Communications of the ACM

News

A Matter of Privacy

By David Lindley
Communications of the ACM, December 2010, Vol. 53 No. 12, Page 23
10.1145/1859204.1859214
Comments

Google presents you with ads related to your search. Amazon asks if you're interested in a new camera. LinkedIn comes up with names and faces of people it thinks you might know. You may find this very useful—or annoying, or even disturbing. The more we live on the Internet, the more it knows about us, but how much do we want it to know? And who gets to decide? Those were central but largely unanswered questions that panelists wrestled with at a forum on "The Future of Privacy Online," organized by the Information Technology & Innovation Foundation (ITIF) and the Technology Policy Institute (TPI) in Washington, D.C., on September 27.

Whatever concerns people may have over the privacy of data have generally not been enough to deter them from posting all manner of personal information on social networks. Nor do consumers turn away from shopping Web sites that record user preferences in order to generate targeted advertising. In fact, as ITIF Senior Analyst Daniel Castro explained, advertisers are willing to pay twice as much or more for targeted advertising because they get better consumer responses. Castro and other panelists also discussed a recent paper, "Privacy Regulation and Online Advertising," by Avi Goldfarb of the University of Toronto and Catherine Tucker of the Massachusetts Institute of Technology, which showed that a European Union directive limiting the ability of Web site operators to gather and use personal information reduced the effectiveness of targeted advertising, measured by the change in consumers' stated intention to purchase, by as much as 65%.

Data regulation to protect privacy translates into costs to businesses, said TPI President Thomas Lenard, while it remains unclear if there is any compensatory benefit to the consumer. Moreover, excessive regulation can stifle innovation. Panelists expressed a preference for either voluntary codes of practice or regulation along the lines of the Fair Credit Reporting Act, which strengthened the U.S. credit industry less by limiting the kinds of data that can be collected than by setting clear rules for its use. As National Telecommunications and Information Administration Associate Administrator Daniel Weitzner put it, transparent regulations tell businesses what they can and cannot do, while protecting the consumer through provisions that "only kick in when something bad happens."

Mark Eichorn, assistant director at the Federal Trade Commission, argued that users should have the means to know that personal information is being collected about them and be given choices. That point was echoed by Tim Sparapani, director of public policy at Facebook, who said that one-size-fits-all regulations would hamper businesses, and that privacy controls should be consumer driven. In particular, Sparapani said, increasingly mobility of Internet access—meaning that a person might access financial services through a friend's cell phone—required flexibility even in an individual's choice of privacy rules. Eichorn cautioned, however, that the proliferation of systems for navigating and selecting privacy options forces users to do a lot of work, and may cause some to just give up and go with defaults.

In the end, the overriding sentiment at the forum was that privacy concerns are best dealt with by giving consumers the power of choice and letting the market decide. But "this marketplace is in its infancy," as Sparapani noted, and it's not at all clear that consumers are in a position to understand the consequences of their choices.

Back to Top

Back to Top

Back to Top

Back to top

The Digital Library is published by the Association for Computing Machinery. Copyright © 2010 ACM, Inc.

---

No entries found