7. To what extent does they share the data they collect with users and the public?

When we started this survey of privacy policies, our goal was simple: find out what these policies actually say. But our larger goal was to place the promises companies made about users’ privacy in a larger context—how do these companies view data? Do they see it as something that wholly belongs to them? Because ultimately, their attitude towards this data very much shapes their attitude towards user privacy.

In the last couple of years, we’ve seen an unprecedented amount of data collection that’s happened largely surreptitiously.

We can’t say that we, as users, have gotten nothing in return. The “free” services on the internet have been paid for with our personal information. But the way the information has been collected has prevented us from negotiating from the vantage point of someone with full information. In other words, we haven’t gotten a good deal. The data we’ve provided is so valuable, we should have struck a harder bargain.

In some ways, consumers are starting to already feel that they’ve gotten a bad deal. Even though most only feel a vague discomfort at this point, it’s unlikely that companies like RealAge will be able to continue what they’ve been doing. RealAge promoted itself as a simple online quiz to help people be healthier, with endorsements by famous doctors, with only limited disclosure of the fact that their profits were based on selling quiz-takers’ information to pharmaceutical companies.

For us at CDP, the fear is that we’ll throw the baby out with the bathwater. We don’t want to shut down data collection altogether—

We just want companies to stop thinking of our data as their data.

We want to be able to share in the incredible value that this data has, so that we as a society can all benefit from the incredible data collection and analysis capabilities we’ve developed. Of course, that’s only possible with stronger privacy protections than are available now, which is why privacy is such an important issue for us to discuss and understand.

So what would it look like for us to “share” in the value of data? It might sound naïve that companies collecting all this data would ever share data with their users, but it’s already happening.

Google, as a company that asserts it’s in the business of information rather than advertising, does make some sincere efforts to provide data to the public. Google Trends may be intended for advertisers, but it also provides the whole world with information on what people are searching for. Google Flu Trends is a natural outgrowth of that, and some researchers believe this data can be helpful in determining where flu outbreaks are going to occur faster than reporting by clinics.

Some companies, like eBay and Amazon, have built their data collection into the service they provide to their customers. Some of the information they collect on transactions and ratings can be viewed by all users. Anyone looking to bid on an item on eBay can see how other buyers have rated that seller. A user of Amazon looking to buy a new digital camera can view what other buyers considered.

Although Wikipedia clearly has a different incentive model from the other organizations as a nonprofit, the service it provides also actively incorporates public disclosure of the data collected. The contributions of any one editor can be seen in aggregate and aggregate stats on website activity are also available to the general public. This information is important in the self-policing that is essential for Wikipedia to maintain any credibility.

Although the amount of data these companies are sharing with their users and the public is miniscule compared to the amount of data they’ve actually collected from us, it raises the possibility that data collection could happen in a completely different way than it does now. Companies could make more obvious that data collection is happening, and rather than frighten users, make the availability of that data another service they provide. The whole process could be one in which users are openly engaged and actively choose to participate, rather than one in which users feel hoodwinked and left out.

Questions we asked of each company.

  1. What data collection is happening that is not covered by the privacy policy?
  2. How do they define “personal information”?
  3. What promises are being made about sharing information with third parties?
  4. What is their data retention policy and what does it say about their commitment to privacy?
  5. What privacy choices do they offer to the user?
  6. What input do users have into changes to the policy’s terms?
  7. To what extent does they share the data they collect with users and the public?

Introduction / Conclusion / Preview Blog Posts