Steve Baldwin (who has the totally amazing Brooklyn Parrot blog) left following comment today on an article by Dave Morgan, Privacy: Self-Regulate or Be Regulated:

…We need a major paradigm shift (sorry for the cliche) when we think about privacy or this industry is toast. Let?s start by stipulating that the data that you generate as you travel through the infosphere belongs to YOU, not some shadowy marketing organization. Unless you give explicit consent that someone else can have this data, it?s YOURS. Nobody (except the government pursuant to a lawful request) can view it, trade it, or sell it. And any data given as a result of an express consent can?t live forever: it must be destroyed within a short time…

I replied:

I have to say I struggle a bit with the concept of personal data ?ownership?… Data has never belonged to the individual in the past. Certain institutions have had limitations because of the nature of the specific data they deal with, but even banks have never been required to destroy records and everything can be subpoenaed.

People who see you going into a porn shop or an AA meeting have always been capable of spreading the word, with no limitations or repercussions. I know where you work ? I tell somebody else ? have I just breached your proprietary data?

The big difference is the spike in ?creepiness factor? that comes with the volume of information available, combined with the ease of its distribution. The big difference is how much money can be made on the backs of our personal data.

I think this phenomenon — that this information used to be available, and now we’re demanding that it be treated as sacrosanct — is one of the key challenges in identifying and implementing universal principles of privacy.

Behavior is nearly always visible, and any transactive behavior (including getting on the Internet) is always visible, if only by the entity on the other end of the transaction. So the privacy question is this: how much responsibility is assigned to the person engaging in the behavior, and how much to the guys on the other end?

Should that depend on the type of data and how visible it would be even without special access? For example, if I buy a car, everyone can see it and know that I own that car. What they can’t see is whether I paid cash or borrowed money or bought it out of my family trust. So should the fact that I own the car be considered ‘my’ data? It’s kind of out in the public domain, isn’t it? What about how I paid for it?

What if we’re talking about something else, like renovation supplies I bought at Home Depot? (We don’t have Home Depot in New Zealand, and boy do I miss it.) It’s possible that the person next to me at the register could see not only what I’m buying, but how I’m paying for it, and put that information on his or her blog. So is it the data that should be private, or is the problem with its systematic collection or its dissemination?

I want to be clear here that VortexDNA doesn’t store any behavioral data at all. Nonetheless, these questions are vitally important to our industry if we’re hoping for self-regulation. Personally, I think the self-regulation thing is an uphill battle. Even though there are lots of us who treat the issue seriously and welcome high-quality standards, there are still too many players who are hoping to make money with unsavory privacy practices, too many who are hoping Congress will drop the issue, too many who benefit from the status quo.

I’m interested in your views on privacy, data ownership and self-regulation. What do you think?

This entry was posted on Thursday, September 25th, 2008 at 11:58 pm and is filed under Privacy. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.