As you probably know, the last year or so has been challenging for organizations like Facebook and Google (with their Buzz feature) with respect to keeping member’s data private. At the Computers, Freedom and Privacy Conference held last year in San Jose, CA, a draft “Social Network Users Bill of Rights” was created. (I found it curious that the bill is posted on Facebook, and you vote by “liking” the page…when the pervasive and public use of “liking” is one of the things privacy experts complain about.) The bill is as follows:
We the users expect social network sites to provide us the following rights in their Terms of Service, Privacy Policies, and implementations of their system:
1. Honesty: Honor your privacy policy and terms of service.
2. Clarity: Make sure that policies, terms of service, and settings are easy to find and understand.
3. Freedom of speech: Do not delete or modify my data without a clear policy and justification.
4. Empowerment: Support assistive technologies and universal accessibility
5. Self-protection: Support privacy-enhancing technologies.
6. Data minimization: Minimize the information I am required to provide and share with others.
7. Control: Let me control my data, and don’t facilitate sharing it unless I agree first.
8. Predictability: Obtain my prior consent before significantly changing who can see my data.
9. Data portability: Make it easy for me to obtain a copy of my data.
10. Protection: Treat my data as securely as your own confidential data unless I choose to share it, and notify me if it is compromised.
11. Right to know: Show me how you are using my data and allow me to see who and what has access to it.
12. Right to self-define: Let me create more than one identity and use pseudonyms. Do not link them without my permission.
13. Right to appeal: Allow me to appeal punitive actions.
14. Right to withdraw: Allow me to delete my account, and remove my data.
While I think the idea of a social networking users “bill of rights” is an interesting one, I also think the chances of any social networking platform adopting it at this time are realistically zero. I’ve written on data privacy several times before. And as I’ve previously explained the problem isn’t so much that social web sites are collecting too much data or that they are making too much data available outside the network: the problem is that--without government protections--the data is going to be used in inappropriate ways.
An example: Let’s say you have a friend who is trying to quit smoking. You might visit a web site on how to stop smoking, to get some tips on how to help them or at least be supportive. How would you feel if your insurance company cancelled your non-smoker discount the next day, assuming that your visit to the stop smoking site was an indication that you secretly smoked (and hid this fact from the insurance company) and that you were looking for ways to stop.
Far fetched? Not at all. There are lots of examples of insurance companies abusing private data, and those companies aren’t alone. While there have been numerous protections put in place regarding the dissemination and permitted uses of data (particularly health data), organizations with a financial incentive will continue to push the data privacy envelope as long as they are permitted to. Tools that use sophisticated data mining techniques to discover correlations between otherwise innocuous data are readily available to large organizations, and they’ve repeatedly shown a willingness to use public data in “creative” ways.
The most effective social networking bill of rights I can think of can be expressed in one line:
I have the right to prohibit organizations (including government) from using my public data in ways for which it was not intended.
That’s a petition I would sign. (Not that I think that petition has any better chances than the other one.)
No comments:
Post a Comment