1984 In 2000: Getting Too Personal

Sites are gathering fat files on your shopping habits. They may live to regret it

My favorite part of Christmas is after all the presents are unwrapped and the mounds of paper and ribbon are swept up. Now I get to really check out my loot and try to figure out which skirt will go with that new sweater. No doubt e-tailers are doing pretty much the same thing about now. But instead of mixing and matching skirts with sweaters, they're sifting through the mountains of fresh customer data they've just acquired. Buyers flocking online this year not only showered lucky merchants with sales but tons of personal information as well.

Amazon.com Inc. added more than 2 million new customers in the fourth quarter alone, for a staggering total of 15 million buyers. The number of Yahoo! Inc. shopping orders was almost five times higher than in the same period last year. Even as I type, Net companies are scanning customer lists, tabulating what types of customers bought which kinds of products, what they looked at--and taking educated guesses about what they might buy next.

This data, though, could very well be a privacy time bomb. Despite the lip service many companies pay to privacy, 1999 witnessed a string of embarrassing snafus. Amazon was caught gathering more personal information about customers than the shoppers could possibly have known by reading the site's privacy policy. Audio pioneer Real-Networks Inc. went even further astray: The CD jukeboxes that Real customers constructed using the company's software concealed a spy feature that sent their music preferences back to RealNetworks.

It's hard to take privacy policies seriously when the vanguard keeps messing up. This year could be even worse. "There will be this huge privacy backlash, and it should happen," says Bill Bass, senior vice-president of e-commerce and international at Lands' End Inc.

Perhaps that backlash has already begun. Outraged Netizens swiftly filed class actions when they learned about the privacy transgressions by Amazon and RealNetworks. And last month, the Supreme Court upheld a federal law that bars states from selling data gleaned from drivers' licenses and auto registrations.

Scattered court actions, however, probably won't address the fundamental causes of electronic affronts to privacy. More than ever, dot.coms are under pressure to perform. To generate real sales, they need large pools of repeat customers. So the companies are turning ever more aggressively to data mining.

FOCUSED EFFORT. Here's what that really means: More shopping and browsing data are becoming linked to your real identity and stockpiled for use in direct-marketing campaigns. The advertising you see is more focused--which means you are exposed to a narrower swath of offerings, probably tailored to your income. More troubling, if you are ever the target of a lawsuit, all the details of where you browse and what you buy may become public.

In the marketing stampede, companies are taking their cues from Net advertisers like DoubleClick that are pulling together data from Web sites, catalog companies, and other data-marketing giants. Yahoo! used to have a window on your Internet searches. Now, through a partnership with Kmart Corp., it knows your private passion for discounted Martha Stewart sheets, too. Privacy policies don't help much. Your favorite online calendar site may promise to shield your data, but the company that acquires it next month doesn't have to.

Web sites insist that consumers like targeted marketing--an argument that sounds thin and cynical. If they really believe that, instead of burying itty-bitty "opt-out" clauses on sites, they should post bold invitations to "opt-in." Customer trust, after all, is a gift worth keeping.

Before it's here, it's on the Bloomberg Terminal.