Whether you value privacy or not, the debate over online privacy is heating up

In honor of the 10-year anniversary this week of the International Association of Privacy Professionals (IAPP), it seems like a good time to take stock of the state of privacy — in general but especially online — and the active debate over whether privacy matters to people the way it once did. Depending on who you listen to, no one cares about privacy anymore, or privacy has never been a more important concern, and the fight to preserve and extend privacy protections is a significant undertaking. Regardless of where you might land on the continuum bounded by those two opinions, there is a constant struggle going on in many fields and industries right now to find the right balance between protecting privacy and letting organizations conduct their business. Also, it seems that whether or not you have a strong interest in protecting the privacy of your own information and that of others, it seems to be getting harder and harder to do it.

On the social networking front, now you’ve got CNET columnist Declan McCullagh adding to the positions espoused by Facebook CEO Mark Zuckerberg and Google CEO Eric Schmidt that the growth and enormous popularity of social networking sites is clear evidence that people just aren’t concerned about the privacy of their personal information. McCullagh sites Google’s new Buzz service and its quick rise in use as the latest evidence that no one cares about their privacy online, coming as it does in the face of well-publicized default configuration settings that many considered a critical privacy flaw — enough that the company quickly revised the questionable program behavior. The claims from the big tech execs are pretty remarkable given the indications that each of them has personally given that they do at least care about their own privacy, even if they think none of their users have the same feelings. Regardless of the practical realities about how many people read and understand (or just ignore) privacy policies posted by online service providers, at the end of the day, individual users who share lots of personal details online are doing so by choice, so it’s not a big logical leap to say the erosion of privacy online is exactly what users want. In an effort to bring more credible opinions (less vested in getting people to share personal information) to the table, McCullagh and others have pointed to the words of federal Circuit Court justice Richard Posner, who said in an interview in 2008 that he thought privacy as a social good is “overrated” and also says that privacy is not “deeply ingrained in human nature.” Upon fuller examination, what Posner believes actually appears to be more relevant for the contemporary discussions about the right trade-offs or balancing points between privacy and utility or efficiency or convenience.This issue comes up almost daily in privacy discussions in healthcare and the move towards electronic health records, in the press and other media access to government information, and of course, in social networking.

Of course, not everyone is drinking the privacy-doesn’t-matter Kool-Aid. In a sideways response to his CNET colleage, Chris Matyszczyk first spelled out a lot of the claims from the no-privacy camp, but drew an important distinction between openly publishing trivial information and revealing really personal details, and ultimately concluded that privacy does matter to people, because people value having some things that they keep to themselves, and even if that set of things varies from person to person, they all ascribe value to being able to exert some control over what gets shared and with whom. Privacy advocates have long argued that consumers really are empowered to make their preferences known — essentially to choose not to do business with companies that don’t do a good job of protecting privacy — and it may be that companies in more traditional markets than social networking hold different perspectives about what customers expect. The need to honor customer wishes to keep their information private does not seem to be something an online enterprise can do if it hopes to have a successful future. Online movie rental powerhouse Netflix learned its lesson in this regard, after customers sued the company for violating its own privacy policies by allowing the movie rental preferences of some customers to be disclosed. For its part, the Federal Trade Commission seems to be giving fair notice to companies that consumer-focused changes in the way privacy protections are regulated may well be on the way, particularly with the general dissatisfaction with the notice-and-choice framework most companies currently rely on. We’ll address in a forthcoming post the outcomes of the FTC’s third (and last in the series) roundtable on exploring privacy, held on March 17.