Back to News & Commentary

Email, Companies and Social Norms

Jay Stanley,
Senior Policy Analyst,
ACLU Speech, Privacy, and Technology Project
Share This Page
May 7, 2012

I wanted to make note of an interesting anomaly in a new survey that looks at Americans’ attitudes toward the privacy issues implicated by the use of mobile phones to pay for things (instead of cash or a credit card).

The survey (which is online here and is summarized by the New York Times here) finds that Americans react very negatively to the kinds of privacy invasions that mobile payments can bring.

But as the report authors (Chris Hoofnagle, Jennifer Urban and Su Li) write, “While opposition to information sharing at the register is strong in all categories we analyzed, email sharing seems to be the least sensitive category.” While 80 percent and more of respondents objected to sharing other personal information such as home addresses, telephone numbers, or store browsing activity, for some reason opposition to the sharing of email addresses was noticeably weaker, with 33 percent “probably” or “definitely” willing to allow it.

I think it’s interesting to ask the question of why this would be.

I believe there are two answers. First, people still have a strong residual feeling that an email address is more anonymous than other kinds of information. It is true that one can create multiple or throwaway addresses that can be hard for a store or others to tie back to your identity. However, it’s also the case that email addresses are not reliably anonymous. Most people use the same one or two email addresses across most of their lives, and email addresses are increasingly being used to identity you by the enormous machinery that the advertising industry continues to build for tracking individuals online and off. Email addresses serve as a unique identifier that can help establish that the person who bought a product here is the same person who posted a comment there, and showed interest in a certain subject over here. (Of course, it’s also very easy for the government to get your identity, unless you’ve gone to great lengths and really know what you’re doing.)

Second, direct email marketing is not really a problem for most people. Americans are pragmatists, and for the most part they worry only about concrete consequences. Most of the sophisticated online tracking machinery is still largely invisible to them. And reputable companies do not abuse email marketing.

I think this last fact is one of the interesting things that has happened in the last 20 years as the internet has evolved. At one time, there was a lot of worry that every company that could get its hands on anyone’s email address would barrage that person with ads. However, amidst widespread frustration with the barrage of trashy and juvenile spam, it became socially unacceptable for a company at all concerned about its reputation to behave in anything resembling a similar fashion. This is an example of social norms being as important as the actual law in regulating corporate behavior—and in a rare context where companies could not hide their behavior from consumers. This social norm in turn made possible the CAN-SPAM Act of 2003, and the FTC’s implementing rules, which codified this consensus and gave it the power of law, especially by firmly establishing standards for how easy it should be to opt out of commercial emails.

Obviously none of this has affected the flow of spam from bottom-feeders, but no company that has a bricks-and-mortar storefront is likely to annoy a customer with spam, at least more than one time if the customer opts out.

No, the real problems are the things that happen behind the scenes.

Learn More About the Issues on This Page