Kara Swisher of AllThingsD.com is moderating a panel called "Personalization and Privacy: Deciding Who Does What with Customer Data"
Left to Right
Jules Polonetsky - SVP and Chief Privacy Officer, AOL
Joanne McNabb, Chief of the California Office of Privacy Protection
Leslie Harris - President and CEO, Center for Democracy and Technology
Polonetsky opens up by alluding to his years in politics, and says straight out that privacy isn't a prime target of employees, not a management issue.
Kara notes that people now post information that "used to make stalkers put in effort" (laugh line) and Leslie Harris of CDT responds that the idea that "people/this generation don't care about privacy" is a myth, and that the more people learn, the more they worry, even after they "opt-in." Her first example is Facebook and the "drunken college picture regret" phenomenon.
Kara: "they have to justify their $15bil valuation...they'd have to get into the drug business..."
Ms McNabb notes that her office is an advisory and educational, not regulatory body. She starts by saying that there is a certain "lull" about the way people interact online, and that they assume they're talking to their friends. They may not realize it's "forever." Harris responds that this isn't transparent, because many of these issues are in privacy policies that consumers don't understand. Swisher asks for a suggestion on how to educate about these policies (which may not protect privacy at all) and Harris suggests a standard of prominent notices that meet "reasonable consumer expectations."
Polonetsky jumps in and says that people don't want to read this stuff, it's not compelling. He points to a study about the best way to communicate (mentions the Elevator Pitch) and they came up with (I am not kidding) A CARTOON PENGUIN!!!
Polonetsky's Penguin reads Anchovy News, and the cookie stays with the Penguin, and when he goes to The Penguin Times, a gigantic Anchovy ad pops up.
The discussion shifts to legislation, and Harris points out that the laws on the books are outdated (despite Polonetsky's protestations that they'd be boring) and that a uniform privacy law is needed.
Swisher asks if there should be a central "privacy control panel" to which McNabb asks "who'd run it?" Answer? SkyNet.
Polonetsky goes back into AOL's development of the buddy list and how he made sure that people always had choices in sharing information with their friends despite concerns that it was a privacy issue. Harris agrees.
Swisher tells a story about how she had all the AOL execs on her buddy list, and when she was at WSJ and got a tip on the merger, she went online and IM'd them all:
"We know."
Her buddies all signed off.
Now the discussion is on DNA testing and databases turning it into a social network. The room is palpably creeped out. Harris notes that this isn't new, that health search engines collect data, too. I didn't think about that, but yeah...ouch. The talk is turning to PHRs and Harris (CDT) is saying that despite polls saying that people want access to their records, they're concerned about privacy, and health data is a big fat red flag for people.
McNabb points out that there's an advisory board developing suggestions/regulations for PHR data standards, and that's happening in other places, too. McNabb sees the desire to regulate privacy is coming from the states, and Harris says that despite their inertia, the Federal government will take up a PHR privacy bill.
Kara is talking about Robert Scoble and data portability, and Facebook. She's telling his story about him wanting to screen-scrape his friend data, I jumped in and passed along the story about Mark Zuckerberg completely dodging Robert's question at the Facebook Developer's Garage at SXSW, and how Facebook denies the feature ever existing.
Now Polonetsky is talking about "quick decisions" on who can use your data. Kara points out that there are several thousand Facebook developers who can access your data, and we don't know who they are. Polonetsky can't speak for Bebo, but he says a big issue is the ability to say "I want control of my data back" and that Facebook needs to incorporate this.
Kara asks about "doomsday scenarios"
Harris: We need to fix systems to people have control of data after they put it somewhere. Scariest situation is the Government coming for profile data.
McNabb is scared by the level of errors that are present and get propagated, and how organizations who rely on that data don't talk to each other and there isn't a way to fix it. There is no one place to go to fix it, lots of data warehouses have it, and people can be denied credit, airport boarding, housing, etc. Harris adds online health information. Now every insurer has it. Apparently this was in a Sandra Bullock movie.
Polonetsky was actually a victim of identity theft while he was the Consumer Affairs Commissioner of NYC, and it took him a whole year to get it cleared out. How can people who have to work all day get these kinds of things taken care of? He's less worried by online profiles than he is by how hard it is to fix this personal kind of theft.
Harris notes that as behavioral advertising markets expand, we're only at the beginning of the conversation and we need to get ahead of it.
Swisher: What is the scariest company or business model?
Harris: Single Sign On and Federal Government
McNabb: Feds
Polonetsky: Advertisers who run ads with hidden code that dump spyware, and then sell you programs to remove it. He's bothered by amoral marketers.
Questioner brings up McNealy's "Get Over It" quote. McNabb asks him if he assumes all his conversations are private.
Swisher laugh line: Google is going to become self-aware like SkyNet.
Another questioner notes that in the EU, privacy is a human right. Asks Polonetsky if AOL has different privacy rules by country, response is that they tend to act globally and generally just have certain features on or off by default. He says that EU is driving the debate. His example? IP addresses. Mentions Google, says this is a healthy debate and that it's good that companies are making tough decisions.
Another questioner asks about the CDT's petition for a FTC "do not track" list. Harris explains it in detail that I can't keep up with, but would require a central list of "ad servers." She doesn't know if it'd work, but it's spurring voluntary changes.
Great panel.
Leave a comment