An article in today’s New York Times entitled “Your Privacy Is Protected Only if You Are Really Sick” describes the guidelines that the Network Advertising Initiative, a trade group that represents two dozen companies including Google, Yahoo, Microsoft and AOL, has adopted for how ad networks use data about Internet users. The upshot:
Networks only have to ask permission if they want to collect “precise information about past, present, or potential future health or medical conditions or treatments, including genetic, genomic, and family medical history.”
The one word “precise” is restrictive enough to ensure that, the guidelines have no real impact, since the vast majority of pages about health topics on the Web are not exclusively for people who suffer from particular conditions.
Privacy advocates are understandably concerned. As I’ve blogged here ad nauseum, I have no real expectation of privacy on the web: I learned long ago that the only way to keep a secret is not to tell anyone.
What I’d prefer to see, however, is more transparency about the process. Most users have at best a naive understanding of how their data is collected and used, and they are unlike to read privacy policies, let alone opt out of being tracked. The fact that those who collect data don’t believe users would willingly opt in to data collection suggests that the status quo is untenable, and relies on the asymmetry of information between data collectors and the data collectees. Education may be a slow process, but eventually we’ll need to find a solution that is acceptable to all informed parties.