WHY NOT PRIVACY BY DEFAULT? Lauren E. Willis† ABSTRACT We live in a Track-Me world, one from which opting out is often not possible. Firms collect reams of data about all of us, quietly tracking our mobile devices, our web surfing, and our email for marketing, pricing, product development, and other purposes. Most consumers both oppose tracking and want many of the benefits tracking can provide. In response, policymakers have proposed to give consumers significant control over when, how, and by whom they are tracked through a system of defaults (i.e., “Track-Me” or “Don’t-Track-Me”) from which consumers can opt out. The use of a default scheme is premised on three assumptions. First, that for consumers with weak or conflicted preferences, any default chosen will be “sticky,” meaning that more consumers will stay in the default position than would choose it if reaching the position required an affirmative action. Second, that those consumers with a true preference for the opt-out position—and only those consumers—will opt out. Third, that where firms oppose the default position, convincing consumers to opt out will require the firms to explain the default position, resulting in well-informed decisions by consumers. This Article argues that for tracking defaults, these assumptions may not consistently hold. Past experience with the use of defaults in policymaking teaches that Track-Me defaults are likely to be too sticky, Don’t-Track-Me defaults are likely to be too slippery, and neither are likely to result in well-educated consumers. These conclusions should inform the “Do-Not-Track” policy discussions now taking place in the United States, in the European Union, and at the World Wide Web Consortium. They also cast doubt on the privacy and behavioral economics literatures that advocate the use of “nudges” to improve consumer decisions about privacy. © 2014 Lauren E. Willis. † Robert S. Braucher Visiting Professor of Law, Harvard Law School and Professor of Law, Loyola Law School Los Angeles, [email protected]. My thanks to Omri Ben- Shahar, James Grimmelmann, Chris Hoofnagle, Paul Ohm, Jules Polonetsky, Paul Schwartz, Chris Soghoian, Lior Strahilevitz, Jessamyn West, Jonathan Zittrain, participants at the 2013 Privacy Law Scholars Conference, research assistant Natalie Kim, and the patient editors at the Berkeley Technology Law Journal. 62 BERKELEY TECHNOLOGY LAW JOURNAL [Vol. 29:61 TABLE OF CONTENTS I. INTRODUCTION ............................................................................................... 64 II. WHY AND WHEN DEFAULTS ARE STICKY ........................................ 69 A. MECHANISMS THAT MAKE DEFAULTS STICKY ..................................... 72 1. Transaction Barriers ............................................................................. 72 2. Judgment and Decision Biases ............................................................... 74 3. Preference-Formation Effects .................................................................. 77 B. CONDITIONS UNDER WHICH DEFAULTS ARE OFTEN STICKY ............................................................................................................ 78 III. DEFAULTS IN THEORY ................................................................................ 80 A. THE THEORY BEHIND THE USE OF DEFAULTS IN POLICYMAKING ............................................................................................ 80 1. Policy Defaults ...................................................................................... 81 2. Penalty Defaults .................................................................................... 82 3. Altering and Framing Rules ................................................................. 82 4. An Aside on Forced Choice .................................................................. 84 B. TRANSLATING DEFAULT THEORY TO TRACKING POLICY ................. 85 1. Scope of Tracking Defaults .................................................................... 86 2. Setting: Track-Me or Don’t-Track-Me ................................................. 88 3. Granularity of Available Opt-Out Positions ......................................... 90 4. Altering and Framing Rules ................................................................. 92 IV. DEFAULTS IN PRACTICE ............................................................................. 95 A. TWO FAILED DEFAULT SCHEMES ............................................................ 96 1. The Financial Information Default Scheme ........................................... 96 2. The Checking Account Overdraft Default Scheme ................................. 97 B. HOW FIRMS MAKE THESE DEFAULTS FAIL ........................................... 99 1. Transaction Barriers ............................................................................. 99 2. Judgment and Decision Biases ............................................................. 102 3. Preference Formation Effects ................................................................ 105 C. SUCCESSFUL DEFAULTS ............................................................................ 107 1. Automatic Enrollment in Retirement Savings Plans ............................ 107 2. Do Not Call ....................................................................................... 108 D. CRACKS IN THE THEORY BEHIND THE USE OF DEFAULTS .............. 109 1. Conditions Where Defaults Do Not Work ......................................... 109 2. Reexamining the Logic Supporting the Use of Defaults in Policymaking ....................................................................................... 110 V. WHY TRACKING DEFAULTS ARE UNLIKELY TO ACHIEVE POLICYMAKERS’ GOALS....................................................... 111 A. HOW FIRMS COULD MAKE TRACKING DEFAULTS FAIL ................... 112 1. Erect, Eliminate, or Invert Transaction Barriers ................................. 112 2014] WHY NOT PRIVACY BY DEFAULT? 63 a) Costs ..................................................................................... 112 b) Confusion ............................................................................ 114 c) Futility .................................................................................. 114 2. Harness Judgment and Decision Biases ............................................... 115 a) Salience effects .................................................................... 115 b) Omission Bias ..................................................................... 116 c) Loss Aversion and the Endowment Effect.................... 116 d) Procrastination and Decision Avoidance ....................... 117 e) Excessive Discounting ....................................................... 117 f) Choice Bracketing .............................................................. 118 g) The Illusion of Control ..................................................... 118 h) The Sunk Costs Fallacy ..................................................... 119 3. Bolster, Undermine, or Reverse Preference Formation Effects ............... 120 a) The Endorsement Effect .................................................. 120 b) The Experience Effect ....................................................... 120 B. ALTERING RULES, FRAMING RULES, AND COMPETITION ................ 121 1. The Limits of Altering and Framing Rules ......................................... 122 a) Respect for Heterogeneous Preferences ......................... 122 b) Mis-sorting ........................................................................... 124 c) Commercial Speech Doctrine Limits .............................. 125 d) The First and Last Mover ................................................. 126 2. Will Competition Change the Calculus? .............................................. 128 VI. CONSEQUENCES OF PRIVACY POLICY BY DEFAULT .............. 130 64 BERKELEY TECHNOLOGY LAW JOURNAL [Vol. 29:61 I. INTRODUCTION We live in a Track-Me1 world, one from which opting out is, as a practical matter, often not possible. Firms collect reams of data about us for marketing, pricing, product development, and other uses. Sometimes we knowingly participate in the first stage of this process—a firm asks for information, and we provide it, knowing roughly how that firm will use it. But much data collection is passive, invisible, and performed without explicit consent. Most of us know little about downstream users to whom our data may be transferred and none of us can know all the future uses to which our data may be put. Collection of data on the websites we visit, the content of our emails, and the movements of our mobile phones have garnered the most media attention,2 but as tracking technologies (e.g., facial recognition programs, eye tracking systems, and geolocation sensors) become cheaper and more accurate, the amount of data collected passively and the uses to which it will be put will only increase.3 Although preferences for information privacy vary, wide majorities of people both express opposition to the extent of this data collection and have taken some steps to avoid being tracked.4 They wish to avoid uses of their 1. This Article uses “Track-Me” and “Don’t-Track-Me” to avoid the indeterminacy of “Opt-In” and “Opt-Out,” and uses “tracking” in a colloquial sense to refer to all forms of personal data collection and use for commercial purposes, online and off. For a discussion of “Do-Not-Track” as a technical protocol, see DO NOT TRACK—UNIVERSAL WEB TRACKING