Some Thoughts On Online Privacy
There are signs that Washington is gearing up to do something big in the area of online privacy. The FTC put out a report earlier this week and the White House called for a "privacy bill of rights" last month. Both have asked Congress to act on this issue.
I thought I'd lay out some basic thoughts and principles on the data we create, share, and curate on the open Internet.
1 – Our clickstreams, search history, likes, tweets, photos, and so on and so forth is our data and we should have the ability to control it, delete it, and limit how it is used. That seems like a basic right that should be available to everyone who uses the Internet.
2 – Those who do not want to be tracked should have the ability to opt-out of being tracked. The Do Not Track industry self regulation effort (in browsers, ad networks, etc) is long overdue and I hope we see real usable tools soon. The FTC expects these tools by year end. I hope they are right.
3 – Tracking and profiling provides real value to me and many users on the Internet. I like using Amazon and getting recommendations based on my purchase history. I like using Twitter and getting recommendations for who to follow. I like using Foursquare Explore and getting recommendations for places to go to based on my checkin history and my friends' checkin history. We should not do anything to limit the ability to offer these valuable personalization services on the web and mobile Internet.
4 – There are significant Internet revenue streams based on profiling and tracking. Much of the online advertising business is built on these approaches. And an increasing amount of commerce revenue is based on recommendations and personalization. We should be careful not to undercut the economic underpinning of the Internet in our attempts to regulate online privacy.
6 – There is a big difference between collecting data and using it within a web or mobile service and collecting data and selling it to third party services. I understand that the data Foursquare has on me will be used by Foursquare to make better recommendations and to target offers and specials to me. That makes sense and my decision to use Foursquare and continue to use it is an implicit license for them to do that. But I cannot use that same implicit license when the data on my activities is collected and sold to third parties.
7 – With the advent of open APIs, much of this data is not actually being sold, but it is moving freely around the web via the plumbing of the Internet. This is an area we should be particularly careful not to crimp. Open APIs are at the center of the permissionless innovation movemement and are responsible for many of the new services that are being built.
I do not have a specific set of recommendations for our elected officials on this issue. But I do agree that codifying best practices and policing the truly bad actors is a good idea. The Can Spam Act of 2003 is a good example of how industry self regulation codified in legislation was a net positive for everyone. That bill took a lot of work by the industry trade groups to get right and there were versions of Can Spam that would have be highly problematic for the industry. I suspect that will be the case with online privacy legislation too.
So everyone working in the Internet industry should make their voices heard in Washington on this issue. If you have a business that will be impacted by online privacy legislation, figure out how to engage in the debate/discussion. And the staffers in Washington who are working on this effort should reach out to the Internet industry (and not just Google and Facebook) to get a front lines view of the issues. If you don't know how to do that, you can contact me via the contact link at the bottom of this blog.