What people say they do vs. what they actually do

I read a nice factoid on this topic this morning in Eric Schaffer’s Institutionalization of Usability book. It’s a quote from Jared Spool:

In April of 2002, Princeton Survey Research Associates surveyed 1,000 adult Internet users about their concerns with privacy on the Internet. In the survey, only 18% said they never read privacy policies most of the time, or every time they shop.

Yet, in our study of more than 1,000 shopping sessions, where we actually observed what users did while shopping, we noticed that only two users ever checked the privacy policy. And for these two users, it had no effect on their shopping behaviour. This is yet one more case of users doing something different from what they say they do.

To reiterate this point –

What users said they do:
82% of users said they read privacy policies (from survey data)

What they actually did:
0.2% looked at privacy policies (in user tests)

This ‘observational data vs self-report’ argument is a road well trodden (read Jakob’s 2001 alertbox on this topic here, or a great signal vs. Noise post here), but I like this factoid because it sums up the argument so well.

[Note – typos have been removed from the original post. Thanks Jared!]