Creating Marketplace Competition for Privacy

The competitive announcements came rolling in one after another -- from Google, Ask, Microsoft and Yahoo -- until all the largest players in the hypercompetitive search market had spoken. The companies weren't trumpeting the launch of new products or services but rather the steps they were taking to protect their customers' privacy.

For the vast majority of Internet users, the Web 2.0 revolution has translated into an unprecedented capacity to store information, manage day-to-day tasks and communicate -- at little or no cost -- using the seemingly limitless free storage and functionality offered by Internet companies. If there's a dark side to this profusion of offerings, it's that we as users are being asked to surrender ever-increasing amounts of sensitive personal information as a daily cost of living online.

Which is what makes the recent string of announcements from the nation's largest search companies so encouraging. This may signal the emergence of a new marketplace in which robust privacy protections are as much a source of competitive differentiation as anything else companies offer to their customers.

Among the recent developments:

Ask.com announced that it would allow customers to request that Ask not store any of their searches -- a first among major search engines. Ask further announced that after 18 months it would remove identifiable personal information (such as cookies and IP addresses) from the search records it does keep.

Google said it would limit the life span of its cookies (small files that remember online movements to aid Web navigation) to two years. Google also announced that it would partially obscure IP addresses and cookie identifiers in its search logs after they have been stored for 18 months.

Microsoft has announced that it would remove all IP addresses and cookie identifiers from its search logs after 18 months, and will store search logs separately from account information.

Yahoo will soon announce a new policy to delete portions of IP addresses and cookie identifiers in its search logs after 13 months. Yahoo will also apply a personal information filter to remove names, Social Security numbers, addresses, telephone numbers and other personal information from its search logs after the same time period. Yahoo plans to limit the life of its cookies to two years.

To be sure, the recent changes announced by search companies are only a first step. The onus remains squarely on lawmakers to take the lead role in creating meaningful privacy safeguards for the digital world. But the announcements could signal the beginning of a larger trend that holds enormous potential benefits for consumers: Internet companies aggressively competing on privacy.

Until very recently, the policies of major search companies regarding how long they kept detailed, and often personally identifiable, records of their customers' searches were virtually identical -- they kept them for as long as they deemed them useful -- which in most cases meant forever.

From a privacy standpoint, this was troubling on a number of levels. First and foremost, our Internet searches can be used to create stunningly detailed profiles of our activities, preferences and political inclinations -- information that most of us would rather not have fall into the wrong hands. Second, the legal standards limiting the government's ability to obtain access to that information are perilously weak, leaving us exposed to the potential of getting swept up in investigative dragnets.

There are some legitimate purposes -- such as combating "click fraud" and improving the search experience -- for which companies may need to retain some customer data for a limited period. But as we're beginning to see with these recent announcements, those needs can be met without long-term retention of sensitive information.

Righting the privacy balance in this country will require a combination of legal, educational and industry initiatives. By themselves, these announcements don't create a tectonic shift in the American privacy landscape. But they are an extremely important step in the right direction.

Leslie Harris is the president of the Center for Democracy & Technology (http://www.cdt.org), a nonprofit advocacy group that works to preserve democratic values and constitutional freedoms in the Internet age. Visit CDT's blog, PolicyBeta (http://blog.cdt.org) for regular updates on high-tech policy issues.

Join the Discussion
blog comments powered by Disqus
 
You Might Also Like...