Consumer Privacy Paradox: The Privacy & Marketing Puzzle

Ce contenu n'est pas disponible dans la langue sélectionnée.

Par Maria Godoy (LL.M. Droit des technologies de l’information, Faculté de droit de l’Université de Montréal)

Photo by Glen Carrie on Unsplash

Technology has been intensifying the delicate intersection between privacy and marketing. Both fields have been adapting to societal developments, innovations, and challenges over the last several years. In the current context, when placed side by side, privacy, and marketing form a puzzle known as Consumer Privacy Paradox.

Like any puzzle, it requires a level of reasoning to find a solution. The privacy pieces – such as meaningful consent, lawful processing, individual rights, and safeguards – and the marketing pieces – such as targeting ads using Online Behavior Advertising, remarketing, browser cookies, and customer trust – need to fit together. However, this is not an easy task for privacy professionals, marketers, entrepreneurs, or customers. Personal data is becoming a significant part of a new marketplace based on behavioral predictions [1].

The Consumer Privacy Paradox means the opposition between the customers’ willingness to share their personal data and their concerns about privacy matters: sometimes, their actual behaviors contradict their stated willingness [2]. This paradox lies in the contrast between the consumers’ privacy worries and their desire for increasingly personalized experiences, services, and products.

There are times when people hesitate to share their personal information driven by privacy concerns. There are other times when they are grateful to provide it to companies in exchange for special offers and benefits. This contradictory behavior creates a particular challenge for marketers, who shall try to fit privacy and personalization without one inhibiting the other.

Alongside this consumer contradiction, marketing practices shall consider ongoing policy-making and law-making processes around the world. Usually, these processes are responsible for guiding the advertising market; sometimes, marketing practices can influence them. For example, a high volume of calls from telemarketers in the United States encouraged the adoption of the Do-Not-Call Implementation Act in 2003: “[t]he act was intended to protect consumers from a violation of privacy (incessant sales phone calls particularly during the evening hours)” [3]. Regulations such as the Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (CAN-SPAM Act, from the USA), Canada’s Anti-Spam Legislation (CASL), and the French law on Confidence in the Digital Economy are, at the same time, product of the existing marketing activities and a frame to the new ones.

Today, many of the techniques in marketing rely on personal data to be successful, such as the already mentioned Online Behavioral Advertisement, which is a technique for “tracking and targeting of individuals’ web activities, across sites and over time, to serve advertisements that are tailored to those individuals’ inferred interests” [4]. This usually means a more comfortable or cheaper buying process for consumers. For this reason, they might be inclined to set their privacy matters aside. However, the opposite is also true. People can prioritize privacy and not care about the offers and personalization obtained from their personal information.

An infallible technique to try to ensure consumer satisfaction and to keep lawful marketing practices even in the midst of the Consumer Privacy Paradox is to set standards higher than those provided by privacy regulations, keeping the control in the hands of the person to whom the data belongs. Often, the issue does not lie in the marketing practice itself, but in its implementation.  Here is an example:

Recently, wireless provider Verizon incurred significant fines for not informing and allowing opt-out of super-cookies, powerful consumer tracking devices that cannot be seen or erased by its customers and that provide detailed browsing history and other personal information about users. Interestingly, AT&T also has super-cookie technology, but the Federal Communications Commission (FCC) felt that the company had adequately notified and allowed opt-out for their customers (Peterson 2016). [5]

In this case, the super cookies were not the issue by themselves, but rather how this tool was used: with or without the proper information and control by consumers. Therefore, using data collection tools are allowed to marketers. Using them in a regular, legal, and ethical way, that is what must be done.

In December 2015, The Office of the Privacy Commissioner of Canada published the Policy Position on Online Behavioral Advertising [6], which still serves today as a guideline on this matter. Its provisions, accompanied by those from the Guidelines for Obtaining Meaningful Consent, published in May 2018, [7], and the Guidance for Businesses Doing e-Marketing [8], published in January 2020, might lead us when creating a marketing strategy.

These guidelines help companies identify the compliance pinch points of certain behavioral advertising practices. For example, a company that hires a third party to do email marketing or buys an email list is still accountable for the data collection, and therefore ensuring the appropriate consent was obtained.

Even though struggling with this paradox between the intention to share and the wish for privacy, marketers cannot use it as an excuse for abuses such as maximizing the data collection or keeping it for longer than they need to fulfill the data processing purpose. Neither can the consumers hide under this paradox and demand more than the respect of their rights, regardless of their own behaviours. Both keep their responsibilities regarding data and privacy protection, each one in their extension and context. Although this is self-evident, sometimes it is forgotten.

Finally, to overcome the Consumer Privacy Paradox – or at least minimize its effects – is not an easy or straightforward task, but, indeed, an evergreen process that requires an effort directed towards it coming from various areas. The legal department, privacy professionals, and IT team members must assist the marketing team in any personal-information-related strategy.


  1. Shoshana Zuboff inspires this idea of a new marketplace. The professor emerita at the Harvard Business School calls it surveillance capitalism, a term she coins in her book. According to her, there is a new marketplace “that aims at nothing less than predicting and modifying our everyday behaviour – where we go, what we do, what we say, how we feel, who we’re with.” The professor highlights this idea on the docudrama The Social Dilemma, available on Netflix. See: Shoshana Zuboff, The Age of Surveillance Capitalism: The Fight for a Human Future at the New Frontier of Power, New York, PublicAffairs, 2019.
  2. Robert W. Palmatier & Kelly D. Martin, The Intelligent Marketer’s Guide to Data Privacy: The Impact of Big Data on Customer Trust, London, Palgrave Macmillan, 2019, p. 165.
  3. Lumen Learning, Module 5: Ethics and Social Responsibility, “Reading: Privacy Laws”.
  4. Office of the Privacy Commissioner of Canada, “Policy position on online behavioral advertising”, December 2015.
  5. Kelly D. Martin & Patrick E. Murphy, “The role of data privacy in marketing”, (2016) Journal of the Academy of Marketing Science 135.
  6. Office of the Privacy Commissioner of Canada, supra note 4.
  7. Office of the Privacy Commissioner of Canada, “Guidelines for obtaining meaningful consent”, May 2018.
  8. Office of the Privacy Commissioner of Canada , “Guidance for businesses doing e-marketing”, January 2020.