
Consumer privacy concerns date back to the first commercial [[courier]]s and [[bank]]ers who enforced strong measures to protect customer privacy. Harsh punitive measures were passed as the result of failing to keep a customer's information private. In modern times, the [[ethical code]]s of most professions specify privacy measures for the consumer of any service, including [[medical privacy]], [[client confidentiality]], and [[national security]]. These codes are particularly important in a [[carceral state]], where no privacy in any form nor limits on [[State (polity)|state]] oversight or data use exists.<ref>{{Cite journal|last=Lee|first=Dong-Joo|date=June 2011|title=Managing Consumer Privacy Concerns in Personalization: A Strategic Analysis of Privacy Protection|journal=MIS Quarterly|volume=35|issue=2|pages=428–A8|doi=10.2307/23044050|jstor=23044050}}</ref> ''Corporate customer privacy practices'' are approaches taken by commercial organizations to ensure that confidential customer data is not stolen or abused.<ref name=Siam>{{Cite journal|last=Siam|first=Kayla|date=2017|title=Coming to a Retailer near You: Consumer Privacy Protection in Retail Bankruptcies|url=http://connection.ebscohost.com/c/articles/124102448|journal=Emory Bankruptcy Developments Journal|volume=33|pages=487–521}}{{Dead link|date=November 2019 |bot=InternetArchiveBot |fix-attempted=yes }}</ref> Since most organizations have strong competitive incentives to retain exclusive access to customer data, and since customer trust is usually a high priority, most companies take some [[security engineering]] measures to protect customer privacy. There is also a concern that companies may sell consumer data if they have to declare bankruptcy, although it often violates their own privacy policies.<ref name=Siam/>

The measures companies take to protect consumer privacy vary in effectiveness, and would not typically meet the much higher standards of [[client confidentiality]] applied by [[ethical code]]s or [[legal code]]s in [[banking]] or [[law]], nor [[patient privacy]] measures in medicine, nor rigorous [[national security]] measures in military and [[Intelligence agency|intelligence organizations]]. The [[California Consumer Privacy Act]], for example, protects the use of consumer privacy data by firms and governments. This act makes it harder for firms to extract personal information from consumers and use it for commercial purposes. Some of the rights included in this act include:<ref>{{Cite web |date=2018-10-15 |title=California Consumer Privacy Act (CCPA) |url=https://oag.ca.gov/privacy/ccpa |access-date=2024-02-23 |website=State of California - Department of Justice - Office of the Attorney General |language=en}}</ref>

* The right to know about the personal information a business collects about them and how it is used and shared
* The right to delete personal information collected from them (with some exceptions)
* The right to opt-out of the sale or sharing of their personal information
* The right to non-discrimination for exercising their CCPA rights

Since companies operate to generate a [[Profit (accounting)|profit]], commercial organizations also cannot spend unlimited funds on precautions while remaining competitive; a commercial context tends to limit privacy measures and to motivate organizations to share data when working in partnership. The damage done by privacy loss is not measurable, nor can it be undone, and commercial organizations have little or no interest in taking unprofitable measures to drastically increase the privacy of customers. Corporations may be inclined to share data for commercial advantage and fail to officially recognize it as sensitive to avoid legal liability in the chance that lapses of security may occur. This has led to many [[moral hazard]]s and customer [[privacy violation]] incidents.<ref>{{Cite journal|last=Vagle|first=Jeffrey L|title=Cybersecurity and Moral Hazard|journal=Stanford Technology Law Review|volume=67|issue=2020|pages=71–113}}</ref>

Some services—notably [[telecommunications]], including [[Internet]]—require collecting a vast array of information about users' activities in the course of business, and may also require consultation of these data to prepare [[Invoice|bills]]. In the US and Canada, telecom data must be kept for seven years to permit dispute and consultation about phone charges. These sensitivities have led telecom regulation to be a leader in consumer privacy regulation, enforcing a high level of confidentiality on the sensitive customer communication records. The focus of consumer rights activists on the telecoms industry has super-sided as other industries also gather sensitive consumer data. Such common commercial measures as software-based [[customer relationship management]], rewards programs, and [[target market]]ing tend to drastically increase the amount of information gathered (and sometimes shared).  These very drastically increase privacy risks and have accelerated the shift to regulation, rather than relying on the corporate desire to preserve goodwill.{{citation needed|date=July 2019}}

Concerns have led to consumer privacy laws in most countries, especially in the [[European Union]],<ref>{{Cite book |last=Skiera |first=Bernd |url=https://www.worldcat.org/oclc/1303894344 |title=The impact of the GDPR on the online advertising market |date=2022 |others=Klaus Matthias Miller, Yuxi Jin, Lennart Kraft, René Laub, Julia Schmitt |isbn=978-3-9824173-0-1 |location=Frankfurt am Main |oclc=1303894344}}</ref> [[Australia]], [[New Zealand]] and [[Canada]]. Notably, among developed countries, the [[United States]] has no such law and relies on corporate customer privacy disclosed in privacy policies to ensure consumer privacy in general. Modern privacy law and regulation may be compared to parts of the [[Hippocratic Oath]], which includes a requirement for doctors to avoid mentioning the ills of patients to others—not only to protect them, but to protect their families— and also recognizes that innocent third parties can be harmed by the loss of control of sensitive personal information.<ref>{{Cite journal|last=Hajar|first=Rachel|date=2017|title=The Physician's Oath: Historical Perspectives|journal=Heart Views |volume=18|issue=4|pages=154–159|doi=10.4103/HEARTVIEWS.HEARTVIEWS_131_17|issn=1995-705X|pmc=5755201|pmid=29326783 |doi-access=free }}</ref><ref>{{Cite journal|last1=Indla|first1=Vishal|last2=Radhika|first2=M. S.|date=April 2019|title=Hippocratic oath: Losing relevance in today's world?|journal=Indian Journal of Psychiatry|volume=61|issue=Suppl 4|pages=S773–S775|doi=10.4103/psychiatry.IndianJPsychiatry_140_19|issn=0019-5545|pmc=6482690|pmid=31040472 |doi-access=free }}</ref>

Modern consumer privacy law originated from telecom regulation when it was recognized that a [[telephone company]]—especially a [[monopoly]] (known in many nations as a [[Postal, telegraph and telephone service|PTT]])—had access to unprecedented levels of information: the direct customer's communication habits and correspondents and the data of those who shared the household. Telephone operators could frequently hear conversations—inadvertently or deliberately—and their job required them to dial the exact numbers. The data gathering required for the process of billing began to become a privacy risk as well.  Accordingly, strong rules on operator behaviour, customer confidentiality, records keeping and destruction were enforced on telephone companies in every country. Typically only police and military authorities had legal powers to [[wiretap]] or see records.  Even stricter requirements emerged for various banks' electronic records. In some countries, [[financial privacy]] is a major focus of the economy, with severe criminal penalties for violating it.{{citation needed|date=July 2019}}

==History==
===1970s===
Through the 1970s, many other organizations in [[developed nation]]s began to acquire sensitive data, but there were few or no regulations in place to prevent them from sharing or abusing the data.  Customer trust and goodwill were generally thought to be sufficient in first-world countries, notably the [[United States]], to ensure the protection of truly sensitive data;  ''[[caveat emptor]]'' was applied in these situations. But in the 1980s, smaller organizations also began to get access to computer hardware and software, and these simply did not have the procedures or personnel or expertise, nor less the time, to take rigorous measures to protect their customers.  Meanwhile, via [[target marketing]] and [[rewards programs]], companies were acquiring ever more data.{{citation needed|date=July 2019}}<ref>{{Cite journal|last=Foxman, Ellen R., and Paula Kilcoyne|date=March 1, 1993|title=Information Technology, Marketing Practice, and Consumer Privacy: Ethical Issues|journal=Journal of Public Policy & Marketing|volume=12|pages=106–119|doi=10.1177/074391569501200111|s2cid=158361537}}</ref>

Gradually, customer privacy measures were seen as deficient to deal with the many hazards of corporate data sharing, corporate mergers, [[employee turnover]], and theft of data storage devices (e.g. [[hard drives]]) that could store a large amount of data in a portable location. Explicit regulation of consumer privacy gained further support, especially in the [[European Union]], where each nation had laws that were incompatible (e.g., some restricted the [[data collection]], the data compilation and the [[data dissemination]]); it was possible to violate privacy within the EU simply doing these things from different places in the [[European Common Market]] as it existed before 1992.{{citation needed|date=July 2019}}<ref>{{Cite journal|last=Papacharissi, Zizi, and Jan Fernback|title=Online privacy and consumer protection: An analysis of portal privacy statements|journal=Journal of Broadcasting & Electronic Media}}</ref>

===1990s===
Through the 1990s, the proliferation of [[mobile telecom]], the introduction of [[customer relationship management]], and the use of the [[Internet]] in [[developed nation]]s brought the situation to the forefront, and most countries had to implement strong consumer privacy laws, often over the objections of business. The [[European Union]] and [[New Zealand]] passed particularly strong laws that were used as a template for more limited laws in [[Australia]] and [[Canada]] and some states of the [[United States]] (where no federal law for consumer privacy exists, although there are requirements specific to banking and telecom privacy). In [[Austria]] around the 1990s, the mere mention of a client's name in a semi-public social setting was enough to earn a junior bank executive a stiff jail sentence.<ref>{{Cite web|date=2016-06-22|title=Consumer Privacy: Meaning, Principles and Example|url=https://www.businessmanagementideas.com/crm/consumer-privacy-meaning-principles-and-example/3662|access-date=2020-12-06|website=Essays, Research Papers and Articles on Business Management|language=en-US}}</ref>

===2000s===
After the [[September 11, 2001, terrorist attacks|terrorist attacks]] against the [[United States]] on [[September 11, 2001, terrorist attacks|September 11, 2001]], privacy took a back-seat to [[national security]] in legislators' minds.  Accordingly, concerns of consumer privacy in the [[United States]] have tended to go unheard of as questions of citizen privacy versus the state, and the development of a [[police state]] or [[carceral state]], have occupied advocates of strong privacy measures. Whereas it may have appeared prior to 2002 that commercial organizations and the consumer data they gathered were of primary concern, it has appeared since then in most [[developed nation]]s to be much less of a concern than [[political privacy]] and [[medical privacy]] (e.g., as violated by [[biometrics]]).  Indeed, people have recently been [[No Fly List|stopped at airports]] solely due to their political views, and there appears to be minimal public will to stop practices of this nature.{{citation needed|date=July 2019}} The need for stricter laws is more pronounced after the American web service provider, Yahoo admitted that sensitive information (including email addresses and passwords) of half a billion users was stolen by hackers in 2014. The data breach was a massive setback for the company and raised several questions about the revelation of the news after two years of the hacking incident.<ref>{{Cite news|url=https://www.theguardian.com/technology/2016/sep/23/yahoo-questinos-hack-researchers|title=Yahoo faces questions after hack of half a billion accounts|date=23 September 2016|work=The Guardian}}</ref>

== See also ==
{{Div col|colwidth=20em}}
* [[Big data]]
* [[Information privacy]]
* [[Information technology management]]
* [[Management information systems]]
* [[Privacy]]
* [[Privacy law]]
* [[Privacy policy]]
* [[Personally identifiable information]]
{{Div col end}}

== References ==
{{Reflist}}

{{Privacy}}

[[Category:Consumer]]
[[Category:E-commerce]]
[[Category:Privacy]]