Computers, Privacy & the Constitution

View   r1
GlennLortscherFirstPaper 1 - 24 Mar 2008 - Main.GlennLortscher
Line: 1 to 1
Added:
>
>
META TOPICPARENT name="FirstPaper%25"

Your RDA of Privacy: A Nutrition Facts Label for the Web

-- By GlennLortscher - 24 Mar 2008

How much are lists of nouns worth? Quite a lot, if you can tie them to individuals. Google's AdWords? network has seen unprecedented growth doing just that-- scouring information from email, forms, and website content to sell individually- and demographically-targeted advertisements. Yahoo, playing catch-up, has increased the number of times it collects such data from its visitors each month to 2,520 (compared to Google's 578). As long as targeted advertising stays profitable, this type of data collection will continue to grow in size and sophistication (see Phorm, for an extreme example).

This is arguably fine, as long as consumers consent to how their information will be used. But website privacy policies are inadequate, and often cleverly worded to allay privacy concerns and maximize usage rights. If users knew the big picture-- how companies actually use their information, many would act differently. Several good solutions have been proposed, such as a Nutrition Facts-inspired label required on websites that collect any personal information. [1] In this paper, I flesh out why such a regulation is necessary and how to implement it in a way that empowers consumers.

Types of Personal Information

Consumers generally provide personal information to commercial websites for three purposes: to make purchases, to access services, or to add content to a social network or message board. In the first instance, for example, when a consumer buys a camera online, she provides her full name, telephone number, shipping and billing addresses, and credit card information. This information is kept in the form of electronic sales records. A consumer's expectations for usage of these records are grounded in the real world-- just like in-store or phone purchases, sales records can help resolve billing conflicts and facilitate product exchanges and returns.

Second, where personal information is exchanged for access to online services, usage of this information remains murky for consumers, since the economic value of such information is left unclear. That users treat these fields much like annoying End User License Agreements, clicking past them as quickly as possible, can be seen in the popularity of automated form-fillers like Gator and Roboform . A classic example is the New York Times, which requires free user registration to view much of its online content. The New York Times then uses this personal information to sell expensive, highly-targeted advertisements. [5] But user registration is not presented to consumers as a valuable transaction. It's easy for users to assume they're paying for content solely by viewing ads, just like on the TV, and not also by providing the personal information used to target those ads.

Third, where personal information, preferences, and opinions are revealed in user-generated content, consumers have no expectations for how this content might be mined and tied back to their various online persona. This is likely due to several user assumptions: that companies have little interest in reading user-generated content; that information revealed in content, as opposed to neatly-titled registration fields, is safe from mining and analysis; and that because there is no privacy release when posting content, that content is safe from being mapped back to the user's profile. These assumptions are usually incorrect, since most registration agreements state that all user-created content is "public", giving the website carte blanche permission to analyze and map that data however it pleases-- an unexpected outcome for most users.

This last example strikes at the core of the Privacy Policy problem-- seemingly innocuous provisions that ultimately fail to inform users what is actually done with information. By consenting only to vague processes, and not their outcomes, websites are at most obtaining barely informed consent. While companies use consumer information for pretty distinct purposes, from the consumer's point of view, all web forms appear the same. When Joe Consumer sees the Almighty Required Field Star when creating an Expedia account, is he going to enter "Easter J. Bunny" or his real name? With corporations in the better bargaining position, there is a strong case for regulatory intervention to achieve greater clarity for consumers.

The Solution: Before, During, and After

Since current privacy policies and terms of use are not successfully informing users about what happens to their data, then revealing those outcomes is the first step toward informed consent. To accomplish this, I propose that as long as a website wishes to retain personal information for use that extends beyond mere purchase records, it must take comprehensive steps before, during, and after it retains such information to inform and empower users.

Before: Privacy Facts

Before a user submits personal information, a Nutrition Facts-inspired Privacy Facts label should briefly summarize whether the website reserves any right to transfer or use personal information, and how (i.e. "Yes/No/Consent Required"). The label should also summarize any past transactions in user information with subsidiaries, affiliates, and third parties, including the dates and parties of the transaction, as well descriptions of all data transferred (i.e. "names, zip codes, hobbies"). Websites that conduct few or no transactions in user information will thus have nice, small labels. A Privacy Facts label would thus incentivize websites to pursue honest information policies, cutting off any attempts to allay concerns of potential users with a boring, overly general, and marketing-conscious privacy policy. By forcing websites to reveal cold hard facts and numbers beforehand, consumers can see for themselves how each website values privacy.

During: Complete Disclosure

While a user maintains an account (or, on websites that track users by IP address, a reasonable period of time), that user should have an easily accessible and complete profile of what is being tracked, how it is used, and to whom it is available.

After: Verified Destruction

As long as a website wishes to use personal information beyond purchase records, it must offer consumers the option to terminate the relationship, including all personal and associated information. The option must be easy to locate, and the destruction of this information must be verifiable.

Conclusion

If a website wants to profit from the retention of personal information, it must be prepared to protect the interests of those whose information it seeks to exploit. So far, websites have failed to prove that they can be independently trusted to seek informed consent. Private sector solutions like the TRUSTe Web Privacy Seal may only further mislead consumers, since they still fail to inform consumers about outcomes, while encouraging them to reveal their information. Further, a private solution would likely never rock the privacy boat, for fear that it might scare off its membership. Thus, as personal information increases in value, I argue that regulation as outlined above is the necessary path to empower consumers and protect consumers in managing this information.

[1] S. Tian, "All I Want for Christmas is A New Privacy Policy"

# * Set ALLOWTOPICVIEW = TWikiAdminGroup, GlennLortscher


Revision 1r1 - 24 Mar 2008 - 05:00:20 - GlennLortscher
This site is powered by the TWiki collaboration platform.
All material on this collaboration platform is the property of the contributing authors.
All material marked as authored by Eben Moglen is available under the license terms CC-BY-SA version 4.
Syndicate this site RSSATOM