Tuesday, July 13, 2010

Automatic Opt-In Privacy Policy Changes - Your Privacy is Important to Us

Privacy continues to be an increasingly important discussion as the online and physical worlds merge.  The data that a user has online effectively tells the life story of an individual down to where they are at a given moment, what they will do next, and even who they will be meeting.

One of the many questions that must be discussed with privacy is the appropriate method of handling privacy policy changes.  This of course was a huge issue with the recent FaceBook policy changes. However, let's look at a different example.

I recently received a notice from Verizon Wireless that started with the following

Customer Proprietary Network Information Notice
Your privacy is important to us.
The document went on to clearly explain that Verizon wanted to provide my data to their affiliates, agents and parent companies for the purposes of finding out how to "better serve your telecommunication needs". The document explained what data would be included and provided and easy way to opt-out of the sharing.  So far so good, right?

Well, the problem I have is this. I need to opt-out. It seems that if someone wants to take or share something that is yours, then they should have to ask you for permission. Not the other way around. Simply sending a letter, which may not even reach the user, and indicating the user has to take action to prevent a company from using your data seems wrong.

This line of thinking could never be applied to material goods.  I could not send my neighbor a letter and indicate that I was going to take his car and share it with my friends unless he opted out.  Nor could I send Verizon a letter and indicate I would no longer be paying my bills unless they opted out of my "no more bill paying plan".

Clearly we can easily dismiss these ideas as far-fetched. But that is mostly because they involve a physical object that has clear ownership or involve something with an easy to understand monetary value (e.g. monthly bill). Based on that, then the only difference between my examples and data privacy is that we haven't clearly articulated the value of our data and privacy.

But our data does have value and companies are more than happy to farm this data for their profits.  Until we clearly define the value of our data and that we have the right to control it, big companies will continue with this practice of easily accessing and sharing our data under the guise of "your privacy is important to us"

-Michael Coates