By Ahmet Akkoc, Junior Researcher
Did you know that 1 in 3 people use a VPN? People these days care a lot about their privacy, and they are willing to pay a lot for it. So much so, in fact, that market researcher Cloudworks estimated that that the market for VPNs is expected to surpass $92 billion in 2027 (Kochovski, 2022).
The aim of my project with ETHOS is to understand how privacy is commodified from the perspective of different consumers. More bluntly: “How do we experience privacy or what makes us feel private?”
Introduction: The Cost of Privacy
Our personal data today is an invaluable resource. Data is capable of supporting everything from measuring customer satisfaction to powering AI like ChatGPT. Data, more specifically personal data, has become increasingly commodified into assets through technologies such as social media and personal advertisements. Birch & Muniesa (2020) describe this process of transforming data into resources (i.e. assets) for new services and innovations as a kind of Technoscientific Capitalism. Data is exploited for economic gain, acquiring a status of fiat value in the process.
This process of value, and profit, extraction from personal data has been exploited to such an extent that today it has become a deterrent to many consumers. Conscious consumers who feel their privacy violated and their comfort disturbed now switch apps or shift their attitudes online. Conversely, what has yet not been described so much is another kind of commodification: The commodification of privacy, as a service or quality.
In the literature, privacy commodification and data commodification are more or less synonymous. van Ooijen et al.’s recent article (2022) on privacy cynicism is a good summary of the state-of-art. Research has typically framed either as a transaction of a person paying with their data in exchange for some utility or service. But the same discussion is already happening on Twitter, YouTube; radio and podcasts, it has perhaps been heard by everyone. However, this is ignorant of the fact that sometimes the commodity is itself a private thing. This could be a technology which is inherently private or a utility to augment one’s privacy. Typically, such commodities will have a cost different from one’s own data. VPNs come to mind: They don’t sell data but ask their customers to pay, in cash, for their funding.
Another form of privacy cost is storage space. A cloud storage retains data outside of the user’s control, whereas a user with ample storage space available has the option of ignoring network traffic through hoarding files offline.
The current stage of the data revolution is seeing data secrecy become, at least, an equally valued and profitable service beside data collection and processing. Therefore, I designed an interview-format framing privacy cost in such a light.
Method: Semi-Structured Privacy Interviews
Here is the scenario: In the not too distant year of 2032, the Danish government has decided to begin taxing privacy. As the interviewer, I play the role of a privacy accountant, tasked with measuring the costs of maintaining one’s privacy.
These costs are money, and storage space allocation. A third measure is time allocation, which is more of a capacity rather than a cost. So, for example, if the interviewee mentions that they have a monthly 20kr VPN subscription, the interviewer will note this down.
The interview is semi-structured into 5 sections:
- What devices do you use?
- What Apps and Sites do you use?
- How do you present yourself online?
- What Privacy Tools or Modifications have you installed?
- What other Browsing Habits do you have?
At the end of the interview, I show the participant their privacy budget and ask them to reflect on it.
For these interviews I was able to find 8 participants from ITU and KU. These were students, either BSc. or MSc. with no staff participating.
While I am still organising my notes from these interviews, I would like to focus on what I feel is the most novel discovery on my part: For achieving privacy, different people can have different, even contrasting goals.
Use-Cases and Privacy Objectives
People use their devices for a variety of reasons: work, study, play, watching cooking tutorials… That much is a given. Just as there are certain use-cases for certain people, there seem to be specific privacy objectives which a given person will try to satisfy. These privacy objectives are based on the use-case and the user’s personality is another cofactor as well.
We can illustrate this through the device usage patterns of two participants. For example, Participant 1 who prefers to use their computer and Participant 8 who uses their smartphone more often. To participant 1, their phone was only good for listening to music. But because they were concerned about their privacy, they requested their data from Spotify to see what they were tracking. It turned out that Spotify was fingerprinting a lot of their data. They decided to make a map out of their Spotify data, because at least this way they would be able to experience their “musical journey” for themselves. Reclaiming their data in this way satisfied their privacy objective.
Conversely, Participant 8 had a very different outlook. After a long day of studying, they enjoy unwinding by watching Twitch streams and find it to be a very anonymous environment. In their own words: “I can become anyone in a Twitch chat”, all they have to do is register a new account with a new name. And in this case, Participant 8 does not want to reclaim any kind of data; always inventing a new history with new data. They achieve their sense of privacy through this form of anonymity, or more technically, pseudonymity.
Another duality I observed was the dichotomy between users who feel data is safer when stored as static files or users who prefer the ephemerality of the web. An argument from Participant 4 was that they felt safe knowing they kept a low-profile online. Yet they maintained a 100GBs worth of photos in cloud storage, as they described “from a lifetime ago”, entrusted to their cloud storage provider. Participant 7, on the other hand, keeps to themselves a tangible online profile. It is important to them to be able to connect with people with mutual interests. Given their previous involvement with activism, police confiscating devices was not unknown to them. So, again conversely, Participant 7 prefers to have as little offline data as possible. Neither Participant 4, nor Participant 7 can truly destroy
their data, but their privacy objective is to move as much of their information in one direction or the other: The Cloud or the World Wide Web. Neither is inherently more private than the other, but one becomes more private than the other, based on the privacy objective the person has set for themselves.
Outside the Wall: Where to from here
Data assetization brings to mind the concept of social alienation. Losing pieces of who we are for the sake of fueling modern capitalism. Yet, becoming hyper-private and developing harmful habits in the name of privacy can also lead to becoming alienated from society. Building a wall around ourselves, with no way out; that is also a very painful, pitiful state. My ulterior motive here has been to show that privacy is a concept that must be approached with nuance, rather than a straightforward optimization along a 2-dimensional Pareto front. If anything, privacy is very much multi-dimensional.
This so far is only the surface of my work, there are also underlying economic mechanisms I would like to talk about more. For example, how workplaces and schools subsidize the privacy costs of affiliates. Device and service sharing is a common solution to bring costs down. In my analyses so far, I have not observed any form of gender disparity, but perhaps I need to look a bit harder.
I am still in the middle of connecting these folk descriptions of privacy given in interviews to privacy definitions which have been used in the literature. I am also looking forward to publishing my interview data (in an anonymized form, of course) to receive more feedback from other privacy researchers in the field. If I am doing something new, it’s crucial to become the flag bearer, I figure.
What I can say from my work thus far is that privacy is to be viewed as a commodity. However, it is not a commodity in the sense that a food item or clothing is. Rather, privacy is a property of things and their functions; for someone avoiding being wiretapped, privacy is what makes a disposable burner phone preferable to a contract phone.
Thus, as a first step to coining the concept of privacy commodification I have tried to show some of these structures: Use-cases, Privacy Objectives and Personality; and the associated financial and storage space costs. I am excited to share more from my work in the coming weeks and hope you will stay tuned as well. Cheers!
References
- Kochovski, A. (2022, August 23). The Top 25 VPN Statistics, Facts & Trends for 2022. Cloudwards. https://www.cloudwards.net/vpn-statistics/
- Birch, K. & Muniesa, F. Introduction: Assetization and Technoscientific Capitalism. (2020). In Assetization. The MIT Press.
- van Ooijen, I., Segijn, C. M., & Opree, S. J. (2022). Privacy Cynicism and its Role in Privacy Decision-Making.Communication Research, 0(0). https://doi.org/10.1177/00936502211060984