« Stowe Boyd on Gush |
Main
| Stowe Boyd, Dave Pollard on the evolution of social software »
February 5, 2004
Social networking services and Privacy
Posted by Clay Shirky
Interesting piece by Roger Clarke on
the privacy implications of social networking services, and comes to some grim conclusions. The centerpiece is an analysis of the legal rights of the user on Plaxo:
Under the doctrine of privity, a contract creates rights and responsibilities for the parties to the contract, but for no-one else. Hence there are no rights whatsoever under the contract for the individuals to whom the data relates.
The pop-up box declares the following undertaking by Plaxo to their client: "we respect the privacy of your contacts and maintain a strict policy of not sharing their contact information (received as a result of responding to your update requests) with other Plaxo users who are asking for this information" (my emphasis). The emphasised words appear to exclude the data that is provided by the user when they upload their adress-book, and hence the undertaking does not apply to the data about other people that users gift to the company.
This assurance falls desperately far short of real privacy protection. It is in any case entirely non-binding because of the clause in the Terms of Service which declares conclusively that "These Terms of Service shall constitute the complete and exclusive agreement between us". (The Terms incorporate the Privacy Policy statement, but not the contents of the pop-up box).
Comments (3)
+ TrackBacks (0) | Category: social software
- RELATED ENTRIES
- › Spolsky on Blog Comments: Scale matters
- › "The internet's output is data, but its product is freedom"
- › Andrew Keen: Rescuing 'Luddite' from the Luddites
- › knowledge access as a public good
- › viewing American class divisions through Facebook and MySpace
- › Gorman, redux: The Siren Song of the Internet
- › Mis-understanding Fred Wilson's 'Age and Entrepreneurship' argument
- › The Future Belongs to Those Who Take The Present For Granted: A return to Fred Wilson's "age question"
1. Scott Moore on February 6, 2004 8:13 PM writes...
If the conclusions are grim, it's because privacy protections in the US are grim. Aside from financial and medical organizations, there aren't general privacy protection laws. At best, the demands of the public push organizations toward some form of privacy protection practice. Usually, the case is that as long as the organization is fully forthcoming about the way they handle identity information and they don't behave counter to what they claim, they are in the clear.
(I'm not a lawyer and this is my understanding based on sifting through word-by-word my foundation's privacy policy.)
On the other hand, grim conclusions hopefully will shed light on ways services can improve their handling of identity information.
In addition to the key question about what happens when a person is encouraged to reveal identity information of third-parties, Roger sheds light on what happens to identity information in transit. He points out that while Plaxo does not "sell, exchange or give information in Your Contact List", they fail to mention what happens to your information that is in their disk or memory cache, logs and backups. Oops.
I wonder how many organizations (aside from financial and medical whose handling of identity information is regulated by the government) consider this? I think it's time for another review of our Privacy Policy.
Permalink to Comment2. Scott Allen on February 6, 2004 11:44 PM writes...
While some of the points he raises are certainly valid, I think this paragraph from the Conclusions section...
"In general, people would be well-advised firstly to stay well clear of all address-book and 'social networking systems', and secondly to prevail upon their friends, colleagues and acquaintances that they should avoid making any data about them available to service-operators like Plaxo."
...is ridiculously alarmist. In general, people would be well-advised to steer clear of social networking systems?!?
There's a fundamental difference here between people whose goal is to be seen/found and those whose goal is not to be. I don't consider my e-mail address or my telephone number "private" information -- quite the contrary... I want them as public as possible, with the obvious exception of not putting my e-mail address where spambots can pick it up. I want people in my trusted network to give my e-mail and phone number to other people in their trusted network so those people can contact me about possible business.
I hardly think I'm alone in this regard. In fact, if I were, these sites wouldn't have tens of thousands of members flocking to them left and right. For those of us who WANT additional visibility, Clarke's comments are completely off-base.
Permalink to Comment3. Simon Roberts on February 7, 2004 5:09 AM writes...
A long series of comments on Plaxo from iWire...a thread which has rumbled on for over a year
http://www.theisociety.net/archives/000173.html
Permalink to Comment