Online Privacy: Achievable Goal or Web 2.0 Pipe Dream?

Does being a Web user in 2008 automatically mean giving up your right to privacy?

A growing chorus of voices says the evolution of the Internet, the increasingly cozy relationship between search and advertising companies and the rise of Web 2.0 social networking technologies adds up to an environment where true privacy may be but an illusion.

That idea is not a necessarily a new one, of course. Sun Chairman Scott McNealy is famously quoted as saying "you have no privacy -- get over it," back in 1999, noted John Nicholson, a member of the global sourcing and privacy and data protection teams at New York law firm Pillsbury Winthrop Shaw Pittman.

Going Too Far?

"Between search engines, ad firms, Web sites that are not particularly ethical -- or downright nefarious -- and the government's increasing desire to monitor online activities, McNealy's statement is increasingly accurate," Nicholson told the E-Commerce Times. "Large social networking sites are looking for ways to extract more money from advertisers, and that means giving the advertisers more information about user activities."

Web marketers and other companies have long been wary of going too far with consumer privacy, and in fact have long argued that consumers are willing -- if not eager -- to give up a certain amount of their personal privacy in exchange for access to Web sites, social networking connections and even advertising that is more targeted and therefore more suited to their needs.

Of course, at some point, consumers will say enough is enough, and one of those pain points may have been reached late in 2007 when Facebook's Beacon program. The program, which shared information about a user's online shopping and review-posting activities with networks of friends, had to be curtailed amid strong criticism from privacy advocates.

Still, even if Beacon has to be rethought, the sheer amount of data being captured and stored about each individual Web user continues to grow and is used to refine Web sites and marketing offers. As the calendar turns on 2008, the question is whether it's too late for consumers to reclaim their privacy and if they'd even try if they could.

Social Distortion

Many consumers have learned the hard way that information they share online -- or data they share in the real world but is stored online -- isn't always as secure, even in the hands of trusted merchants. Massive breaches such as the one at TJX continue to expose credit card and Social Security numbers and other data, helping to raise the volume on calls for tougher national legislation aimed at protecting privacy.

"Given that 2008 is an election year, it's unlikely that anything will happen on the legislative front at the federal level," Nicholson said. "On the state level, states are updating their data breach notification laws to cover things like PCI (payment card industry) compliance and medical information."

Still, even if data isn't exposed in a breach, the fact that more companies are collecting and analyzing data -- and can increasingly connect the dots between a user's shopping, searching and e-mail activity -- is itself a natural outgrowth of the advance of technology.

The Age of Transparency

"There's no question privacy is compromised by the advancement in technology," Herb London, president of the Hudson Institute in Washington, told the E-Commerce Times. "The age of technology is the age of transparency, open systems and the ability on the part of any hacker to get into virtually any system."

Of course, users have different expectations of privacy and those who join and take full advantage of social networking sites should probably bring lower hopes for having their privacy maintained to the table.

"In my opinion, when we're talking about social networking sites, there is no reasonable expectation of privacy," noted Marc Friedman, a partner with the Newark, N.J.-based law firm Sills Cummis & Gross. "I believe people who use the Internet, in large part, don't think about such issues as whether the information and data which they make publicly available through the Internet are going to be used for other purposes."

"Online privacy is an illusion," agreed David Axtell, an attorney with Minneapolis-based Leonard, Street and Deinard, and an expert on social networking issues.

Forever There

Users often forget that information posted online is not erased even if that page is taken down, especially with Google (Nasdaq: GOOG) and others constantly indexing and archiving. While some search engines, such as Ask.com, have made tools available to users to enable them to erase or scrub their searches, those same search engines often partner with Google and other engines that don't offer such options.

"Businesses are out to seek a profit, and information is money," Axtell told the E-Commerce Times.

"Many of the applications available to Facebook users, for example, are collecting responses and compiling lengthy personal data on you, which they may sell as they are not owned by Facebook," said Axtell. "Privacy policies are legally binding, but who reads them?"

The stakes are only to get ratcheted up as more of what's online is made searchable, he added, with Microsoft (Nasdaq: MSFT) developing a photo-search tool that could turn a seemingly anonymous photo into an identifiable one by using face-recognition technology.

Consumers' Call

Which way those developments move will likely depend on consumers themselves.

The Electronic Frontier Foundation advises users to take basic steps to minimize how much private --and potentially embarrassing -- information search engines keep about them, from avoiding putting personally identifying information in searches to avoiding logging into a search engine or related page. The group also advises consumers to consider using software such as Anonymizer or a tool such as Tor, which redirects Web traffic to disguise its origin.

The Beacon push-back may be a signal that privacy has moved to the front of mind for consumers, or it may simply be that the way Facebook and its partners rolled that program out left something to be desired. Either way, given the billions of dollars worth of valuation now on the books for sites like Facebook, MySpace and LinkedIn, those sites aren't likely to stop trying to find innovative ways to drive revenue from their social networks.

Legislation may yet play a role in helping to balance the privacy scales, but "reputable online companies" will likely stay ahead of any such action by revising and updating their privacy policies to keep them current, Friedman said. For instance, MySpace recently reached an agreement with 49 attorneys general to enact policies meant to make that site safer for young people by filtering out people who are potential online predators.

"I am expecting a number of developments over the next year that will affect this sector," Friedman added.