President Obama's Consumer Privacy Bill of Rights, announced this week, is the latest dip down the personal information rabbit hole, potentially taking us another step further closer to legislating users out of responsibility. Described as a consumer rights safeguard, it encompasses "Do Not Track" systems in browsers, safe storage of databases containing personal information, ensures what's collected is done with respect for the context of the service, and tries to insist on simple explanations and accountability. Yet we've not heard about what in fact is most needed: provisions for straightforward controls that everyday users can rely on to monitor and adjust the balance of information sharing.
[Image credit: Shawn Allen]
I've written before about the privacy conundrum, and how it has become a buzzword to be used in clubbing companies rather than something users give legitimate thought to. Taking ownership of your own data - and who you entrust it to - isn't something that can be legislated into action, it needs to be a considered and determined move by each user.
The new legislation does contain some hints that a more granular toolbox of controls are the ideal. "Companies should offer consumers clear and simple choices, presented at times and in ways that enable consumers to make meaningful decisions about personal data collection, use, and disclosure" the Bill of Rights suggests. "Companies should offer consumers means to withdraw or limit consent that are as accessible and easily used as the methods for granting consent in the first place."
[aquote]There's little to show that the government understands how online services have evolved[/aquote]
Nonetheless, there's little to show that the government and its advisors understand how online services have evolved, and the ways they currently use data. One of the actions calls for "Flexible privacy principles to assure continued innovation" but we're yet to see whether there's sufficient flexibility to keep pace. Users want to share, they want to take advantage of services that throw together friends-lists and location and more, but they also want to know that they have control over the shades of grey implicit in that.
Companies like Google, Facebook and others will always want as much personal information as you're willing to give them. That knowledge is a trade: you give them data, they give you a service with little or no monthly fees. To suggest that that transaction is somehow wrong or inherently to be avoided is simply too black & white a perspective. The Bill seems to hold back from that, thankfully, but the resolute focus on privacy perhaps misses the real issues around uncomplicated, user-friendly tools to manage these new data transactions.
Obama's privacy safeguards will be successful if they give users control over their information, not if they lull them into a false sense of cosseted security with a wrap of legalese. Instructing into law more terrible punishments for internet companies may give some sense of fleeting satisfaction, but it won't address the shifting nature of the internet as we currently know it.