The Privacy Pirates

Corporate policies on the collection and management of personal data do precious little to protect your privacy

by David H. Holtzman

One of the only "facts" that I took away from high school biology was that the human body, when broken down into basic elements and minerals, is worth $4.50. Our electronic corpus, however, is worth far more—at least a couple of hundred dollars to the right marketers. Our vital information combined with our demographics and buying patterns are worth hard cash to the right people, as anyone who has ever rented a mailing list knows. It seems to me that if we can sell it, it's ours. If someone else can make money off tracking our activities, shouldn't we get paid, too?

Why isn't taking this valuable electronic information from us without payment considered stealing? Taking other people's digital property is—as the movie and music industries are fond of telling us—theft.

It's privacy piracy, except these buccaneers don't brandish cutlasses; they use privacy policies. Every commercial Web site has one. These legal statements are non sequiturs used to quell complaints about corporate misuse of personal data. They are one-sided contracts forced on consumers by OPLs (Other People's Lawyers).

Read a privacy policy some time. The language in the beginning that sounds warm and protective is vague. AT&T (T): "We respect and protect the privacy of our customers"; Microsoft (MSFT): "Microsoft is committed to protecting your privacy"; Experian: "Our responsibility is to ensure the security of the information in our care and to maintain the privacy of consumers through appropriate, responsible use." Yet the language giving these companies the right to do what they want with your information is quite explicit. Those words are a license to steal consumer information, wrapped up in legal tinsel.

Most privacy policies have these components:

Your data might only be used by us, our partners, or subsidiaries. Yahoo (YHOO): "These companies may use your personal information to help Yahoo! communicate with you about offers from Yahoo! and our marketing partners."

If we sell our company or our business, then your information gets sold along with it. Facebook: "If the ownership of all or substantially all of the Facebook business, or individual business units owned by Facebook, Inc., were to change, your user information may be transferred to the new owner so the service can continue operations."

We might buy or get other information about you without your knowledge, like credit reports, and save that, too. Amazon (AMZN): "Examples of information we receive from other sources include… credit history information from credit bureaus."

If we want to do more, then we can change our policy instantly. Time Warner's (TWX) AOL: "The AOL Network may update this Privacy Policy from time to time, and so you should review this Policy periodically. If there are significant changes to the AOL Network's information practices, you will be provided with appropriate online notice."

It's interesting to note that these policies rarely, if ever, hamper the company's ability to use your information in any way it wishes. The typical privacy policy is missing several key consumer protections that any negotiated or legally mandated agreement would certainly have had. For example, I can't find a single instance of a major company discussing when and if they will ever delete your valuable data, even after you're no longer their customer.

Corporate America defines our personal information as their business asset.

AT&T was recently in the news because of a modification it made to the privacy policy covering its U-verse video service.