How Can ‘Consent Fatigue’ Be Overcome?
Canada’s privacy watchdog has charged Home Depot with failing to obtain customer consent before sharing their personal data with Meta, the parent company of Facebook and Instagram. The home improvement chain said it didn’t notify shoppers due to the risks of “consent fatigue.”
Consent fatigue, also called “cookie fatigue,” refers to consumers agreeing to the terms of a data privacy consent form without reading the terms or fully understanding the implications of their choice. Online, cookie pop-ups, or data-tracking requests, have become particularly annoying as new privacy laws have increased the frequency with which they appear.
Home Depot shared encoded email addresses and in-store purchase information with Meta when in-store shoppers chose to receive an e-receipt.
Home Depot said it relied on implied consent with data-sharing terms available online and in-store upon request, but the Office of the Privacy Commissioner of Canada (OPC) said those guidelines weren’t readily available at checkout and shoppers would have had no reason to seek them out.
“Consumers need clear information at key transaction points, empowering them to make decisions about how their personal information should be used,” OPC Commissioner Philippe Dufresne said. “Consent fatigue is not a valid reason for failing to obtain meaningful consent.”
Time restrictions are believed to be a major factor driving consent fatigue as privacy policies tend to range from 2,500 and 4,500 words. A 2019 Pew survey found that only nine percent of Americans say they always read privacy policies.
The policies are also difficult to understand. Wendy Wong, a professor of political science at the University of British Columbia, told CBC, “I think that we’re placing the onus on the public to understand complex and vague legal documents.”
A recent survey of U.S. adults taken from researchers at the University of Pennsylvania found 80 percent believed that they had “little control over what marketers” could learn about them online while 73 percent did not have “the time to keep up with ways to control the information that companies” had about them.
“Genuine opt out and opt in consent requires that people have knowledge about commercial data-extraction practices as well as a belief they can do something about them,” the report stated. “Americans have neither.”
Home Depot failed to obtain customer consent before sharing personal data with Meta - Office of the Privacy Commissioner of Canada
Home Depot didn't get customer consent before sharing data with Facebook's owner, privacy watchdog finds - CBC
Americans and Privacy: Concerned, Confused and Feeling Lack of Control Over Their Personal Information - Pew Research
EU consumer department to present voluntary pledge over ‘cookie fatigue’ - Euractiv
Americans Can’t Consent To Companies’ Use Of Their Data - Annenberg School for Communication, University of Pennsylvania
Americans Flunked This Test on Online Privacy - The New York Times
DISCUSSION QUESTIONS: Do you see paths to reduce ‘consent fatigue’ for consumers from data-sharing requests? Would easing the consent process be beneficial or complicate retailers’ efforts to use data to drive personalization efforts?
Join the Discussion!
13 Comments on "How Can ‘Consent Fatigue’ Be Overcome?"
You must be logged in to post a comment.
You must be logged in to post a comment.
Managing Director, GlobalData
Cookie fatigue is real. The EU introduced a law some years ago which requires people to consent to cookies as they browse websites. The result is a continual stream of annoying notifications and popups asking people to accept cookies which virtually no one reads or understands. It has no value and serves no purpose. That said, I think sharing personal information provided by consumers is different from general cookies: If Home Depot was planning to share email addresses people enter for receipts then they should have made this very clear at the time people agreed to provide their addresses.
Industry Consulting, Retail, CPG and Hospitality
I see an even murkier path forward with consent and companies’ use of personal information for marketing purposes, primarily due to more stringent privacy laws that are being enacted. It’s kind of like the perfect storm. Consumers want preferred treatment, but don’t want their personal data shared irresponsibly with other, unknown parties. And companies seek more customer 360 understanding, but fear legal backlash if they get creative with consumer data. Threading the needle is a real balancing act.
Founding Partner, Merchandising Metrics
And here I thought the offering of a choice between an email and hard copy receipt was for my convenience–you know, the customer. How naive of me. Of course they wanted to sell my data. Of course. Who wants to go through the consent nonsense while in a checkout line? But it’s available upon request or online? Seriously? Sigh–back to Lowe’s.
I thought the same thing — I should have known better.
Principal, MKT Marketing Services/Columbus Consulting
Consumers won’t forfeit access, discounts, offers or other benefits as long as they don’t feel invaded or abused. Until data is breached and their personal and financial information is hacked and becomes detrimental to them, they won’t take any action. Clicking on opt-ins and consent forms is like blinking, especially for younger consumers who grew up fully transparent. The truth is, businesses like more data, so it is not in their interests to help limit access to it. Consumers need to push back when they are ready.
Professor, International Business, Guizhou University of Finance & Economics and University of Sanya, China.
Twenty-five hundred to 4,500 words of legalese? I am surprised that as many as nine percent of the people read them at all. ZERO percent would not have surprised me.
OPC Commissioner Dufresne said. “Consent fatigue is not a valid reason for failing to obtain meaningful consent.” Do you think Mr. Dufresne understands that the process is specifically designed to produce consent fatigue? To me, the objective of the process is to make it so convoluted that the customer simply clicks “OK.” Am I being too cynical?
When have we ever been asked, most simply, “Would you like us to share your data?”
CEO, Hanifin Loyalty LLC
The vast majority of consumers ceased reading software license agreements many years ago. The desire to use a particular platform overwhelms any hesitance about what that agreement might contain deep within the document. The same is happening today with cookies. I believe most consumers click on the dialog box about cookie acceptance as if it is an interstitial page offering a 10 percent discount in exchange for an email address. I would say that easing the process is the answer but there should be a movement to clarify the substance of what we are asked to agree to and we should require everyone to use a similar format.
Chief Amazement Officer, Shepard Presentations, LLC
It’s simple. If you ask for a customer’s data (name, email, address, phone, etc.), tell them in a simple sentence or two what you plan to do with it. Give the customer the option of agreeing (or not) to the use. Done the right way, the customer will appreciate and trust you (more).
Associate Professor, Fashion Institute of Technology
President and CEO, Vector Textiles
This is a tough one. No one reads all of that legal “stuff” when they initially sign in or log in to–anything. One just agrees in order to get on with it. If you don’t agree, then you do not get to buy, or visit, or stream, or whatever. What would really help would be to “kill” the legal language that is always in place and write something short in “plain English.” And give people options for a decision: “yes you can use my data” or “no you cannot use my data.” If only the world were this simple!
Retail Strategy - UST Global
Contributing Editor, RetailWire; Founder and CEO, Vision First
There is a difference between a retailer tracking data and selling data to third parties. Making this differentiation clear to consumers is important.
CFO, Weisner Steel
What a load of B*******! Home Depot has no business “sharing” such info with
the Devil’s Earthly RepresentativeMeta. This really has little if anything to do with personalization efforts.
This kind of nonsense is why we’re rapidly heading toward — if not outright outlawing — at least severely restricting data collecting.