Last year I took a look at Google’s new privacy policy and wasn’t that happy with the way it was presented. Too many links to click, hard to backtrack to make sure you read everything, not sure which parts were boilerplate web safety advice vs. Google’s specific policy, and more. But it got me to thinking, which those who know me rightly find dangerous, about what the future of privacy policies really are. It’s clear that no one is terribly happy with the current situation. Users have no idea what they are agreeing to, privacy advocates complain about the lack of transparency and pillory companies, governments also criticize and regulate companies for their behavior, and companies go to great lengths to obscure what they are doing because they know they will be criticized no matter what. I wonder if there is a better way.
In many ways, privacy comes down to a simple question. Do we need to depend on the free market or on governments? Of course, in the end, it will be a combination of both forces that tell us where we end up, and we should expect to end up in different places in different countries and cultures.
But I think that people have focused on regulation as the only solution, and we’ve overlooked how fraught that approach is with problems:
- Each government (or consortium of governments, such as the EU) will likely have its own regulations, exposing global businesses to risk and cost, neither of which makes privacy any better.
- If individual people would prefer different approaches to privacy, a one-size-fits-all regulation is unlikely to allow that.
- It will take years to have a significant impact, and each technological and business model innovation will affect privacy for years before it is regulated.
I am hopeful that the ability of the public to be educated on privacy perils might allow a free market solution. Perhaps the regulation just needs to ensure transparency of exactly what you are giving up each time you click “accept.” Might companies compete on how they handle your information? Might companies pay consumers for the value of the data that they are parting with? Can companies use privacy as a differentiator?
I don’t know if any of these ideas would work. I just feel like we always act as though regulation of corporate behavior is the only approach. I’d love to explore a free market approach to privacy.
In the end, we all need to admit that we are willing to give up some privacy to get all this cool stuff for free, just as we subject ourselves to advertising for free media. But privacy is too complicated. What’s needed is a company (perhaps even a non-profit one) that can allow privacy to be standardized so that people can decide what they are willing to give up on a company-by-company basis.
Some might argue that it would be very difficult for any company to keep up with all of the different innovations that threaten privacy, but to me that is the point. Companies could always ignore this privacy clearinghouse, but people would have the ability to vote no to any company that did not comply, if they feel strongly about privacy.
Then at least we’d know. Right now, privacy advocates claim that people are asleep about privacy, not because they don’t care, but because it is too complicated. Can these advocates band together and set up a mechanism that simplifies? If so, maybe we’ll find out what privacy is really worth and we’ll find which companies want to compete on privacy.