Privacy Considerations with Mixpanel People Analytics
Mixpanel just announced People Analytics. This service promises that, "you can tie any kind of data to your users to see exactly who they are and what they have done." The analytics geek in my loves that idea. Directly tying everything you know about your customers including their name, photo, subscription information, etc. directly to how they are interacting with your site is really powerful.
It can give you insights into things such as how long a specific customer group spends on the site and what features they regularly use. Really great stuff, but the privacy professional in me gasped at the marketing pitch: "Now, you can empower your marketing team to take action on what they learn." Yikes.
As someone said in the Hacker News post covering this: "I feel that this is one of those 'great for data miners, terrifying for consumers' moments." There were a number of other posts expressing similar sentiments. It's important to recognize that people are increasingly sensitive to how their personal data is being used.
When reviewing your policies consider a couple of privacy best practices:
Be Transparent: Tell user's exactly what you are doing and/or intend to do in with the data from this personalization feature. If you are going to behaviorally target users based on People Analytics data (which is probably the best use of this data) then tell the users that that is your intention.
Something simple like, "we may share personal information with our service providers in order to maintain, enhance, or add to the functionality of the Website" would suffice but something more explicit would be better.
This website uses Mixpanel to help analyze how users use the site. The tool uses "cookies" to collect standard Internet log information and visitor behavior information. The information generated by the cookie about your use of the website (including IP address) is transmitted to Mixpanel. This information is then used to evaluate visitors' use of the website and to compile statistical reports on website activity for us. We further use the statistical analytics tool to track or to collect Personally Identifiable Information (PII) of visitors to our site including your account information and email address.
We will use this information in order to maintain, enhance, or add to the functionality of the Website. Mixpanel will not share your PII or associate your PII with any other data held by Mixpanel.
Opt-In: Allow the users to opt-in to the service. Your marketing folks are going to hate this, but it is a best practice that will get you compliance with laws protecting European and Canadian customers. If you can't abide by the opt-in part, then you should at least let the user opt-out of People Analytics.
And as a last word, just to highlight how sensitive this area is, even Google doesn't permit the type of tracking Mixpanel is offering.
Privacy is a growing concern among users and it is in your best interest to become privacy-sensitive. You can read some additional information on privacy best practices or for even more information check out my book Startup Privacy: The Entrepreneur's Guide to Privacy.