Privacy Done Wrong–So Many Missed Opportunites
Last month Google launched their Good To Know campaign which, among other things, is their effort to be more transparent about what they do with the personal data they collect. I applauded the effort here. Unfortunately for them the public didn’t share my enthusiasm. Then this week Pinterest, Path and Hipster are all under scrutiny for same same sort of privacy violations that CarrierIQ was accused of late last year.
The rub is that no one is doing anything illegal. They are all just doing it wrong. The common thread with all of these stories is that they weren’t up front with their intentions from the outset and the result is a loss of trust from their otherwise loyal customers. The long-term damage is significant – trust is fragile and once lost it is a really tough climb back to re-earn it.
Coincidentally, or maybe not coincidentally, these episodes are unfolding at a time when there is a great deal of regulatory activity with regards to privacy. The world is moving in a direction where companies are going to be required to do the things the Good To Know campaign is doing whether they are “Do No Evil” or “Dr. Evil.” Privacy laws and regulations are coming that will restrict the collection, use and storage of personal information more severely then current requirements. If you need evidence of this see what The European Union just released and look for reports from the FTC and Department of Commerce in the coming weeks.
The regulatory environment and the public outcries all point to a future landscape where online users have much better control over what they allow organizations to do with their data whether the companies want that or not. Companies like Twitter, Google, Zynga and Facebook that make their money from analysis of the data they collect are going to face a mighty uphill struggle to meet these new regulations. At least Google has seen the writing on the wall and they’re doing something about it.
And, with professional interest, I’ve been following all of this closely, So it was on the top of my mind when I came across this tongue and cheek statement with regards to Zynga’s personal information analytics,
It’s like the games are playing you.
Seven simple words that nicely sum up how most people feel about the online services that are profiting off of the personal data they collect and analyze. Most people now understand that companies are making money off of our personal information in exchange for the services we receive, but even with that understanding many find it distasteful.
You can do a quick search on the latest privacy news and see the visceral reaction from the public when they realize that the “free” application they are using isn’t really free – it comes at the cost of giving up their personal data. And they are not only shocked at just how sophisticated data aggregation and analysis had become but they’re upset that the only place to find out about is to parsing through the legalese of a privacy policy.
As a result, as I’ve said, the trust is broken. The interesting part to me though is psychology lesson behind this result. It seems reasonable to be creeped out that a faceless organization knows so much about you. But what if the organization didn’t seem so faceless? People allow individuals to know all sorts of personal details and appreciate the fact, Think of the barber, hair stylist, the local bartender, or the coffee shop owner. We praise the fact that they know us and as a result we are comfortable sharing personal details with them.
The takeaway here is that new companies should strive to establish that personal relationship with their customers right from the first MVP launch. Become the barber or neighborhood grocer and people will partner with you, not fight you. The first step towards creating that relationship is to be open and honest with them right out of the gate, and continue that transparency every time you contact them, especially if you are collecting information about them. And guess what privacy best practices preach – that’s right – full transparency and clear disclosure.
Privacy best practices can be summed up simply:
- Only collect what you need and/or has direct benefit to the customer
- Only keep it as long as you need it
- Tell the user exactly what you are going to do with their data
- Allow users complete control over their data
For a company like Facebook to go back and enable features that do the aforementioned this is really challenging, if not downright impossible, but for the entrepreneur just getting off the ground its a couple of bullet points on a requirements document to complete for that MVP build.
There are a few doing it right already. Mint is one of those companies. Here a quote I came across this week about Mint:
They are also very explicit about how they handle your data and what happens when you want to close your account. That’s what finally convinced me to give it a try. Couldn’t be happier.
Unfortunately there are still many doing it wrong as well. Philip Kaplan, a.k.a “pud,” launched Fandalism recently. And I saw this the other day on Hacker News. As far as I could tell neither site even have a privacy policy. That’s a missed opportunity.
The lens through which people view your company makes a huge difference. If someone sees your company in a positive light then they are much more likely to trust you, share their details and partner with you to improve their experience. “Do No Evil” is good, “Be Completely Transparent” is better – better intentioned if not a better advertising slogan anyway.