Trade PII not privacy

There is an orthodoxy that privacy is willingly traded by people in return for some sort of reward. Try Googling “trade privacy for” (with the quote marks). I got 181,000 hits! Among other things, people are said to trade their “privacy” for convenience, security, safety, cheaper loans and free phones.

Yet there’s a category error here, one we really need to be aware of, in the interests of clear thinking and good policy.

Increasingly what consumers are doing is trading their Personal Information for a gain of some sort. And in principle, that’s actually fine by me, and by most privacy advocates. Because privacy and Personal Information are not the same kind of stuff.

Amongst the digerati there is a popular view that most people these days are smart enough to know what they’re doing when they sign up for loyalty programs or provide their details when they enter a competition. That view may or may not be right, but it is a sensible position. The important thing is people can and should retain their privacy in the process — because privacy and Personal Information (or PII) are different things. Data privacy is a state where parties that hold information about you respect that information, and are restrained in what they do with it. Privacy means they refrain from knowing more about you than is necessary, and from re-using PII collected for one purpose for some other purpose.

There is no inherent problem in bargaining your PII with others who happen to value it, but to preserve privacy in these transactions, we need greater visibility from retailers et al of what they intend to do with the PII they collect. We need more sophisticated tools so consumers can fully comprehend what’s going on in these data transactions. And we need more precision and rigor in the way we talk about privacy. Let’s be clear: there can and should be a fair trade in Personal Information, but not in privacy.

By analogy, we trade money for goods without necessarily losing value, unless the trade in question is unfair. So this is all about transparency, negotiation and fairness — the same things consumers care about in any transaction.

One of the deep gripes privacy advocates have about today’s digital businesses is their opacity. Facebook and the like harvest vast amounts of PII, without committing themselves to any Use Limitation at all, and without even telling their users what they’re up to. For example, Facebook’s privacy policy is silent on what they do with facial recognition in the background and with biometric templates. Infomopolies make inordinate amounts of money on the back of personal data collected from us without ever acknowledging its true value, let alone negotiating the trade.

And that’s the sneaky one-sided bargain at the heart of most social media.