BACK TO PAPERS
QUESTIONS WE ASKED

5. What privacy choices do they offer to the user?

Everyone agrees that “choice” is crucial for protecting privacy. But what should the choices be?

  1. Do not call me, email me, or contact me in any way.
  2. Do not let any of your partners/affiliates/anyone else call me, email me, or contact me in any way.
  3. Let me access, edit, and delete my account information.
  4. Let me access, edit, and delete all information you’ve collected from me, including log data.
  5. Do not track my activities online.
  6. All of the above.
  7. None of the above.

Until recently, most tools offered by Internet companies over user information have focused on helping people avoid being contacted, i.e., “marketing preferences.” That’s what we cared about when privacy was all about the telemarketer not calling you at home. Companies have also given users access to their account information, which is in the companies’ interest as well, since they would prefer to have updated information on you.

But few companies acknowledge that other kinds of information they’ve collected from you, like log data, search history, and what you’ve clicked on, might affect your sense of privacy as well. Since they conveniently choose not to call this kind of information “personal,” they have no privacy-based obligation to give you access to this information or allow you to opt out of it.

Still, in the last year or two, there have been some interesting changes in the way some companies view privacy choices.

They’re starting to understand that people not only care about whether the telemarketer calls them during dinner, but also whether that telemarketer already knows what they’re eating for dinner.

Most privacy policies will at least state that the user can choose to turn off cookies, though with the caveat that the action might affect the functionality of the site. AskNetwork developed AskEraser to be a more visible way for users to use Ask.com without being tracked, but as privacy advocates noted, AskEraser requires that a cookie be downloaded, when many people who care about privacy periodically clear their cookies. AskEraser also doesn’t affect data collection by third parties on its site at all.

More interestingly, Google recently announced some new tools for their targeted advertising program for people concerned about being tracked. These tools include a plug-in for people who don’t want to be tracked that will persist even when cookies are cleared and a way for users to know what interests have been associated with them. More information here and here. Google’s new Ad Preferences page also allows people to control what interests are associated with them and not just turn off tracking altogether.

Neither tool is perfect but they’re still exciting. The more users are able to see what companies know about them, the better they can understand what kind of information is being collected as they use the service. And Google seems to recognize that people’s concerns about privacy can’t be assuaged just through an on-off switch, although their controls would be more meaningful if they were more contextual.

Ultimately, however, user choice should result in more fundamental changes to the way data is collected. Right now, Google’s targeted advertising program can afford to lose the data they would have tracked from privacy geeks, and still rely on getting as much information as possible from others, most of whom have no idea what is happening. A more significant step forward would be the development of new approaches that will change the way data is collected for everyone.

Questions we asked of each company.

  1. What data collection is happening that is not covered by the privacy policy?
  2. How do they define “personal information”?
  3. What promises are being made about sharing information with third parties?
  4. What is their data retention policy and what does it say about their commitment to privacy?
  5. What privacy choices do they offer to the user?
  6. What input do users have into changes to the policy’s terms?
  7. To what extent does they share the data they collect with users and the public?

Introduction / Conclusion / Preview Blog Posts