e-Privacy?

The everyday activities of most Americans are now routinely recorded and analyzed by a variety of governmental and commercial organizations. From telephone calls to ATM withdrawals and credit card purchases, from supermarket discount cards to doctors’ visits and drivers’ licenses, we generate data with almost every move we make. Collection and analysis of that data trigger a variety of incursions on our "right to be let alone," from piles of advertising in our mailboxes to phone solicitations at the dinner hour to audit flags on our income tax returns.

Detailed information on an individual’s credit, health, and financial status, on characteristic purchasing patterns, and on other personal preferences is readily available on centralized computer databases and is the engine behind the multibillion-dollar direct marketing industry. A May 1999 survey on privacy in The Economist notes that "the trade in consumer information has hugely expanded in the past ten years. One single company, Axicom Corporation in Conway, Arkansas, has a database combining public and consumer information that covers 95% of American households." A Forbes cover story in November 1999, "I Know What You Did Last Night," highlights the way different slices of consumer data can now be pulled together to create a composite picture of any individual’s life. "Computers now hold half a billion bank accounts, half a billion credit card accounts, hundreds of millions of mortgages and retirement funds and medical claims and more. The web seamlessly links it all together. As e-commerce grows, marketers and busybodies will crack open a cache of new consumer data more revealing than ever before."

We generate data with every move we make.

Even though most of the personal information in question has come from interactions with banks, credit card associations, direct mail houses, and other organizations that started mining personal data for profit long before the net burst into prominence, public concern about privacy protection today tends to focus on the Internet. If our society and its citizens have been living with pervasive personal data collection over the past several decades, why has the Internet become such a focal point for concerns about individual privacy? Are we holding the Internet up to a standard of privacy protection that has been abandoned in our dealings with other media? In answering this question it is useful to consider how the Internet challenges traditional notions of privacy and how different disciplines are attempting to address the difficulties of protecting and even of defining what constitutes personal privacy in the context of a multifunctional, easily customizable, and still evolving global network.

Privacy Is in the Eyes of the Beholders

Here is a self-administered privacy test that is frequently used to illustrate the spectrum of opinion on what constitutes a privacy issue in different settings:

What is your reaction to the discount offer? Would you be happy to take the discount with no questions about how it was tailored to your interests? Would you demand to know more about what information the observer had collected and what would be done with it? Would you feel that this type of surreptitious observation was less of a service and more of an unwanted intrusion on your privacy? Now shift the focus of the scenario to browsing and buying on the web. Does this change your reaction to the discount offer?

There are no consistent answers to these questions, and the wide range of reaction mirrors the different ideas that people have about private/public boundaries and comfort levels with sharing personal information. Before the Internet, the scenario and the responses to it might have been of academic interest in defining privacy boundaries, but they would not have had much real-life application. Following customers around on their shopping excursions was not financially viable for companies in the physical world, so they relied on other, more cost-effective, means of consumer profiling and data collection. Tracking shoppers’ behavior on the Internet is, however, efficient and increasingly common. Instead of contemplating a hypothetical scenario, online consumers face the reality of constant scrutiny.

If companies on the Internet continue to soak up information as fast as customers can click through a web site, then privacy will be held hostage to technology.

The real-time application of information collection, behavior monitoring, and data-mining activities has been significantly enhanced by the Internet, enabling new approaches to interactive marketing and the personalization of advertising messages through a variety of new media tools and technologies. Sophisticated online tools enable even the smallest companies to obtain and analyze types of customer information that were previously impossible to compile or available only to those corporations with massive marketing budgets. The Gartner Group predicts that 85 percent of the world’s largest companies will have an active online marketing program by the end of 2000. These programs typically include the ability to track the path that online users take through the company’s own web site, what documents the user opens, what searches take place, how long a user spends on any part of the site, and what items are placed into shopping carts. All this data can then be linked to whatever personal information the user may have shared with the company by filling out a registration form, requesting a special service, and so on.

Many users are not aware that their online behavior is so readily recorded and analyzed. Even fewer know that services like DoubleClick contract with a number of the most popular web sites to pool online browsing information for an even richer and more detailed profile of consumer behavior across all of its clients. When DoubleClick announced plans in the summer of 1999 to acquire Abacus Direct, an offline database-marketing company, privacy advocates quickly raised objections. They asserted that merging the Abacus database—an enormous file with individual names, addresses, and buying patterns of more than 88 million catalog shoppers—with the online tracking power of DoubleClick would concentrate too much personal consumer information in the hands of one company. DoubleClick does not currently link its online behavior profile services to individual names and addresses (instead, it monitors the web activity generated by individual computers), but the merger raised the possibility of future products with even more detailed personal reports. Despite a flurry of criticism and discussion in public policy and privacy circles, the merger announcement and its implications for online privacy never penetrated the general consumer consciousness. One reason is that the techniques and technologies that underpin both online tracking and personalization service are still mysterious to the average Internet user. Another is that DoubleClick and similar services operate behind the scenes, and, unlike the decision to fill out a form on a web site, their data-gathering activity never becomes visible to the average Internet user.

For the hundreds of companies that develop and market such online tracking and data-mining capabilities, the development of these technologies and their adoption by millions of web sites represent vital entrepreneurial opportunities. Clearly, these online data-tracking and analysis products are much in demand. For all types of companies that do business on the web, learning as much as possible about visitors is a precondition for offering customized services and may be the key to growth and expanded revenues. Unless there is some external pressure to place limits on how much customer information is collected, or how it is used, it seems likely that online data-mining practices will be fine-tuned and expanded as quickly as the technology that supports them.

If companies on the Internet continue to soak up information as fast as customers can click through a web site, then privacy will be hostage to technology. A small percentage of web-savvy and technically astute users may register their objections and find ways to subvert those practices they define as a violation of their privacy. Small groups of consumers may adopt the new tools and services that are emerging to provide online anonymity by serving as a single trusted proxy for the individual. Others may have no problems with full disclosure to any web site and may simply wish to be informed in advance that tracking is taking place. In the absence of any accepted guidelines clarifying the scope of acceptable data collection or regulations limiting the use of personal information, questions about the appropriate balance of privacy and disclosure would have to be weighed by the individual consumer and then negotiated with each web site that is visited. This type of negotiation is likely to be a daunting proposition.

A Public Place?

From the ethical and the legal perspectives, it is important to establish whether the Internet is intrinsically a public place—that is, a location where it is clear to users that their actions and communications can be readily observed. The flexibility of the Internet and the multiple functions that it serves for most users make the answer less obvious than it might initially appear. Many users understand that their participation in a chat room or a query to a popular search engine or clicking on a banner ad is likely to be observed and recorded. But what about their registration on a financial information services web page or their online purchases or their one-to-one messages. Are these subject to the same level of scrutiny and onward transfer?

The Internet is well known for openness and information leakage, providing support for the argument that individuals have no reason to expect that their communications and behavior will remain private. But often our interactions with the net do have a private feel to them. Users are alone with their computers and involved in what seems to be a real-time dialogue with a particular web site rather than a multiparty conversation that will be recorded and forwarded to points unknown. In fact, the web-tracking and data-capture mechanisms are deliberately designed to be invisible to the user, and the more sophisticated the technology becomes, the less of a footprint it will leave on the desktop.

As long as Internet users visit a web site knowing that they are in a public space where monitoring of behavior and personal data collection do not violate any norms, they should not expect their actions to remain confidential. The body of existing legal precedent in the United States leans toward putting the responsibility on the individual to take some explicit action to restrict the reuse of personal information once it has been voluntarily disclosed. For example, if a consumer decides to fill out and submit a detailed questionnaire about buying habits or taste in music in order to receive a discount or token gift, that individual cannot reasonably assume that the information submitted will be kept confidential. In fact, blanket restrictions on the reuse of such information are seen as placing limits on the freedom of speech of the original recipient.

There are counterarguments, however. Answering questions about one’s health history or medical information interests on a web site that is dedicated to providing support and resources for a specific health problem is likely to seem logical and reasonably private. An individual may have no reason to think that the information he or she provides could well become part of a larger personal profile of online behavior that will be stored and accessible to third parties for years to come. She or he would be unlikely to imagine that that information is being forwarded on the spot to a totally different web site that specializes in insurance coverage. If consumers did realize that this long-term storage and onward transfer was going to happen, they might think more carefully about balancing the value of the resources they receive from the health site with the disclosure of personal information.

The definition of the Internet as fully public rather than semiprivate is an important distinction to make since legal opinion tends to be built on the reasonable expectations that individuals have about how their information will be handled. But defining the very notion of reasonable expectations is complicated, even without taking the Internet into account.

Online privacy issues are intrinsically complex because they represent an intersection of legal, commercial, governmental, ethical, philosophical, and personal positions. It is highly unlikely that any one policy or law will manage to address all these perspectives and provide a universally satisfactory resolution to the problem when the very definition of Internet privacy is still open to debate. Rapid changes in technology and a lack of consensus on basic definitions typically indicate that a strict set of regulations is likely to miss the mark and instead create cumbersome results. But the pressure is on to take more positive steps to encourage consistent commercial privacy protections across the Internet. The fact that the U.S. stance on self-regulation is out of step with government and public sector initiatives in Europe and elsewhere is only one of the factors driving change.

Closer to home, many studies of consumer attitudes report that U.S. consumers are worried about what will happen to the information that they create when they register for services or surf the web. The Internet is awash in information, but trust is still in short supply and high demand. This combination of factors has added an element of urgency to the long-running academic and legal discussions about privacy protection in general and has raised immediate issues for how governments, corporations, and individuals interact over the collection of personal information on the Internet.

A Question of Trust: Restoring the Privacy Balance

One problem with the current emphasis on online privacy protection is that, like security, it focuses on preventing bad things from happening. That is a necessary but self-limiting precondition for the growth of electronic commerce. Good privacy practice should be more closely linked with trust, as an essential building block for closer relationships with customers and a sustainable source of e-business advantage. To the extent that online companies conceal their data collection practices from consumers, they are forfeiting the opportunity to earn and consolidate that trust. At the most obvious level, they are risking disastrous damage to their reputation if and when hidden customer monitoring and tracking practices are revealed. Even more profoundly, they are failing to use the full power of the Internet as a two-way communication channel that empowers the consumer to express preferences directly as well as implicitly.

 If we are serious about getting millions of online companies to practice what self-regulation advocates preach, then it’s time to link privacy and trust more closely. On the basis of the online privacy track record in the United States to date, some specific recommendations are indicated:

• For the next three years at least, there is a need for a regular and independent external review body to promote model online privacy practices and to monitor the performance of heavily trafficked web sites in complying with these model practices on a regular basis.
• This external review need not be based on formal government regulations. Existing industry organizations, combined with the efforts of privacy advocacy groups and individual watchdogs, could expand their efforts sufficiently to fulfill this function as long as there is support from the appropriate government agencies (such as the Federal Trade Commission).
• Consumer understanding of and involvement in evaluating web privacy practices and demanding improvement where necessary is well below the level required for market controls to have any significant impact on merchant behavior on the web. This is an area where more direct public and private sector leadership is essential.
• Lapses in online privacy practices at popular web sites are likely to be uncovered with some regularity over the next several years, as companies test the boundaries of consumer sensitivities and commercial self-interest. It is essential for self-regulatory groups to take a strong stance when privacy violations are discovered.

The most enduring drivers of Internet growth and diversity have been the net’s openness to all comers and its insistence on network participants’ abiding by a consistent set of cooperatively developed technical standards. The standards for respecting the privacy of individual Internet users are far from universally accepted and practiced by companies on the web today. Given the size and heterogeneity of the online merchant community, it is unrealistic to expect universal compliance with any code of online conduct, whether voluntary or legally binding. There is no shortcut to perfect privacy on the Internet, and reliance on legislation would trigger more problems than it would solve.

A recommendation against online privacy legislation does not, however, constitute an endorsement of the status quo for personal data collection on the web. It is essential for the United States to achieve a better balance between the interests of corporate web sites in collecting valuable consumer information and the interests of individuals in having the final say about their personal data and who has access to that information. The key to that balance will be expanded cooperative efforts on the part of consumers, advocacy groups, government agencies, and corporate leaders to articulate and enforce responsible web privacy practices. It will take time and constant vigilance, but it is worth the effort.