The Perils of Privacy in a Digital Age

We live in an age where the privacy policy of Facebook (at 5,830 words) is longer than the U.S. Constitution (4,543 words excluding amendments).

A world where Facebooks’ 400 million users navigate privacy options which include more than 50 settings and more than 170 options (NY Times).

A time when privacy is discussed each and every day on Capitol Hill and throughout the halls of Washington DC.

Privacy is a red hot topic and one that shows no signs of abating.

The desire to create sweeping federal legislation that governs consumer privacy is something that has been simmering in Washington for years.  Recently, Rep. Rick Bouchier from Virginia (Chairman of the House Subcommittee on Communications, Technology and the Internet) and Rep. Cliff Stearns from Florida released draft legislation on the subject.

Under the heading of “you can’t please everybody all the time”, consumer groups are up in arms that the legislation does not go far enough to protect consumers.  Others are saying that the draft is a solid step forward for the industry, and will provide greater consumer controls and transparency into data usage.  There is no doubt that the debate will rage for some time before being introduced to Congress as formal legislation.

I think it is a reasonable starting point to elevate the discussion.

Specifically, the bill would require a company that collects PII (personally identifiable information) to display an understandable privacy policy that explains how the company uses the data.

Under the proposed legislation, companies can collect information about individuals unless they opt-out of those services. Information that is collected could be stored for up to 18 months, after which it would have to be anonymized or deleted.

Behavioral targeting (serving ads based on exhibited online characteristics) is a tremendous asset for marketers, and has become a meaningful piece of the online advertising equation.  The new legislation states that a third-party ad network would need to provide opt-out options via a “clear, easy-to-find link to a webpage for the ad network that allows a person to edit his or her profile and, if he chooses, to opt out of having a profile, provided that the ad network does not share the individual’s information with anyone else.”

There are probably some shades of grey here as sharing of information across partners is fairly routine assuming the appropriate disclosures and commercial relationships exist.  We spent an extraordinary amount of time speaking about data usage and privacy as we worked on the recently announced Terms & Conditions 3.0 for the online advertising industry.  It is a complex and highly charged issue, to say the least.

The even darker underbelly of privacy revolves around data security.  There have been several well publicized events that made valuable consumer data more public than intended.  A few notable examples of this recently occurred with two of the most prominent social networks, Twitter and Facebook.  Twitters’ stumble allowed users to “force” others to follow them on Twitter and naturally, celebrities were the target of many overzealous fans.  On Facebook, the flaw revolved around a privacy setting (go figure!) that allowed users to preview how their profile would appear to their friends. For a brief period of time, the flaw allowed users to actually see what their friends were doing and saying on Facebook.

It should go without saying that consumer data is sacrosanct and should be treated as such.  Companies must be held accountable for breaches, and we all need to get more sensitized to the data that is shuttling around cyberspace.  As the world becomes increasingly comprised of zeros and ones (i.e. digital), the proliferation of data will continue.  With that data comes great responsibility.  What do you think?

I am certain that many of you have opinions on this subject, and I’d love to hear them!