Following the recent online privacy storms, there have been stronger calls for tighter regulations, observers say. However, there are some reservations that overly strict rules could have a negative impact on consumers and Web companies.
One of the incidents involved popular photo sharing service Path, which was found to have been uploading its users' address books to its servers without permission, reported ZDNet Asia's sister site CNET News. This transgression was discovered by a Singapore-based developer Arun Thampi, which forced Path to subsequently apologize and remove all address book information.
Twitter has also come under heavy criticism over its plans to sell its archives of tweets to a market research company, according to U.K. news daily Daily Mail.
Peter EckersleyDirector, Technology Projects
Such incidents have led one industry watcher to criticize the loopholes in existing privacy regulations. Peter Eckersley, director of technology projects at Electronic Frontier Foundation (EFF), said: "People think that 'privacy policies' exist to promise them privacy. Unfortunately, it's often the opposite."
"If you read most of the industry policies, they are actually tracking and surveillance policies that begin by saying 'we care a lot about your privacy'," he added.
"These are weasel words," he said, referring to how most major third-party tracking companies had records of Internet users' reading and online activity histories, and other information, which could indirectly identify someone.
Price of free Internet
Marketing communications firm TeamAsia believed that consumers have to make a choice between privacy and user experience. Managing director, Michael Alam Hamlin, said: "There are always tradeoffs, and it's a matter of which tradeoffs we're willing to live with: more privacy and limited Internet resources and experience or, less privacy and a more robust Internet experience."
According to Daniel Castro, senior analyst at the Information Technology & Innovation Foundation (ITIF), stricter privacy rules may reduce the ability of Web sites to use targeted advertising.
"Targeted advertising uses information about users to deliver more relevant ads. Naturally, advertisers are willing to pay more for ads delivered to the right audience, so eliminating this option cuts the revenue stream for Web sites. Without targeted ads, we will have fewer free products and services on the Internet," he said.
However, Eckersley disagreed and pointed out that such studies did not appear to be "methodologically rigorous".
"What we do know is that behavioral targeting is responsible for only a small fraction of online advertising revenue. There is no evidence that a strong opt out through 'do not track' could cost the industry more than a percentage point or two of its revenue," he said.
Eckersley added that it was also not taken into account how the advertising industry would innovate around tighter regulations. "Such technologies have been prototyped, but unless there are regulatory incentives to use them, the advertising industry isn't going to do so," he noted.
No free lunch, but consumers willing to bite
John Merrick, owner of ads tracking company HitsConnect, agreed that with less effective advertising, smaller Web sites that rely on ad revenue would suffer. "However this is a double-edged sword. People want free access, free stuff, etc, but running these types of sites cost money."
"Human nature means people will be prepared to compromise something in order to get what they want as cheaply as they can and, as long as that continues, the advertising industry will cash in on that," he noted.
Two consumers ZDNet Asia spoke with admitted that they were fine with revealing information in return for free services.
Joe Wong, for one, said: "I don't mind giving general details like my job or age, just as long as my name is not recorded." Adam Soo, too, echoed the same sentiments. "It's alright to take some details, as long as the company is upfront and transparent about it," he said.
Hamlin warned that while it was important to guard online information, especially against identity theft, the information collected by companies was usually of little harm.
"I don't think a shoe company trying to track how often I invest in a new set of wingtips is unnerving. A little surprising sometimes, but it doesn't threaten me, particularly when I consider the convenience of a close digital relationship with my favorite vendors," he said.
Looking at regulations holistically
ITIF's Castro noted that corporations were not the main threat to privacy, but it was individuals who needed to be more careful with leaving traces of information online.
"The reality is that the top privacy threats to most people's privacy do not come from distant companies but from family and 'friends' who read your e-mail, steal your credit cards, and look through your Web browser history," he said.
According to the analyst, it was more important to have laws that protected people from harm. "For example, one concern is that a potential employer will obtain private information from an online social network and use that information in its hiring decision."
As such, people should remember that their online activities are not strictly anonymous and act accordingly, he stressed. The law should also protect people regardless of how their personal information is obtained, and countries should have policies in place to protect people from discrimination and harassment, Castro added.
Merrick noted that regardless of regulations, it was important for consumers to be educated about "what can and is being stored about them".
"It's worth mentioning that at any time you can control what is stored or sent by your browser. Just go in the settings options of your browser and you can see what control you have to stop these tracking cookies, set privacy policies, etc. So people just need to be better informed," he said.
If tighter regulations were rolled out, Castro noted that it would also be important for rules to be uniform across the world."Different rules make it harder to create a truly global Internet. A search engine, for example, will have to provide different services in different countries based on local privacy laws."
"In some cases a company may simply choose not to serve or reduce its services to a country because the cost of providing these services is not worth it. Most of the free Internet runs on advertising. Countries that impose strict privacy rules hurt the ability of local innovators to monetize their online products and services. That's a net loss for everyone," summed up Castro.