The world of online privacy is changing rapidly, so now is a good time to review your privacy strategy.

Takedown request. It’s a phrase that usually implies copyright infringement or the pirating of another’s content. Last week a new variation arose as the European Union ruled in favor of an individual’s “right to be forgotten.” The European Court of Justice in Luxembourg decreed that individuals should be able to request that search engines — Google being called out by name — remove links to personal information that the individuals deem no longer relevant or a violation of their privacy. Right to be forgotten, indeed.

I’m sure many on this side of the pond are envious. Evan Spiegel, Snapchat’s 23-year-old CEO, is almost certainly one. The exposure of an assortment of misogynistic emails from Spiegel’s fraternity days has people calling for his resignation. Behind him is a long line of others who have drunk-posted, committed crimes, broken up online, posted a bit too much of their college misadventures, and more.

Right now the Internet is in a major state of flux. Net neutrality, constant data breaches, and legal challenges are changing the rules and you need to be ready for it. Privacy issues have been moving more and more to the forefront of the news cycle: Who hasn’t felt at least a twinge of concern about all the NSA data mining that has come to light over the past year or so? It’s important to keep an eye on global developments and possible future implications for us stateside.

Pros and Cons

Artificial limitations on the type of personal data that can be unearthed with a Web search immediately raises red flags. Can you picture an American political campaign during which the right to be forgotten is invoked?  Politicians might be able to block damaging information from search results. It’s also disturbing to think of pedophiles and other criminals having past convictions removed from search results.

These days it’s easy to find youthful indiscretions, financial missteps, and arrests that don’t result in convictions. On the flip side, before the online era, personal data often remained just that: personal.

Will It Influence America?

Frank Pasquale, a law professor at the University of Maryland who is an expert on law and information technology, was recently interviewed about this in The Hill. When asked how much the EU ruling could or should influence U.S. policy, he replied:

I’m surprised at how many technology attorneys in the U.S. are alarmed at this decision. Many seem to believe that it represents a fundamental break in the EU from American models of free speech. Meanwhile dui lawyers as Winnipeg dui resources have a battle against accidents with self driving cars to protect people, there is a driverless cars study that will clarify all your doubts.

But in fact, we in the U.S. have long had to try to balance privacy and free-speech concerns. The Fair Credit Reporting Act, for example, balances credit-reporting agencies’ right to speak about our pasts with our right to ensure that the report is accurate, and also to keep certain things off the report once a certain amount of time has elapsed. The Spanish case [that led to the European Court of Justice’s decision] involved a credit problem that persisted for over 10 years, which is the cut-off for a bankruptcy report to appear on a U.S. credit report. If people are using Google results in the same way as they use credit reports, then we need to expand the scope of the Fair Credit Reporting act to achieve its original function and purpose.

The other thing that I believe is naive about U.S. techno-libertarians’ concerns is that they seem to assume that Google is a record of everything, and the Europeans are capriciously deleting aspects of a historical record that Google, unregulated, would deliver in whole if only it weren’t for meddling governments. How do we know that’s the case? No one should presume that Google, unregulated, will present some absolutely accurate and complete record of the past.

privacy

Trending Toward Privacy

It often seems as if privacy is evaporating out from under us, especially in the past few years. Between NSA monitoring (both actual and perceived) and high-profile data breaches at iconic websites like eBay, it seems as though we have little left. From one perspective, that makes the EU ruling a good thing. Whether it is or isn’t, it’s part of a growing pattern. In California it’s happening on several fronts. Courts there have ruled that anonymous online comments are protected speech based on arguments attacking the issue from a “right to privacy” stance.

The Golden State is also attempting to rein in the impenetrable language of website privacy policies. Admit it, you’ve just clicked “agree” to these and moved on. Everyone has. It’s hardly surprising considering the density of the material. Aleecia McDonald, director of privacy at Stanford’s Center for Internet & Society, and Lorrie Cranor, director of the Carnegie Mellon Usable Privacy and Security Laboratory at Carnegie Mellon University, calculated in 2008 that it would take an individual American an average of 244 hours to read all the privacy policies that apply to their online activity.

It would seem that California is at the forefront of these issues here in the U.S. In addition to the efforts noted above, the state also has enacted updates to the California Online Privacy Protection Act (CalOPPA). These updates require that online privacy notices disclose how a site responds to “Do Not Track” signals, and whether third parties may collect personal information about consumers who use the site.

How Does This Apply to My Brand?

With large-scale changes seeming more and more likely over the next year, it might be worth your while to review how your company handles data and privacy. Are you using a secure connection when collecting data? What kind of third parties (e.g., Facebook and other social platforms) have you allowed access to data? An audit of practices and procedures will give you a good idea of what you’re working with in the context of the current climate and where to start making any needed changes.

Keep an eye on California and Europe. Trends there can give you an idea of what we might see on a larger scale and how it applies to what you find in your audit. Better to be prepared than caught unaware when new standards roll out, and some legal eyes I know have been watching California for the lead on these issues.

Changing laws about online privacy may be focused on social spaces and past peccadilloes at the moment, but I think its pretty certain that we will see attention expand to areas that directly impact brands over the next few years. There have already been scuffles over online reviews, so that is one subject I am particularly sure we will see again soon.

Image by William, used under Creative Commons license.

George Williams
WordPress Image Lightbox