Apple made sweeping changes to the privacy settings available to users in iOS 14.5, dubbed App Tracking Transparency (“ATT”). The new operating system has been publicly available since April 26, 2021 and has advertisers and app makers losing their collective minds at the reality of losing the ability to track users.
While iPhone users have previously had a degree of control over which apps on their phones can track them across the web, iOS 14.5 moves from the Opt-Out design to an Opt-In design. The difference is staggering and gives us a taste of the privacy benefits that we receive when our ubiquitous devices adapt a privacy by default framework.
Privacy by Default is More than a Suggestion
You should design any system, service, product, and/or business practice to protect personal data automatically. With privacy built into the system, the individual does not have to take any steps to protect their data – their privacy remains intact without them having to do anything.
ICO Guide to Data Protection by Design and Default
Although privacy by design and privacy by default are baked into GDPR Article 25, iOS 14.5 may very well be the largest (and best?) attempt to apply privacy by default settings for Internet users en masse. Something that (as suggested by Art. 25 and Recital 78) should be the default setting has been beaten into our heads (by marketers) that it’s impossible for the modern Internet. As a result, we’ve lived with cookie banners and then cookie walls since GDPR took effect in 2018.
An example of privacy by default given by the European Commission aligns closely with Apple’s default privacy settings in iOS 14.5:
A social media platform should be encouraged to set users’ profile settings in the most privacy-friendly setting by, for example, limiting from the start the accessibility of the users’ profile so that it isn’t accessible by default to an indefinite number of persons.
Unfortunately, there is no similar application under US federal law, which remains woefully inadequate to serve the privacy interests of the American public.
People Embrace the Default
I’ve seen so many articles that point out how much people care about privacy and point to the adoption rates of app tracking after the iOS 14.5 release. Unfortunately, I don’t have that kind of faith in the average users’ feelings on privacy.
I think the more straightforward take here is that people will choose the default setting. If Opt-In is an extra step, people just won’t Opt-In.
“Can I use the app without you tracking me? Yeah? Okay, let me just keep using it that way.”
The effect of a default setting on consumer choice is thoroughly documented. (See, e.g., The effect of default options on choice—Evidence from online product configurators; Wikipedia – default effect).
This decision-making shortcut has also been described as a status quo bias:
Privacy decisions have several characteristics that may make default options especially impactful on behavior. First, information about privacy risks can often be difficultto find and understand, and thus attention may be a limiting factor in decision making, allowing defaults to go unchanged for many individuals. Moreover, preference uncertainty may be pronounced in the context of privacy decision making [John et al. 2011], and the tradeoffs associated with disclosure are often difficult to quantify and evaluate. Thus, normative judgments of defaults or their propensity to shape uncertain preferences may have a significant impact on behavior. Furthermore, users of privacy and security tools may assume that the default configurations of those tools protect them, without reviewing the settings [Leon et al. 2012].
Alessandro Acquisti, Idris Adjerid, Rebecca Balebako, Laura Brandimarte, Lorrie Faith Cranor, Saranga Komanduri, Pedro Giovanni Leon, Norman Sadeh, Florian Schaub, Manya Sleeper, Yang Wang, and Shomir Wilson. 2017. Nudges for Privacy and Security: Understanding and Assisting Users’ Choices Online. ACM Computing Surveys 50, 3, Article 44 (October 2017), DOI:https://doi.org/10.1145/3054926
It’s why those subscription boxes and radio are pre-checked. You’ll have to do something to avoid signing up for a newsletter. It’s why the cookie walls are pre-checked with “Accept All Cookies” as the default. Just click accept and you’ll get to the content you are after. Are these Opt-In or Opt-Out scenarios? At the very least, they are dark patterns nudging toward the surveillance-default option.
Opt-Out choices are lazy, anti-privacy choices.
It’s easy money and conversions for marketers. Because people don’t stray far from the default settings on their devices and browsing habits. Every device manufacturer, app developer, and website owner knows this.
Sure, the savvy tech users are the exceptions and will change their default settings, install ad-blockers, or run Pi-hole on their networks. But the money is after the herd – and the herd follows what our technology, marketing, and privacy overlords establish by default.
Opt-Out terms are built for marketing – and marketers ruin everything.
Again, this is the magic of the default setting and why privacy by default is baked into the GDPR.
With iOS 14.5, Apple is forcing users to at least consider privacy and it’s making the choice of privacy easy – it’s the default!
And speaking of marketing, Apple is making privacy a marketable feature for iPhones and a brand identity for the company as a whole. People didn’t really know they cared about privacy until a tech behemoth showed them that they could and should care.
While there may be plenty of other criticisms of Apple, it is refreshing to see a tech giant building a brand identity around privacy. Simply bringing a baseline of awareness to the average user will do us well to move the privacy conversation forward.
Android 12: Marketing Privacy in Words More than Deeds
It’s worth noting that iOS 14.5 has forced Google’s hand to add more privacy marketing to Android 12. However, Google doesn’t go so far as to enable privacy by default along the lines of Apple’s ATT.
While you can disable ad tracking to a large extent of what you can in iOS 14.5, Android 12 does not force you to Opt-In to tracking. After all, Google is an advertising company. Again, the choice is there to Opt-Out of cross-app/cross-web tracking but it is not privacy by default.
I’d love to see raw data comparing the use of Opt-In on iOS 14.5 and Opt-Out on Android 12. I’d be willing to bet that the headlines heralding how much users care about privacy when given a choice would prove to be less about choice and more about users’ default settings remaining in place.
Leave a Reply