Photo: Unsplash / Franck
How Can ‘Consent Fatigue’ Be Overcome?
Canada’s privacy watchdog has charged Home Depot with failing to obtain customer consent before sharing their personal data with Meta, the parent company of Facebook and Instagram. The home improvement chain said it didn’t notify shoppers due to the risks of “consent fatigue.”
Consent fatigue, also called “cookie fatigue,” refers to consumers agreeing to the terms of a data privacy consent form without reading the terms or fully understanding the implications of their choice. Online, cookie pop-ups, or data-tracking requests, have become particularly annoying as new privacy laws have increased the frequency with which they appear.
Home Depot shared encoded email addresses and in-store purchase information with Meta when in-store shoppers chose to receive an e-receipt.
Home Depot said it relied on implied consent with data-sharing terms available online and in-store upon request, but the Office of the Privacy Commissioner of Canada (OPC) said those guidelines weren’t readily available at checkout and shoppers would have had no reason to seek them out.
“Consumers need clear information at key transaction points, empowering them to make decisions about how their personal information should be used,” OPC Commissioner Philippe Dufresne said. “Consent fatigue is not a valid reason for failing to obtain meaningful consent.”
Time restrictions are believed to be a major factor driving consent fatigue as privacy policies tend to range from 2,500 and 4,500 words. A 2019 Pew survey found that only nine percent of Americans say they always read privacy policies.
The policies are also difficult to understand. Wendy Wong, a professor of political science at the University of British Columbia, told CBC, “I think that we’re placing the onus on the public to understand complex and vague legal documents.”
A recent survey of U.S. adults taken from researchers at the University of Pennsylvania found 80 percent believed that they had “little control over what marketers” could learn about them online while 73 percent did not have “the time to keep up with ways to control the information that companies” had about them.
“Genuine opt out and opt in consent requires that people have knowledge about commercial data-extraction practices as well as a belief they can do something about them,” the report stated. “Americans have neither.”
-
Home Depot failed to obtain customer consent before sharing personal data with Meta - Office of the Privacy Commissioner of Canada
-
Home Depot didn't get customer consent before sharing data with Facebook's owner, privacy watchdog finds - CBC
-
Americans and Privacy: Concerned, Confused and Feeling Lack of Control Over Their Personal Information - Pew Research
-
EU consumer department to present voluntary pledge over ‘cookie fatigue’ - Euractiv
-
Americans Can’t Consent To Companies’ Use Of Their Data - Annenberg School for Communication, University of Pennsylvania
-
Americans Flunked This Test on Online Privacy - The New York Times
Discussion Questions
DISCUSSION QUESTIONS: Do you see paths to reduce ‘consent fatigue’ for consumers from data-sharing requests? Would easing the consent process be beneficial or complicate retailers’ efforts to use data to drive personalization efforts?
Poll
Loading …BrainTrust
Lucille DeHart
Principal, MKT Marketing Services/Columbus Consulting
Gene Detroyer
Professor, International Business, Guizhou University of Finance & Economics and University of Sanya, China.
Cookie fatigue is real. The EU introduced a law some years ago which requires people to consent to cookies as they browse websites. The result is a continual stream of annoying notifications and popups asking people to accept cookies which virtually no one reads or understands. It has no value and serves no purpose. That said, I think sharing personal information provided by consumers is different from general cookies: If Home Depot was planning to share email addresses people enter for receipts then they should have made this very clear at the time people agreed to provide their addresses.
I see an even murkier path forward with consent and companies’ use of personal information for marketing purposes, primarily due to more stringent privacy laws that are being enacted. It’s kind of like the perfect storm. Consumers want preferred treatment, but don’t want their personal data shared irresponsibly with other, unknown parties. And companies seek more customer 360 understanding, but fear legal backlash if they get creative with consumer data. Threading the needle is a real balancing act.
And here I thought the offering of a choice between an email and hard copy receipt was for my convenience–you know, the customer. How naive of me. Of course they wanted to sell my data. Of course. Who wants to go through the consent nonsense while in a checkout line? But it’s available upon request or online? Seriously? Sigh–back to Lowe’s.
I thought the same thing — I should have known better.
Consumers won’t forfeit access, discounts, offers or other benefits as long as they don’t feel invaded or abused. Until data is breached and their personal and financial information is hacked and becomes detrimental to them, they won’t take any action. Clicking on opt-ins and consent forms is like blinking, especially for younger consumers who grew up fully transparent. The truth is, businesses like more data, so it is not in their interests to help limit access to it. Consumers need to push back when they are ready.
Twenty-five hundred to 4,500 words of legalese? I am surprised that as many as nine percent of the people read them at all. ZERO percent would not have surprised me.
OPC Commissioner Dufresne said. “Consent fatigue is not a valid reason for failing to obtain meaningful consent.” Do you think Mr. Dufresne understands that the process is specifically designed to produce consent fatigue? To me, the objective of the process is to make it so convoluted that the customer simply clicks “OK.” Am I being too cynical?
When have we ever been asked, most simply, “Would you like us to share your data?”
The vast majority of consumers ceased reading software license agreements many years ago. The desire to use a particular platform overwhelms any hesitance about what that agreement might contain deep within the document. The same is happening today with cookies. I believe most consumers click on the dialog box about cookie acceptance as if it is an interstitial page offering a 10 percent discount in exchange for an email address. I would say that easing the process is the answer but there should be a movement to clarify the substance of what we are asked to agree to and we should require everyone to use a similar format.
It’s simple. If you ask for a customer’s data (name, email, address, phone, etc.), tell them in a simple sentence or two what you plan to do with it. Give the customer the option of agreeing (or not) to the use. Done the right way, the customer will appreciate and trust you (more).
The consent fatigue is alive and well and growing exponentially. Consent forms should be transparent and easy for consumers to understand which will complicate a retailer’s effort to drive personalization. Handing over your personal data to a retailer is one thing, but agreeing that that retailer can share the data with advertisers, Meta, and other ancillary businesses is taking advantage if consumers are not fully aware of this practice. The consumer is also becoming more protective of their data, especially with the likes of generative AI threatening to implode cybersecurity efforts which have been widely reported. As retailers build their Retail Media Networks (RMN), and continue to offer customer data to their advertisers, it is only a matter of time before the consumer gets savvy to this data sharing as well. The class action lawsuit on biometrics usage with Amazon and New York City will be a landmark case in collecting this type of data. Overall, there will be a new wave of consumer privacy concerns based on the increasing collection, use, and sharing of consumer data prompting retailers to up their game on data protection.
This is a tough one. No one reads all of that legal “stuff” when they initially sign in or log in to–anything. One just agrees in order to get on with it. If you don’t agree, then you do not get to buy, or visit, or stream, or whatever. What would really help would be to “kill” the legal language that is always in place and write something short in “plain English.” And give people options for a decision: “yes you can use my data” or “no you cannot use my data.” If only the world were this simple!
It’s not just the cloud of how consent is “clicked through,” it’s the fact that consent can be coerced by the manufacturer if you want to use some of the advertised features of their products. Try using a smart TV with, say, Alexa if you don’t agree to the privacy policy. Opt out and you can’t use that feature (or others) at all. And if you do faithfully read all the privacy implications and decide to go ahead, a month later a new revised privacy policy arrives for you to decipher and agree to. It’s very one-sided and complex.
There is a difference between a retailer tracking data and selling data to third parties. Making this differentiation clear to consumers is important.
What a load of B*******! Home Depot has no business “sharing” such info with
the Devil’s Earthly RepresentativeMeta. This really has little if anything to do with personalization efforts.This kind of nonsense is why we’re rapidly heading toward — if not outright outlawing — at least severely restricting data collecting.