Last year, the Common Data Project started a project to survey and analyze the privacy policies of some of the largest, most visited Internet companies. Reading the policies was truly as painful as expected, horrifically boring and difficult to decipher. We found that many companies are as vague and wordy as they can be, which is surely no surprise to anyone interested in online privacy. So why did we do it?
CDP is committed to understanding and articulating a set of “best practices” for data collection and privacy protection. We don’t simply want to criticize companies for their obfuscation. We want to set forth standards that declare it is both possible and desirable to make privacy an integral part of data collection, and not just an afterthought.
But what’s the status quo? What are major companies promising now? What language are they using, and what implications are there for the kind of privacy concerns people actually have?
It might seem like an odd question. But the fact that there is data collection going on that’s not covered captures so much of what is confusing for people who are used to the bricks-and-mortar world. When you walk into your neighborhood grocery store, you might not be surprised that the owner is keeping track of what is popular, what is not, and what items people in the neighborhood seem to want. You would be surprised, though, if you found out that some of the people in the store who were asking questions of the customers didn’t work for the grocery store. You would be especially surprised if you asked the grocery store owner about it, and he said, “Oh those people? I take no responsibility for what they do.” (Even Walmart, master of business data, probably doesn’t let third parties into its stores to do customer surveys that aren’t on Walmart’s behalf.)
Companies that don’t allow third party advertisers, like Craigslist, of course have no reason to declare this is happening.
We’ll eventually publish a report summarizing our findings on our website, but we’re going to keep rolling out these posts analyzing different aspects of online privacy policies. We’d love to hear what you think about our analysis, whether you agree or vehemently disagree. Tune in for more.