In wake of the recent spotlight on online privacy regulations – stemming from an incident earlier this month where Facebook Inc. banned a user for trying to export his data from the social networking giant onto a rival site – a Canadian tech blogger has created a new set of guidelines which aims to bring established privacy principles to online companies.
In his guest column to popular tech blog GigaOm, Alec Saunders, co-founder and CEO of Ottawa-based Iotum Corp., outlined his “Privacy Manifesto for the Web 2.0 era.” Saunders based his privacy standards on common legislation that currently exists in Western Europe and Canada, but is largely absent in the United States. The goal, Saunders explained, is to make consumers and businesses more aware of the importance of fair privacy policies on the Web to protect personal information.
“There are two forces of intention here, with many businesses still believing that data is an incredibly important asset to keep and many customers wanting to protect their personal data,” Saunders said. “And while there isn’t much privacy legislation in the U.S. today, many companies such as Plaxo and Facebook are adopting solid policies. But the trick is to get the rest of the industry to start adopting them as well.”
Saunders split up his privacy manifesto into four principles: Every customer has a right to know what private information is being collected; every customer has the right to know in advance the purpose for which the data is being collected; each customer owns his or her personal information and it cannot be sold without consent; and customers have a right to expect that those collecting their personal information will store it securely.
Saunders said the need to balance user demand for data portability with user expectations on privacy is an important one, especially with some companies’ actions in recent years. In his “privacy manifesto” posting, Saunders referenced Verizon Communications Inc., which last October revealed it would share customers’ calling records, including numbers of incoming and outgoing calls and time spent on each call, with third parties. He also pointed the finger at credit agencies, which often charge consumers to see their own credit scores.
“These points highlight the disregard many corporations have for customers’ privacy,” Saunders wrote in his blog. “Corporations collect vast amounts of data, assert ownership over the data they collect, restrict access by customers to their own data, and cavalierly exchange that data with third parties. The misunderstanding of the basic guarantees corporations should offer is profound, and as consumers we all suffer.”
But just a few days after Saunders’ blog entry, it appears that companies are listening and looking to make work a balance between collecting, storing and protecting data. Facebook, Plaxo Inc. and Google Inc. all announced this week their intention to join the Data Portability working group – an initiative with the goal of making personal data easily and securely transferable across all sites, tools and vendors.
“They’re difficult issues around creating portable data, because for a lot of business strategists, they don’t believe portable data is necessarily in their best interests,” Saunders said. “With this group, I hope [Facebook, Plaxo, and Google] will be able to make the privacy guarantees that they give to their own users, transitive to other organizations. In other words, if they are going to give up their data to other sites, the other organizations are going to have to be as responsible with it as they would be.”
Saunders hopes to help with this effort as well, agreeing earlier this week to work some of the privacy manifesto into the Data Portability group’s documents.