Corporate policies on the collection and management of personal data do precious little to protect your privacy
One of the only "facts" that I took away from high school biology was that the human body, when broken down into basic elements and minerals, is worth $4.50. Our electronic corpus, however, is worth far more—at least a couple of hundred dollars to the right marketers. Our vital information combined with our demographics and buying patterns are worth hard cash to the right people, as anyone who has ever rented a mailing list knows. It seems to me that if we can sell it, it's ours. If someone else can make money off tracking our activities, shouldn't we get paid, too?
Why isn't taking this valuable electronic information from us without payment considered stealing? Taking other people's digital property is—as the movie and music industries are fond of telling us—theft.
It's privacy piracy, except these buccaneers don't brandish cutlasses; they use privacy policies. Every commercial Web site has one. These legal statements are non sequiturs used to quell complaints about corporate misuse of personal data. They are one-sided contracts forced on consumers by OPLs (Other People's Lawyers).
Most privacy policies have these components:
Your data might only be used by us, our partners, or subsidiaries. Yahoo (YHOO): "These companies may use your personal information to help Yahoo! communicate with you about offers from Yahoo! and our marketing partners."
If we sell our company or our business, then your information gets sold along with it. Facebook: "If the ownership of all or substantially all of the Facebook business, or individual business units owned by Facebook, Inc., were to change, your user information may be transferred to the new owner so the service can continue operations."
We might buy or get other information about you without your knowledge, like credit reports, and save that, too. Amazon (AMZN): "Examples of information we receive from other sources include… credit history information from credit bureaus."
Corporate America defines our personal information as their business asset.
Prominently featured on the top of the AT&T privacy-policy page is a seal of an organization called "Trust-E" (www.truste.org). Trust-E is an independent nonprofit organization joined by many corporations that tout the seal prominently on their Web sites. The group investigates "eligible privacy complaints" about their licensees.
One of the prerequisites for an eligible complaint that Trust-E will investigate is: "The complaint alleges that the Licensee collected, used, or disclosed the personally identifiable information in a manner inconsistent with its published online privacy statement." That's it. The presence of a Trust-E seal simply means that the member company will abide by its own policy, which in most cases, can be changed in seconds. Trust-E is an idea that sounds much better than it really is, primarily because it is funded and, to a large extent, run by the same companies that it ought to be watching. Their sponsors, for instance, are AOL, DoubleClick, Intuit (INTU), and Microsoft.
As consumers, we should be entitled to only give out our information when we want, and maintain some control over its subsequent disposition, including mandatory erasure when our business relationship is terminated. If a company wants to use our valuable data, they should pay us, just like we should pay to use software or watch a movie. Scamming our information through privacy policies may be legal, but ethically bereft, occurring only in the vacuum of meaningful consumer privacy regulation.
Absent a strong claim of ownership for personal data, it will become increasingly difficult to force respectful and equitable treatment online from many companies. Congress should establish the ownership issue now, before AT&T's trial policy becomes an industry standard.