The Limits of Opt-in

Federal and state laws guarantee individuals the right to “opt-out” of certain uses of their personal information. Under this longstanding standard of privacy protection, businesses that wish to collect and use personal information must clearly notify consumers and must provide them with an easy, no-cost way (such as an 800-number) of “opting out” of such use.

This standard of privacy protection is so widespread and so universally accepted that many companies and industry associations permit consumers to “opt-out” of certain uses of personal information, even where they are not legally required to. Since 1971, for example, every U.S. resident has been able to “opt-out” of receiving mail and telephone solicitations from Direct Marketing Association member companies; a single letter to the DMA’s Mail Preference Service and Telephone Preference Service is all it takes.

Some legislators, however, are considering highly restrictive laws that would prohibit the use of basic personal information, such as name, address, and past purchasing habits, unless the individual to whom the information pertains “opts-in” to the use by giving explicit consent. This radical departure from the “opt-out” privacy standard offers consumers no additional privacy protection, but instead saddles them with higher costs, a decreased range of products and service, and the inconvenience and burden of the additional calls and letters necessary to obtain the permission every time personal information must be used to provide the convenient services that we have all come to take for granted. Consider the following:

1.  An “opt-in” system does not increase privacy protection.

“Opt-in” and “opt-out” both give consumers the final say about whether their information is used. Neither approach gives individuals greater or lesser rights than the other. Under either system, it is the consumer alone who makes the final and binding determination about data use. Shifting from an “opt-out” system to an “opt-in” system does not increase privacy protection, but it does have other dramatic effects.

2. An “opt-in” system is always more expensive than an “opt-out” system.

An “opt-in” system sets the default rule to “no information flow,” thereby denying to the economy the very information-what acting Comptroller of the Currency Julie Williams called the very “lifeblood”-on which it depends. Under “opt-out,” contact only occurs for those consumers who wish to withhold permission. Moreover, customers can take advantage of the convenience and efficiency of 24-hour company web sites and 800 numbers that provide a wide range of services to “opt-out.”

“Opt-in” requires that every consumer be contacted individually to gain explicit permission. U.S. West, one of the few U.S. companies to be subject to an “opt-in” system, found that contacting customers to obtain their “opt-in” consent to use personal information cost $30 per customer contacted. Consequently, “opt-in” is always more expensive than “opt-out.”

3.  “Opt-In” will increase the burden of unsolicited calls and mail.

By requiring an explicit statement of permission prior to use of personal information, an “opt-in” system necessarily requires businesses to make extra contacts with consumers.

U.S. West found that it required an average of 4.8 calls to each customer household before the company reached an adult who could grant consent. Consequently, U.S. West customers received more calls than in an “opt-out” system.

The extra burden on consumers will increase again if the absence of personal information increases mass mailings and telephone calls because businesses can no longer target their marketing only to consumers who are likely to be interested. Businesses must advertise; “opt-in” just means that they will have to send more ads to more people. “Opt-in” is therefore a sure way to increase junk mail and telephone calls.

4.  “Opt-in” is contrary to consumer expectations.

“Opt-in” is contrary to consumer expectations and behavior. Opinion polls that demonstrate that many consumers are increasingly concerned about their privacy also show that those same consumers are happy to have their personal information used for appropriate purposes so long as they are given an opportunity to “opt-out.” The vast majority of consumer do not “opt-out;” they just like to know that they have the option. The behavior of 132 million adults who take advantage of direct marketing opportunities every year backs up these polls.

5.  Opportunities are lost under “opt-in.”

By adopting a default rule that stops the free flow of information, “opt-in” impedes economic growth by raising the costs of providing services and consequently decreasing the range of products and services available to consumers. “Opt-in” would deny opportunities to consumers who now receive unsolicited material by phone or mail and have the option to act on those solicitations. Again, U.S. West’s experience is instructive: Despite repeated attempts, in one-third of households called, U.S. West never reached the customer. Those customers were denied opportunities to receive information about valuable new products and services.

6.  “Opt-in” reduces competition.

Robert E. Litan, Director of the Economic Studies Program and Vice President of The Brookings Institution, and a former Deputy Assistant Attorney General for the United States, has written that switching from an “opt-out” system to an “opt-in” system would “raise barriers to entry by smaller, and often more innovative, firms and organizations,” by making it harder to identify and reach interested potential customers.

Litan also notes that “opt-in” makes it more difficult for “companies to authenticate customers and verify account balances, and thus frustrate the ability to counteract fraud,” raises prices for many products and services “because competition would be reduced while fraud-related and marketing costs” would be higher, and denies opportunities to “consumers who now receive unsolicited material by phone or mail and act on those solicitations.”

7.  “Opt-in” is unconstitutional.

The use of “opt-in” where no clearly defined, significant harm is threatened violates the First Amendment. The Supreme Court has struck has down many ordinances that would require affirmative consent before receiving door-to-door solicitations, receiving Communist literature, even “patently offensive” cable programming. The words of the Court in Martin v. Struthers-involving a local ordinance that banned door-to-door solicitations without explicit (“opt-in”) householder consent-are particularly apt:

Whether such visiting shall be permitted has in general been deemed to depend upon the will of the individual master of each household, and not upon the determination of the community. In the instant case, the City of Struthers, Ohio, has attempted to make this decision for all its inhabitants.

More recently, the U.S. Court of Appeals for the Tenth Circuit in struck down the “opt- in” rules applicable to phone companies, like U.S. West. The court wrote that the government must show that the information the law would protect as private would inflict “specific and significant harm” on individuals. Absent a showing that “opt-in” rules are necessary to prevent a “specific and significant harm, they are unconstitutional.

8.  “Opt-in” would isolate consumers and businesses.

Last year, more than 20 states considered “opt-in” bills and every single state legislature rejected them. The nation’s Attorneys General backed away from “opt-in” rules, focusing instead on fine-tuning federal statutes and regulations. Even European nations, which in 1998 adopted “opt-in” laws, have now moved to “opt-out” laws-what the Europeans    call “implied opt-in”-for all but the most sensitive data. “Opt-in” may be the law on the books throughout Europe, but “opt-out” is the reality. In a global economy, any state that adopted “opt-in” harms its citizens’ interests and runs the risk of driving national companies out of state and small companies out of business.

9.  The time is wrong for radical experimentation.

Effective July 1, 2000, all U.S. businesses offering any financial services or product- banks, insurance companies, retailers with their own credit cards, investment companies, and the like-will have to comply with the comprehensive Gramm-Leach-Bliley Financial Services Modernization Act. This Act, like most other federally privacy law, adopts “opt-out” as the standard for privacy protection. In compliance with the new law, hundreds of thousands of businesses will send out as many as 2.8 billion privacy policies and “opt-out” notices to consumers. In the face of so much activity, and such dramatic technological change, legislators would do well to wait for the dust to settle before embarking on radical new privacy legislation.

10.  Educate, don’t legislate.

Consumers don’t need more laws; instead, they need help understanding and using the many legal rights that they already have. All the law in the world won’t protect citizens’ privacy if they don’t know how to use it, and even then, law alone is clearly not enough. If the public is to be protected from out-of-state and off-shore privacy invaders, citizens need to know more about technological privacy protections and the steps that individuals (and often only individuals) can take to protect their own privacy. Nothing can substitute for individual good judgment in the management of personal information and individual action in protecting privacy, yet few citizens will recognize the importance of that responsibility or have the knowledge to fulfill it without education. Resources should be directed toward educating consumers, not legislating unproven and costly solutions for problems that are only assumed, but not proven.

The urge for legislators to “do something” to further protect individual privacy is understandable and commendable. But “opt-in” is not the right way to go. Opt-in” is an exceptional tool that imposes high costs and harmful unintended consequences, and should therefore be reserved for exceptional situations where the risk of those costs and consequences is justified.