On Consent, Choice, and Check Boxes
Sorting Out the Opt-In v. Opt-Out Debate

Ari Schwartz and Paula J. Bruening
Center for Democracy and Technology

Summary

Whether consumers exercise choice about the secondary use of their infromation through an opt-in or through an opt-out mechanism has been among the most debated issues related to Internet privacy. Resolution of this difficult-to-explain and often confusing question depends upon some simple realities:

While the debate about consumer consent and choice may appropriately be framed in terms of opt-in and opt-out, this distinction does not take into consideration the wide range of available mechanisms that offer consumers choice and the opportunity to consent to secondary use of their information.
Depending on its design, the most effective opt-out mechanism could protect consumer privacy better than the least effective opt-in mechanism, however, the worst opt-out mechanisms place too heavy a burden on the individual.
The incentive for companies selecting consent/choice mechanisms will be to choose the mechanism that will likely result in the greatest number of individuals sharing data for secondary purposes rather than the mechanism that provides the individual with the clearest choice.

Simply put, given the opportunity, many companies will make it very difficult for consumers to opt out. Although opt-in may provide the individual with more control over their information in most circumstances, companies could also implement a confusing opt-in mechanism to make it difficult for individuals to choose not to allow secondary use of their information. Therefore, while opt-in and opt-out may create an easy distinction for debating choice and consent mechanisms for policymakers, it does not provide the most useful distinction for consumers. Instead, selecting either opt-in or opt-out will likely lead to the choice of the worst mechanism in each category.

Introduction

For the last five years, privacy has been one of the most contentious issues facing the Internet community. Individuals have said that privacy is their biggest concern for the next century and seem especially wary of the Internet. A Forrester Research analyst estimated that in 2000 companies were losing $12.4 billion due to privacy concerns of individuals, and a recent Pew poll showed that 84% of Internet users are concerned about businesses and people they don't know obtaining personal information about them. Perhaps even more interesting is the finding by IDC that nearly 80% of online consumers have at some time abandoned e-commerce transactions due to privacy concerns. When given a choice between ways to control the problem, consumers seem to prefer baseline privacy protections in law. Meanwhile, most Internet companies assert that they can handle these "trust" concerns through self-regulation.

Recently, the two sides have moved closer together. Public interest groups have put their proposed solution on paper. The new proposals ask for clear notice, the ability of an individual to access personal information held about them, stronger security, and the right to sue a company in court. The ranking member of the Senate Judiciary Committee Senator Ernest Hollings (D-SC) introduced a bill including such provisions at the end of last Congress.

At the same time, some members of industry have compromised from their position that self regulation alone can protect consumer privacy. They back a limited set of principles of fair information practice that would mandate the industry standard of providing notice and the ability for consumers to ask that their personal information not be shared with third parties for uses inconsistent with its original collection.

While each of these principles of fair information practices have been discussed time and time again, we have still not reached even a clear set of definitions for some of the more contentious details. Even some of the most significant participants in the debate do not understand the choice and consent standards that would be required by the proposed laws. In addition to this lack of common terminology, representatives of both sides of the debate have made many unsubstantiated claims. The resulting dialog - often framed by the media as "opt-in v. opt-out" - has been one of the most poorly debated issues in Washington. The following is a serious attempt to parse the question with clear definitions of different kinds of choice and consent standards and a discussion of the outstanding issues.

What choices should individuals have?
Primary Purposes, Secondary Purposes and Third Party Sharing

Before delving into the different kinds of choice and consent that could be offered to the consumer, it is important to understand the type of information use that necessitates choice or consent. Even this basic issue is often mischaracterized.

In discussing choice and consent standards it is important to understand that the requirement applies to use of information for secondary purposes and not the primary purpose for which the individual provided information.

For example - Customer Y would like to buy a book on gardening from Bookstore Z. In order to receive the book, Y must provide the mailing address. Therefore, the primary purpose in giving a mailing address is to have the gardening book delivered. If the bookstore would like to sign the customer up to its mailing list, provide future tailored information to Y on gardening, or share or trade information with a seed company interested in those who have purchased gardening books, these would be secondary purposes. There is no suggestion that there need be a choice whether to provide the address - of course, the address is needed to deliver the book to the customer - the choice is whether the address may be used for the secondary purpose.

While the distinction may seem obvious,the discussion about primary and secondary use often becomes confused when common practices such as signing individuals up for a sweepstakes, rebate or warranty are considered. In these cases, the primary purpose of collection - to capture the consumer's information - is different from the primary purpose for which the individual gave the information - to enter a sweepstakes or receive a rebate or warranty. So it is important to remember that the primary purpose for collection is guided from the consumer's vantage point.

Some in the business community make a further distinction, asserting that use of information for internal secondary purposes requires no choice because of the relationship that already exists between the company and the consumer. However they do agree that consent and choice principles are important when a company wants to sell or trade lists with an outside company or third-party. So, going back to our bookstore: Y buys the gardening book from Company Z and is sent the book. Then Y is automatically place on the Z mailing list and marked as a "gardener" in the Z database, but given a choice or consent option as to whether to have their information traded to the seed company.

This grid explains the different purposes for which information is used:

Primary Purpose Secondary Purpose Third-Party Sharing

The reason that the individual is turning over the personal information (eg, to pay with a credit card, to have a product shipped, to have a product warrantied, to win a prize in a sweepstakes, etc.). All non-primary purposes of information use A secondary purpose that involves a company or organization that the individual may not have a business relationship with
no choice/consent necessary some say choice/consent are necessary some say choice/consent are necessary

Primary Purpose	Secondary Purpose	Third-Party Sharing
The reason that the individual is turning over the personal information (eg, to pay with a credit card, to have a product shipped, to have a product warrantied, to win a prize in a sweepstakes, etc.).	All non-primary purposes of information use	A secondary purpose that involves a company or organization that the individual may not have a business relationship with
no choice/consent necessary	some say choice/consent are necessary	some say choice/consent are necessary

Defining Opt-in

Many involved in the privacy debate have characterized the discussion about "opt-in v. opt-out" as "consent v. choice." Unfortunately, this simplification does not work. Opt-in may either be consent only or consent and choice. What makes a process opt-in is the user's affirmative action in the process. Here are two examples to illustrate this point:

Consent-based Opt-in

The more common opt-in approach is one where defaults are set to assume that the user will not want to share information. On the Web, this is often provided as an unchecked checkbox. Let's go back to our bookstore example:

Y goes to Company Z bookstore to buy a book on gardening. In order to buy the book Y has to complete the following form:
Name_____
Address____
City____ State____ ZIP_____
Credit Card #______
Exp._______

I would like to join the Company Z mailing list and receive information about books and products that I may be interested in from Z and trusted partner companies.

our privacy policy

Y must click on the check box to allow uses for secondary purposes. More information about the privacy practices would certainly need to be included in the Company Z's privacy policy. However, the important point is that an individual would actively select to have information used for secondary purposes.

Some companies do not like this approach because they know that users are unlikely to change the default settings in any technology. Therefore - no matter how attractive - a secondary purpose would likely be ignored.

Choice and Consent-based Opt-in

The other example is often overlooked in the current opt-in v. opt-out debate. Basically, the difference here is that there is no default for how information will be used. Consumers are forced to make a choice. Here's a realistic example of what this might look like:

Y goes to Company Z bookstore to buy a book on gardening. In order to buy the book Y must complete the following form:
Name_____
Address____
City____ State____ ZIP_____
Credit Card #______
Exp._______

To complete your transaction please choose one of the following options:

Complete this Purchase and Become A Full Membership in the Z Club
Please process my transaction and sign me up to Company Z mailing list and receive information about books and products that I may be interested in from Z and trusted partner companies.

Complete the Current Transaction Only
Please process my transaction, but I am not interested in getting the latest news about Z's books, sales and other information.

our privacy policy

Y cannot complete the purchase until one of the choices was selected.

Again, it would clearly be necessary to include more information about the privacy practices in Company Z's privacy policy, but the mechanism requires that the individual is formally requesting to have information shared or not have it shared.

The benefits of this approach are obvious. The individual is given a choice; the individual consents; and since the company is framing the choice, it is allowed to give the customer its best argument for using the information for other purposes.

The downside to this approach is the flip-side to the same coin. It forces the individual to read and make up their own mind rather than rely on a default. Many user interface studies often say that individuals do not like to be given too many options and may even become confused and cancel transactions when forced to do so. Also, the Web site could arrange the choice so that there is not enough information to really make an informed decision.

Before summing up here is the Opt-in grid to recap:
Consent-Based Opt-in Consent and Choice-Based Opt-In

Default set to prevent uses for secondary purposes. No Defaults.

Individuals must actively consent to secondary uses. Individuals must be given at least one choice to complete the current transaction with no secondary purposes attached. The transaction can not be completed until a choice is made.

Consent-Based Opt-in	Consent and Choice-Based Opt-In
Default set to prevent uses for secondary purposes.	No Defaults.
Individuals must actively consent to secondary uses.	Individuals must be given at least one choice to complete the current transaction with no secondary purposes attached. The transaction can not be completed until a choice is made.

If forced to use opt-in companies will probably use different approaches for different kinds of data collection, but it seems that the consent and choice approach offers marketers a bit more leeway for creativity and the potential that more users will sign up for secondary uses. Therefore, despite their rarity now, a fully opt-in regime would probably yield more consent and choice based opt-in approaches than consent only opt-in approaches. These models could give the user more control, but could also be written in a somewhat misleading way.

Defining Opt-out

Opt-out is simply a mechanism where the default is set expressly to allow sharing for secondary uses. While opt-out may be easier to define it is more difficult to provide broadly illustrative examples because of the wide difference between an easy-to-use and difficult-to-use opt-out. Here are some examples:

An Easy-to-use Opt-out

Y goes to Company Z bookstore to buy a book on gardening. To buy the book Y must complete the following form:

Name_____
Address____
City____ State____ ZIP_____
Credit Card #______
Exp._______
our privacy policy

Y would have to uncheck the box to stop use of the information for secondary purposes. Again, more information about the privacy practices would certainly need to be included in the Company Z's privacy policy, but unless the individual changes the defaults his information will be shared.

Public interest groups dislike this approach for the same reasons that companies dislike consent based opt-ins. Individuals are unlikely to change the defaults and once the information is released it is difficult for a consumer to track down the data trail.

A Difficult-to-use Opt-out

Y goes to Company Z bookstore to buy a book on gardening. To buy the book Y has to complete the following form:

Name_____
Address____
City____ State____ ZIP_____
Credit Card #______
Exp._______
our privacy policy

Here there is no option on the page for Y to opt out. Y must go to the privacy policy and find the following statement several screens into the notice:

To remove your personal information from our mailing list and other databases, please write to:

Company Z
123 Bookstore Ln.
Phoenix, AZ 85004

Even though Y purchased the book online, her name cannot be removed from the database online. She must use an offline mechanism.

This kind of opt-out becomes even more difficult when the company using the data is a third party that does not even have a direct relationship with the individual. Undoubtedly, the difficult opt-out places the burden heavily on the shoulders of the individual.

Conclusion

To avoid a race to bottom, it is critical to move past the traditional construct of the opt-in vs. opt-out debate and seek mechanisms that offer consumers the most informed, effective choice possible. These mechanisms should include:

pre-selected checkboxes at the time of collection along with an ability to stop secondary uses at a later date;
unselected checkboxes at the time of collection along with an ability to stop secondary uses at a later date; and
most preferably, choice and consent mechanisms that give individuals an equal choice between providing information for secondary purposes in order to proceed or proceeding with only the transaction at hand. Again, individuals should be able to stop secondary sharing at a later date.

Our Mission / Get Involved / Staff / Publications / Links / Search CDT / Jobs / Action!
Previous Headlines | Legislative Tracking | CDT's Privacy Policy

The Center For Democracy & Technology
1634 Eye Street NW, Suite 1100
Washington, DC 20006
(v) 202.637.9800
(f) 202.637.0968
Contact CDT

Copyright © 2005 by Center for Democracy and Technology.
The content throughout this Web site that originates with CDT can be freely copied and used as long as you make no substantive changes and clearly give us credit. Details.

On Consent, Choice, and Check Boxes Sorting Out the Opt-In v. Opt-Out Debate