By using website you agree to our use of cookies as described in our cookie policy. Learn More

TDWI Upside - Where Data Means Business

Opt-In Versus Opt-Out: The Big Question for Consumer Privacy

Facebook is once again testing privacy concerns and consumer patience with its recent bank talks, raising privacy issues and business trade-offs for opt-in versus opt-out.

Facebook just can't learn its lesson. After appalling consumers with revelations of lax handling of data during and after the Cambridge Analytica scandal, raising lawmakers' concerns with its CEO's congressional testimony, and suffering the biggest single-day plunge in the history of the stock market, one would think the social giant would focus on tightening security and reversing its string of PR nightmares.

For Further Reading:


Balancing Privacy and Profit in Customer Analytics

GDPR and Tokenizing Data

Instead, the Wall Street Journal reported that Facebook is attempting to forge partnership deals with Wells Fargo, Citigroup, and other major banks and financial institutions. The proposal: Facebook will broaden banks' connection to online users in exchange for data on account balances, credit card purchases, and other financial information.

Unsurprisingly, this news resulted in yet another wave of bad publicity. Facebook denies that it requested customers' financial information, claiming that connecting financial services to the Messenger app requires a customer to take action, but the public mood is hardly favorable to giving Facebook access to more (let alone more sensitive) user information.

Regulation Dawning

From Facebook to Google to Apple and many other websites and devices, one thing is clear: consumers know very little about the extent and types of data that tech companies gather on them. Now, public outrage is starting to bring regulatory scrutiny to an industry that has been traditionally free of such oversight.

The result: Greater regulation is all but guaranteed. In fact, it's already happening, and the results might end up being unsatisfactory for all parties.

The General Data Protection Regulation (GDPR) in the European Union changed the worldwide conversation around privacy. With the passage of the California Consumer Protection Act of 2018, the U.S. is starting to follow suit.

Privacy advocates cite these measures as long overdue. Given the current climate surrounding Facebook and its services, it seems unlikely that financial institutions will enter into a wide-scale partnership where Facebook handles their customers' private data.

The question amid this latest controversy is: What will the current privacy scandals and corresponding push for greater security mean for the ability of websites and companies to meet the needs consumers have come to expect?

The Centrality of Technology

The proposed partnerships between Facebook and major banks do not signal a nefarious effort on Facebook's part to gain access to sensitive user data. Instead, it is a push to connect Facebook to another major arena of Internet usage: online banking.

Through integration with Facebook Messenger, users would have the option to use the app as another avenue for customer service. Other reports mention potential applications such as receiving fraud alerts and balance updates on the app.

On the surface, these features all sound beneficial to the consumer. This is true of other Facebook features, too. The robust Facebook ad network gives brands and marketers the ability to target consumers granularly, personalizing ads for products and services and delivering them to audiences based on demographics and other user characteristics.

Historically, consumers have responded positively to the convenience and customization of Facebook. The "all-in-one" quality is attractive because it gives consumers the ability to manage and grow their online habits -- not to mention their daily lives -- from a central hub.

In exchange for the multifaceted use of these platforms, consumers expect their information will be secure. In the case of Facebook, the company has reaped the financial benefits of its platform but failed to maintain the infrastructure that preserves this trust.

What Now?

The wording of the California Consumer Privacy Act and Facebook's characterization of the potential integration of Messenger and online banking information provide a helpful study in contrasts. One of the major provisions of the Consumer Privacy Act requires companies and websites subject to the law to give consumers the option to "opt out of the sale of personal information." Facebook, meanwhile, characterized the current small-scale banking features on Messenger as "completely opt-in."

There is a significant difference between giving consumers the option to self-exclude and requiring consumers to make that decision themselves up front, before using a website or app.

As the first legislation of its kind in the United States, the California Consumer Privacy Act will influence subsequent privacy legislation in the country. Should forthcoming statutes require an "opt-out" clause, consumers may be disinclined to take the initiative to request their information be exempt from sale or removed from website servers.

Companies that comply with data privacy regulations would benefit from the prevalence of opt-out language. Websites and apps would lose some data from users who opt out, but that should represent a relatively small cross-section of users. After all, not many users read the Terms and Conditions page.

On the other hand, if users are required to give permission to the website or business to use their data, this could be problematic for both parties. Consumers faced with a choice are less likely to opt in when they see a combination of fraught buzzwords (use/sell personal information) and complicated, statute-driven language.

Brands, consumers, and third parties are more likely to suffer should websites and tech platforms become subject to opt-in language. Fear or misunderstanding may reduce the number of willing users, which reduces the availability of user data. Diminished user data makes it more difficult for the business to offer broad, personalized services, which in turn leads to less use by advertisers.


Regulation is inevitable for any industry when it rides roughshod over the consumer. Unfortunately, the push for regulation ignores the genuine benefits of personalized browsing and online experiences.

Facebook appears to be unwilling or unable to police itself, an attitude that will likely create more scandals surrounding how it handles user data and undercut efforts to expand its service. However, it's important not to crack down on an entire industry because of one company's highly visible negative headlines.

As laws and regulations are drafted, the goal should be a focus on improving security, not reducing functionality. Regulation can push the effort forward, but it's in the best interests of tech companies to lead the charge independently.

About the Authors

Dan Goldstein is a licensed attorney who served in the legal division of the Office of the Comptroller of the Currency. He is the owner and president of Page 1 Solutions, LLC, a digital marketing agency serving attorneys, doctors, and dentists. You can learn more about him here or contact the author via email here.

Adam Rowan is a content specialist for Page 1 Solutions, LLC. He has written for a variety of online media outlets for more than 10 years. You can contact the author via email here.

TDWI Membership

Accelerate Your Projects,
and Your Career

TDWI Members have access to exclusive research reports, publications, communities and training.

Individual, Student, and Team memberships available.