When we started this survey of privacy policies, our goal was simple: find out what these policies actually say. But our larger goal was to place the promises companies made about users’ privacy in a larger context—how do these companies view data? Do they see it as something that wholly belongs to them? Because ultimately, their attitude towards this data very much shapes their attitude towards user privacy.
In the last couple of years, we’ve seen an unprecedented amount of online data collection that’s happened largely surreptitiously. We can’t say that we, as users, haven’t gotten something in return. The “free” services on the internet have been paid for with our personal information. But the way the information has been collected has prevented us negotiating with the benefit of full information. In other words, we haven’t gotten a good deal. The data we’ve provided is so valuable, we should have struck a harder bargain.
And I think more and more people are starting to feel that way. Even though most only feel a vague discomfort at this point, it’s unlikely that companies like RealAge will be able to continue what they’ve been doing.
For us at CDP, the fear is that we’ll throw the baby out with the bathwater. We don’t want to shut down data collection altogether—we just want companies to stop thinking of our data as their data and their data alone. We want to be able to share in the incredible value that this data has, so that we as a society can all benefit from the data collection and analysis capabilities we’ve developed. Of course, that’s only possible with stronger privacy protections than are available now, which is why privacy is such an important issue for us to understand.
So what would it look like for us to “share” in the value of data? It might sound crazy that companies collecting all this data would ever share data with their users, but it’s already happening.
Google, as a company that believes it’s in the business of information rather than advertising, does make some sincere efforts to provide data to the public. Google Trends may be intended for advertisers, but it also provides the whole world with information on what people are searching for. Google Flu Trends is a natural outgrowth of that, and some researchers believe this data can be helpful in determining where flu outbreaks are going to occur faster than reporting by clinics.
Some companies, like eBay and Amazon, have built their data collection into the service they provide to their customers. Some of the information they collect on transactions and ratings can be viewed by all users. Anyone looking to bid on an item on eBay can see how other buyers have rated that seller. A user of Amazon looking to buy a new digital camera can view what other buyers considered.
Although Wikipedia is a bit different as a nonprofit, the service it provides also actively incorporates public disclosure of the data collected. The contributions of any one editor can be seen in aggregate and aggregate stats on website activity are also available to the general public. This information is important in the self-policing that is essential for Wikipedia to maintain any credibility.
Although the amount of data these companies are sharing with their users and the public is miniscule compared to the amount of data they’ve actually collected from us, it raises the possibility that data collection could happen in a completely different way than it does now. Companies could make more obvious that data collection is happening, and instead of scaring users away, give users some reason to participate in the collection of data. The whole process could be one in which users are openly engaged, rather than one in which users feel hoodwinked.
So this is our goal at CDP: what do we need to do in terms of privacy protection, both in terms of technologies and social norms, to make this model of data collection possible?