While we usually post reports on our sister site, DocuTicker, we wanted to make sure this one was seen by as many folks as possible. This report -- from The Common Data Project, a nonprofit based in NYC -- analyzes the privacy policies of 10 major websites, as well as several start-ups. According to a press release (PDF; 78 KB):
Unlike existing privacy policy analysis, CDP's report seeks to provide a "how to read" guide for the user who is curious about what is happening to his or her data online, but has little understanding of the technological and legal mechanisms at work.
The report walks through seven questions meant to pinpoint the issues CDP believes are most crucial for a user's privacy, from questions on how "personal information" is defined to the kind of choices offered to users regarding how their information is shared.
You need to read this because you use most or all of these websites -- some of them on a daily basis -- Google, Yahoo!, Wikipedia, Microsoft, AOL, Amazon, eBay, Facebook, Craigslist, Photobucket, NYT, WebMD, Ask, Cuil, and Ixquick. The seven questions CDP asked of each of these?
The report is based around an ongoing series of posts on CDP's My Place in the Crowd weblog. On one of these is an intriguing visual of how the various privacy policies "stack up next to each other, literally," in terms of their length.
Some interesting tidbits from the report:
"Companies rarely vouch for what these third party advertisers are doing. Some companies, such as AOL, Microsoft, Yahoo, Facebook, Amazon, and the New York Times Digital, will at least explicitly acknowledge there are third parties that use cookies on their sites with their own policies around data collection.... Google, in contrast, doesn’t mention third party advertisers on the “privacy policy,” alluding to the separate controls for opting out of their tracking on a separate page discussing advertising and privacy."
"Researchers at the University of Texas in recent years have demonstrated that it is possible to de-anonymize through combination, as when Netflix data is combined with IMDB ratings, or when Twitter is combined with Flickr. So when companies offhandedly note that they are combining information they collect from different sources, they are learning a great deal more about individual people than the average user would imagine. And as you might imagine, large companies like Microsoft, Google, and Yahoo! have a wealth of databases at their disposal, but none of this is being made explicit in the policies."
"For example, Google promises not to share “sensitive personal information,” defining it as “information we know to be related to confidential medical information, racial or ethnic origins, political or religious beliefs or sexuality and tied to personal information.” Does that mean that a user’s search queries for B-list celebrities are fair game to Google? Given the varying definitions of “personal” that are used, the strong declaration that “personal information” will generally not be shared is not, ultimately, a very comforting one."
"Certainly, the volume and breadth of data Amazon collects pales in comparison to what Google has access to, and some might argue that search queries are more “private” than what books one chooses to buy. But most people still probably wouldn’t want their purchase histories on Amazon to be revealed willy-nilly. Every item view shows what others have considered buying, what others have ended up buying, what else you might like. In contrast, Google, Yahoo!, and Microsoft have yet to vividly demonstrate why collecting and retaining data makes their services better. Perhaps if they did, they would be less hard-pressed to delete their data as soon as possible."
"AskNetwork developed AskEraser to be a more visible way for users to use Ask.com without being tracked, but as privacy advocates noted, AskEraser requires that a cookie be downloaded, when many people who care about privacy periodically clear their cookies. AskEraser also doesn’t affect data collection by third parties on its site at all."
"Facebook can’t offer the service that it does without the content generated by its users. But as it’s begun to realize, its users then have to be a part of decisions about the way that content is used."
In some ways, consumers are starting to already feel that they’ve gotten a bad deal. Even though most only feel a vague discomfort at this point, it’s unlikely that companies like RealAge will be able to continue what they’ve been doing. RealAge promoted itself as a simple online quiz to help people be healthier, with endorsements by famous doctors, with only limited disclosure of the fact that their profits were based on selling quiz-takers’ information to pharmaceutical companies.
By our standards, none of the privacy policies we surveyed quite measure up. Most of them provide incomplete information on what “personal information” means. Many of them fail to make clear that they are actively sharing information with third-parties. Even when they change their policies on something like data retention to placate privacy advocates, the changes do little to provide real privacy. The legal right companies reserve to change their policies at any time reminds us that right now, the balance of power is clearly in their favor. When they do offer users choices, the choices fail to encompass all the ways online data collection implicates users’ privacy.
And yet, CDP adds, "there are many positive signs of companies making smart moves, because they’re realizing they need buy-in from their users to survive in the long-term."
If you prefer, you can read or download the full report as a PDF (165 KB).
+ Know Privacy -- "a collaborative research project" by several graduates of the UC Berkeley School of Information Masters program, class of 2009 -- offers "(a) comparison of users' expectations of privacy online and the data collection practices of website operators."
A family of resources to help information workers be more effective, raise the value of information in their organisations and contribute to success. Read more »
Recently I have found myself cooing over visualisation maps (and heat maps) of health and well being resources. The content rich data is overlayed with mapping technologies, and some interesting themes and patterns are emerging.
A lot of the talk around social media in the last year has been around information overload. Social media has provided us with new and exciting ways to create content. But it has also meant learning new ways to manage and engage with social media tools. Are we teetering on the edge of an information overload precipice?
Information overload is a figment of your imagination. Or a failure of your filter. Or a symptom of your technological submissiveness. Depends on who you ask.
What if you had to sort through 3.5 million articles and social media posts a day and try to pull out the most relevant items for your organisation? What if you then had to cobble it all together into something readable for your top groups and executives in your organisation?
Alacra Compliance saves time by aggregating information from both free and fee-based sources and enabling users to conduct an accurate federated search across these sources (coined “simultaneous search” by Alacra).
FreePint Family
Quilting big data threads
The fallacy of information overload
Information overload: fact, fantasy or filter failure? 
