Federal legislation for digital privacy is poised for a major overhaul in 2011, kindling a heated dialogue among policy makers, start-ups, and legal scholars.
You're being watched when you're online. If that makes you uneasy, you're not alone. Online privacy—especially in the social-media sphere—is becoming an increasingly contentious issue, but it's one that largely is left to companies like Google and Facebook to decide. As sites and service-providers struggle to balance the interests of their users against the interests of their business, the question emerges: Is it time for the government to step up and enforce stricter regulation?
Experts say 2011 might just be the year where digital privacy will come to the forefront in Washington. For example, the Boucher-Stearns bill, drafted by Rick Boucher, a Democrat from Virginia, and Cliff Stearns, a Republican from Florida, would require all websites to inform users how they collect and use personally identifiable information, like phone numbers or addresses. Last month, the Federal Trade Commission proposed "Do Not Track" technology that would be added to websites in order to allow users to "opt out," making their actions on the site unrecorded.
It's unclear so far which websites would be required to include the technology, or if the button would be built directly into the browser. But according to some, even if do-not-track and opt-out policies were to be adopted, the United States would still have a relatively laissez-faire attitude toward online privacy compared to much of the rest of the developed world.
John Nicholson, counsel at Pillsbury Law, a multinational corporate law firm, says that U.S. regulators have so far regarded digital privacy with a "no harm, no foul" mentality. His comments came at the Digital Privacy Forum Thursday in New York City. The forum, hosted by Mediabistro, brought together privacy experts, lawyers, authors, and entrepreneurs to discuss how social networking and geolocation services require regulation, be it by the Federal Communications Commission, FTC, or even the end-users who decide what they want to share, and what they want to keep private.
According to Nicholson, regulation has been limited to sensitive information such as health care records, bank records, Social Security numbers, and drivers licenses. Look to social media and social networking, however, and there's a void of regulation. In that sphere, privacy is guided by the judgment of the executives of the companies, and it's often not in their best interest to limit the information being collected. Facebook, for example, has not garnered much favor in digital privacy circles for its rather expansive default privacy settings. Nicholson also points out that online businesses in the European Union can only export personal information about the users to countries that have been deemed "adequate" by E.U. Data Protection Act of 1998. The United States is not one of those countries.
Some start-ups are even carving a niche for themselves in the privacy market, offering data security for both business and consumer use. TigerText, for example, lets users schedule an expiration date for their texts by wiping information from both the sender's phone as well as that of the receiver at a set point in time.
Jeffery Evans, the CEO of TigerText, says that more than four billion texts are sent in the United States daily, but typical cellular-data users really thinks about the lifespan of what they send. "No one is thinking that texts stay forever," he says. Technology that protects messages between colleagues is becoming increasingly important in fields that share sensitive information about their customers. For example, 82 percent of primary care physicians say that digital privacy is an important issue right now, and 45 percent say they feel they lack control over that privacy, according to a Nokia Siemens survey.
The lack of awareness of digital privacy does indeed have real-life consequences. For example, earlier this month, the California Supreme Court ruled that police could search a suspect's cell phone history without a warrant, as long as the cell phone is in plain sight (and isn't password protected). In another instance, a woman in California lost her lawsuit against her employer ddue to e-mails she had sent with company property. And the list of employees fired for inappropriate texts, Facebook status updates, and Twitter comments are too many to number.
As consumers, our actions online and through network-connected technology like smart phones and tablets are a valuable commodity to be packaged, bundled, and sold to behavioral marketing firms, who use that information to help their clients with more targeted advertising campaigns. While the retention of this information isn't used with malice, consumers are beginning to demand transparency from online businesses. Experts say that businesses with the best transparency practicies will ultimately become most profitable.
To vet online business's privacy practices, companies such as TRUSTe have stepped in to offer "privacy seals," which are virtual acknowledgements that a company's privacy standards don't cross their customer's boundaries.
Chris Babel, the CEO of TRUSTe, says that the key is allowing individuals to have their own definitions of privacy. Plus, Babel says, showing customers you care about their privacy boosts the bottom line. "Businesses with good privacy are rewarded—and those with bad practices are penalized," he says.
Still, some argue that self-regulation falls short in light of technological advancements that gives access to unprecendented amounts of information. Marc Rotenberg, the executive director of the the Electronic Privacy Information Center, says that there's "general unease among the public" about available information about them online, and this unease will ultimately lead to greater regulation in Congress. "I think we're going to have a very busy year," he says.