Comments on: Should Online Companies Be Forced To Forget?

By: Dusan

Dusan — Mon, 04 Jan 2010 16:03:20 +0000

Indeed, EU is very strict on that and it bothered me a long time, until I’ve found out that bad people do exist (I’m quite positive towards people otherwise). Sometimes tough things get quite funny with this. We have “officers” that make strange decisions sometimes.
And yes, as you’ve written, not only for customer protection, but for brand protection as well this is important. Great discussion.

By: Paul

Paul — Mon, 04 Jan 2010 15:37:09 +0000

Dusan, coming from the European continent, I knew you’d have a much different perspective on data privacy. In fact, the EU data privacy directive, for instance, offers “protection of individuals with regard to the processing of personal data and on the free movement of such data” across borders. So marketers in the EU must work within the confines of set privacy regulations with the accompanying data anonymization guidelines.
In the United States, no such broad based policy exists. Marketers have a patchwork of various regulations such as Graham-Leach-Bliley Act, Health Insurance Portability and Accountability Act, California’s SB 1386 and other duplicative statewide mandates for data collection, privacy and security.
Data collection and security practices should matter very much to marketers – not only to ensure compliance (both govt and industry), but also with the realization that mistakes can tarnish the very brands we work so hard to build.

By: Dusan

Dusan — Mon, 04 Jan 2010 08:39:02 +0000

Wow Paul, this is a tricky field.
1. Should online companies be required to “forget” what they know about their customers and transactions? If so, what is the cut-off point?
Yes, even tough it can help companies, as well as their customers to live better, they should erase linkage to the personal data. When depends greatly on cases, so several rules should be applied I assume.
2. Should corporations advertise that they quickly “forget”?much as Ask.com has?
For a period yes, but it should become a common practice. I hate ask.com otherwise.
3. Are consumer privacy concerns regarding data collection policies more bark than bite?
In general, the concerns are very much barking. But it can affect specific people and processes, so the bites can be too heavy. Even tough I’m very open and would like to see the world where we would share everything without fear, there are some pretty ugly and bad people around. And they wouldn’t mind destroying your life with few data they get. So just because of these bites, we should be extremly careful. And these people have a way of reaching to ask.com database. It is just a question of time when they will reach something important.
In general, I’m for more strict rules. Marketers were competing in the past as well with other data.

By: Paul Barsch

Paul Barsch — Wed, 30 Dec 2009 21:03:30 +0000

Cam, appreciate your comments! One of the bigger challenges for privacy advocates is data that an internet user does not willingly offer or data that he/she does not know they are “leaking”. For example, when a search engine or other online company can piece together a users behavior from web sites visited, search engine terms used, emails, videos watched, news sites, blogs posted etc, it becomes pretty easy to assemble a complete picture on an individual.
Concerning? You’ll have to decide for yourself!
http://www.eff.org/wp/six-tips-protect-your-search-privacy

By: Cam Beck

Cam Beck — Tue, 29 Dec 2009 23:00:13 +0000

Paul -
It’s the second part that bothers me more than the first.
Perhaps this is my ignorance talking, but assuming basic measures of confidentiality (i.e., they do not publish or sell what they learn, except arguably as part of aggregate data), what do I have to fear from the profile any company builds on me from information I willingly gave them?
If I trust them with my name, address and credit card information, I’ve already given somebody the capability to steal from me. I would only give it to them if I trusted them enough to safeguard what I’ve given them. That applies to both their moral predilections as well as their technical proficiency for building effective security measures.
If I don’t trust any one of them, I wouldn’t knowingly supply them any information from which they could build an accurate and personally identifiable profile.
So the questions (to me) are twofold:
1. What kind of accurate and personally identifiable profile could they build on me WITHOUT my knowledge or consent?
2. What capacity would that give them to do me actual harm, assuming they were so inclined?

By: Paul

Paul — Tue, 29 Dec 2009 16:20:41 +0000

Cam, appreciate that you’ve taken time from your holiday break to respond.
While storing and analyzing behavioral data helps online companies improve user experiences and supports selling advertising, it all really comes down to “trust” doesn’t it? Online companies –esp search–have the power to assemble a complete profile on a user especially when their data is supplemented with third party information.
Do you trust the online sites you use to do the “right thing” with the data they collect? Do you trust them to “do no evil”? That’s a question that every internet user must answer.
To your other point, what if you trust an organization, but there is a security/data breach and your information is stolen by an organization with a nefarious purpose? What would be the ramifications? These are issues that are often not thought about when we browse online, but perhaps deserve careful contemplation.

By: Cam Beck

Cam Beck — Mon, 28 Dec 2009 15:55:41 +0000

I often wonder what people are worried about companies doing with the sorts of information they collect, that current laws don’t already discourage.
The biggest and most credible threat, I think, isn’t that companies have “too much power,” but that the information they collect will be stolen, since it must remain accessible by the system, which means there is a possibility that someone will figure out a way to breach it and use it for nefarious purposes.
With this in mind, I wonder why “privacy advocates” are up in arms about corporate bogeymen — as long as the information they have was willingly given. Who cares if they extrapolate inferences from that?
While I agree with privacy advocates (for the above reasons) that we must take precautions when considering if, what, and how we collect information from our customers, if we cannot address the real reason for our worries, it will be difficult if not impossible to address the proper causes of our insecurity.
Most of the objections I hear have to do with “privacy advocates” objecting to Internet users being shown a relevant ad. That’s an incredibly weak objection, IMO — one that, if they have it their way, will seriously hamstring an industry bubbling with opportunities for increasing peoples’ productivity and efficiency.