Privacy vs. digital age: Where's the balance?

The digital age is launching an assault on privacy as we've known it. As social sites collect more and more data how will attitudes toward privacy change. And what can be done from a self-regulation, legal and end-user stand point to put more control back into the hands of consumers.
Written by John Fontana, Contributor

What has become of privacy?

There was a time when just drawing the window shades ensured a private sanctuary.

But the digital age is less shade and more glaring light, and it is shining brightly on personal data.

Privacy vs. digital age: Where's the balance?
"There has never been another time in history where privacy was under the kind of assault it is today," said Rainey Reitman, activism director for the Electronic Frontier Foundation (EFF). "Consumers have increasingly digital lives and they are developing an unfathomably large data trail every day."

There is a perfect storm, Reitman says, involving digital lives, low-cost storage that allows companies to save everything, and the revenues that incent those companies to collect as much data as possible.

The long-term consequences on privacy are an unknown, but Internet users are feeling some fatigue and questions are flying as the law chases data sharing technologies operated by some of the richest juggernauts ever.

In addition, technologists are busy designing tools intended to give end-users control over their lives online.

How deep is the glut of personal and "private" information online?

Each week users post 3.5 billion pieces of content on Facebook, according to social media firm HubSpot. Google runs about 900,000 servers to handle the load of its services, according to independent estimates. Twitter claims 100 million active users. And Nielsen estimates that social media sites and blogs reach 80% of all active U.S. Internet users.

It's not just the volume of individual pieces of data, but the aggregation of that data that starts to really raise the hackles of privacy advocates.

That point was reinforced over the past week with news of Google's new privacy policy, which allows the company to aggregate user information across services, and Facebook's no-opt out deployment of its Timeline, which mixes a users past with the present.

But its not just Google and Facebook mixing data to find trends and make decisions, it's data collected by any technology and used by automobiles, high-tech home sensors, insurance providers, employers, retail sites and political parties.

Lately, however, it is social sites, fed with user-created content, dominating the privacy news. Those sites have a thirst for information that aids ad sales and stimulates other business opportunities around data that defines a person and their actions.

Today, those sites are staunchly defending that position. For example, Facebook spent $1.4 million in 2011 on lobbying, a nearly 300% increase over 2010. And Google spent $9.7 million, nearly a 90% increase over the previous year. Earlier this month, Google, which declined comment for this article, committed "tens of millions" of dollars to a privacy ad blitz around its Google+ social site.

At the same time, privacy groups like Consumer Watchdog, Electronic Privacy Information Center, Privacy Rights Clearinghouse, Future of Privacy Forum, and the Electronic Frontier Foundation, and government bodies such as the Federal Trade Commission (FTC), the U.S. Congress, and the European Commission are calling for checks and balances.

In the past nine months, both Google and Facebook have been subjected to FTC fines and sanctions that stretch over 20 years.

"These companies grew up fast and they did not look at data like it was gold," said Jules Polonetsky, director and co-chair of the Future of Privacy Forum. "The FTC wants them to realize they have gold here and they have to be careful."

Self-regulation, legal and end-user efforts have helped carve out some limits and restrictions on how data is used.

Bills are working their way through Washington, such as the Commercial Privacy Bill of Rights Act of 2011, which calls for protections of personal information online.

This week, the European Commission proposed new online privacy rules that give users among other protections the right to ask for the deletion of information about them on sites such as Facebook and Google. The proposal, which if passed into law would go into effect in 2014, would have global implications.

"Companies will have to play by the European rules," said John Simpson, director of privacy projects for the group Consumer Watchdog. "And if they do that in Europe, it will be harder for them not to do it in other places such as the U.S."

Outside of the legal machine, technologists are dealing with the reality that data is out of the bag and it won't go back in. The challenge now is how to close the bag and prevent further leakage.

"The first step is to find data that is not being shared in this way now because it is too sensitive, and than discover ways to share it safely with sub-sets of the world, not the whole world, and use that to prove there is a safe data sharing market," says Eve Maler, an analyst with Forrester.

Before joining Forrester, Maler spearheaded and continues to work on an ongoing effort called User Managed Access (UMA), technology designed to put the user in control of their personal data, deciding who gets what and what they can do with it.

It's a work in progress, and it builds on other emerging technologies, notably OAuth 2.0, an authentication/authorization framework for securing access to data.

"UMA is about authorized sharing of your stuff no matter where it is and with other folks no matter where they are," says Maler.

There are other efforts underway to help users control their information and relationships online such as personal data stores, and Vendor Relationship Management, a project at the Berkman Center for Internet and Society at Harvard. Simpson is working with the World Wide Web Consortium on a "do not track" standard.

Giving that sense of control back to users might just be a wave that could catch on.

This week in the wake of Google's new privacy policy, an informal Washington Post survey of nearly 14,000 readers showed nearly 66% were going to cancel their accounts in the wake of Google's privacy changes.

Whether they can actually cut the cord is another story.

"I think the challenge is for the industry to help users feel in control of what is going on," says Polonetsky. "Today the reaction is this [data collection/aggregation] is not something being done for them, it is something being done to them."

If a shift in mindset comes about, it could be the start of significant progress that benefits both the Facebooks and the Googles of the world as well as the users of those sites and other technology that watches, records, and archives digital life.

"These are truly historical moments," said Consumer Watchdog's Simpson. "We are trying to sort out culturally what the appropriate bounds are to give people the kind of personal privacy that they have had historically but is now deeply threatened by technological change."

EFF's Reitman says we shouldn't lose sight of the technological marvels developing before our eyes, nor the implications. "It has been a wonder to society, and in some respects a death knell for individual privacy."

How will privacy be defined in the digital age? Where is the balance?

See also:

Editorial standards