July 18, 2005
Search Engines and Privacy...AGAIN?!
Hmm...this sounds familiar...haven't we heard this story before? Yes, only about a thousand times. Danny Sullivan asks why we obsess about Google and privacy and ignore how other search engines (such as Yahoo) also have rich databases of potentially equal magnitude.
Indeed, I was going through my notes over the weekend and came across this March 2005 AP article fretting about how Amazon might use its customer database. The search engines-and-privacy story seems to endlessly cycle through the press, pretty much every time a search engine adds a new feature that uses personal data. (I won't even revisit the mind-numbing press about Gmail from last year).
I offer three propositions about search engines and privacy:
1) Search engine databases can be accessed by government agencies through legal processes. In rare cases, other private parties could use a legal process to access information in these databases too. Search engines are not alone in this regard; any business that has personal information about its customers is susceptible to these legal processes as well. It's true that search engines have particularly interesting/rich data, but plenty of other vendors have interesting data too.
So search engines aren't the problem; the problem is government snooping. As a result, perhaps new legislation would be appropriate to raise the bar on when the government can tap into search engine databases (a little like the "Bork bill" that raised the bar for accessing video rental histories).
2) Search engine databases are a tempting target for hackers. This is true, but once again, search engines are not unique in this regard. Every business that maintains personal data about its customers is a hacker's target. As a result, we need businesses to take prudent actions to prevent hacking, and we need government enforcement against illegal hacks. Nothing new here on any front.
3) Search engines will necessarily need to obtain and use personal data to reach the next rung of delivering relevant results. Right now, the biggest limitation inhibiting search engines is that they use a "one-size-fits-all" relevancy algorithm, designed to satisfy majority interests rather than personalized to each person's interests. Google has done a remarkable job with relevancy using a one-size-fits-all algorithm, but it (and its competitors) will make quantum improvements in relevancy when they personalize the searches. To personalize the searches and really give searchers what they want, search engines will need to collect and use rich personalized datasets. This is a good thing for searchers.
Thus, from my perspective, social welfare will improve in these situations. I can't wait for Google and other search engines to start reading my mind (as opposed to making guesses about majority interests). Let's hope that the constant whining/scaremongering about search engines and privacy doesn't delay us in getting there.
Prior blog post on this topic.
UPDATE: Google has blacklisted News.com reporters for one year because of the story linked to above.
>3) Search engines will necessarily need to obtain and use personal data to reach the next rung of delivering relevant results.
Marketers frequently say that the more personal information they have, the better ads, search engine results, etc will be targeted. But once policymakers buy this and allow collection of personal information, how do we guarantee that these breathless claims become more than hot air? And is there any way to get our data back if business doesn't deliver on the bargain?
I'm writing this comment today in part because on my blog, I quoted an article (http://www.choof.org/archives/000694.html ) from DirectMagazine, discussing credit card solicitations. In that context, marketers and financial services lobbyists argued that consolidation of banks and affiliate sharing of data would result in fewer, more relevant ads. But there is no evidence whatsoever to support this. The available data show that the effect of GLBA was to make banks richer, reduce avabiliablity of services, and increase bank fees. And to top that off, there are more direct marketing solicitations for credit than ever (over 5B annually) and the response rate to these solicitations is lower than ever!
So, how can we work in accountability so that collection of PII for search engines doesn't pay off, we can get our data back?
Posted by: Chris Hoofnagle at July 18, 2005 01:19 PM
Chris, there are a lot of embedded assumptions in your post that I disagree with, so I'm not exactly sure where to start. Let me try to address a couple:
* marketers may make expansive claims about the benefits of acquiring and using personal data. This, of course, is true, and the failure of many CRM projects is testament to that. However, I think it's a mistake to treat all marketers equally with this sweeping generalization. Some marketers will succeed in improving the consumer experience, some marketers could have succeeded but will manage their business poorly, and yet others may puff their claims. From a policy-making standpoint, we should be careful about treating marketers as speaking with a single voice. The point is that some marketers will improve social welfare, and we need to be careful not to forego those improvements unless the aggregate effect of all marketer actions degrades social welfare.
* I'm interested in the social welfare effects of the GLBA, so thanks for the pointer. However, I would once again be careful about oversimplifying the effects. I have plenty of reasons to believe that the GLBA was ill-conceived policy (although maybe not for the reasons you might agree with that proposition!). Certainly I would not have assumed that the GLBA was designed to improve social welfare regarding the delivery of marketing.
* More generally, I emphatically reject the implicit notions that privacy pits business v. consumer. I will shortly make a more comprehensive argument about why businesses and consumers have mostly aligned interests regarding "privacy." They aren't in complete alignment, but I find that setting up a zero-sum game between businesses v. consumers on this topic is both divisive and potentially misleading.
* As for your final remark...it's a cute turn of the phrase, but I didn't understand it. I don't want my "data back" as if it's a piece of chattel that can be shuttled around from place to place. I want a set of outcomes, such as improved services and protection from identity theft. If I don't get those outcomes from an individual marketer, then one of three things happened:
- I made a good decision to interact with that marketer, but it had a bad outcome. Stuff happens.
- I made a mistaken judgment interacting with the marketer in the first place. My bad.
- I was lied to by the marketer or the marketer otherwise failed to uphold its end of the private or social contract. Let the lawsuits fly!
Posted by: Eric Goldman at July 19, 2005 09:43 AM
This is a good clause that Search engine databases can be accessed by government agencies through legal processes.
Posted by: Mac at July 21, 2005 06:57 AM