I spent almost all of my first full day here at SXSW attending sessions and talking to smart people about data privacy. After talking to both hardcore privacy advocates on one side and Internet companies and advertisers on the other, I’m starting to see the real outlines of the issue.
It’s not black and white. Both sides have their points. Internet companies whose web sites and apps collect personal information from users can indeed use that data for consumer-friendly purposes. At the same time, many Internet companies now believe that they own user data and can do with it what they please.
Tech entrepreneurs in Silicon Valley see the collection of personal data is seen as an opportunity to tailor-fit web content -- and ads -- to individual needs and tastes. This is good for the web company, which makes money selling the data to advertisers, and arguably good for the consumers who see only ads that relate to them.
The problem is, while companies like Facebook are getting better at targeting ads at us based on our personal information, it still doesn’t work very well. I still see a lot of ads about things I don’t care about. For example, Amazon can make no distinction between a product I bought for someone else versus a product I bought for myself, so they begin suggesting other products to me that are similar to the one I bought as a gift.
“Seeing only ads that directly relate to my life could be good,” says Popular Mechanics writer Glenn Derene, who spoke on the subject here. “It only turns into a bad thing when something goes wrong, like when my data is lost or when they do something with my data I didn’t authorize them to do.”
And it’s mostly the dark side of personal data harvesting that we’ve seen so far. Numerous large data thefts from large, otherwise respectable companies have shown up in the news. In one of the largest breaches in history, the marketing company Epsilon lost millions of personal data records shared with it by clients like Citibank last summer.
And most people in the industry would agree no real legal framework is in place to ensure that the victims of such mass identity thefts get justice. Data privacy laws exist in 46 states, but no comprehensive privacy law exists at the federal level. And since the Internet crosses state lines, a federal law is what we need.
On a civil, legal level, there just isn't enough precedent. In cases where the individual can prove harm after their data was stolen, the cases usually settle out of court, says Eric Youngstrom of CSID, an Austin company that helps banks and other companies after a data breach. Settlements are great but when the cases settle out of court no legal precedent is set, so future victims lack that piece of legal footing.
For most of us the data privacy issue is mostly about sites like Facebook and others collecting our personal information, interests, and browsing habits. In the Facebook example, we voluntarily provide our personal and taste information at the Facebook site, and if we use Facebook Connect, then Facebook can learn where we are going on the web, too.
The reality is that companies like Facebook -- even if they don’t say so -- provide a social networking service for free in exchange for the right to use your data to make money. Derene had a very good maxim about this tacit agreement: “If the product is free, you’re the product.”
But not all companies look at personal data the way Facebook does. Newer app developers and Internet companies are beginning to use respect for data privacy as a selling point. “Developers have to let consumers exactly what the app is going to do, says “cyborg anthropologist” and Geoloqi cofounder Amber Case.
“People just don’t want to be surprised; they want us to tell them exactly what the data will be used for, and for how long, and if it’s going to be put into a silo, or if we will put it in a data file and sent back to them,” Case says. “They just want a lot of transparency.”
If Internet companies would just get better at that one part -- the part where they tell us they are collecting our data and exactly what they intend to do with it -- it would be a huge first step toward easing internet users’ privacy worries.