A Privacy Bill of Rights

Even if last month’s revelation of data leaks in two popular iPhone applications didn’t come as much of a surprise, the strength of the reaction it spawned from the White House on down more than made up. Paraphasing Captain Renault, users everywhere were shocked—shocked—to learn that internet-connected apps were sharing and sequestering data without explicit permission. In response, the Obama Administration introduced a set of guidelines—the reassuringly-named “Consumer Privacy Bill of Rights”—to make sure that this kind of thing wouldn’t happen again.

There are seven points to the Bill of Rights:

  • Individual Control: Consumers have a right to exercise control over what personal data organizations collect from them and how they use it.
  • Transparency: Consumers have a right to easily understandable information about privacy and security practices.
  • Respect for Context: Consumers have a right to expect that organizations will collect, use, and disclose personal data in ways that are consistent with the context in which consumers provide the data.
  • Security: Consumers have a right to secure and responsible handling of personal data.
  • Access and Accuracy: Consumers have a right to access and correct personal data in usable formats, in a manner that is appropriate to the sensitivity of the data and the risk of adverse consequences to consumers if the data are inaccurate.
  • Focused Collection: Consumers have a right to reasonable limits on the personal data that companies collect and retain.
  • Accountability: Consumers have a right to have personal data handled by companies with appropriate measures in place to assure they adhere to the Consumer Privacy Bill of Rights.


It sounds nice. But even without the document’s most glaring omission, the Bill of Rights comes across as an unnecessary reaction. There are gray areas in the collection and transmission of digital information that cannot be resolved in black and white terms.

I’m all for privacy, but legislation from on high is no replacement for reasonable decision-making on the ground. Don’t use applications you don’t trust. Don’t pass information through insecure channels. Don’t take candy from strangers. But I digress.

There isn’t any defense for a breach of trust, but the reality is that the unauthorized transfer of data is a pervasive and wholly necessary part of the world online. The Internet’s evolution from a loose amalgamation of unrelated documents into a tightly-coupled economy of scale has rendered privacy—at least, the degree of separation that the loudest voices seem to conflate with privacy—virtually impossible. Service providers specializing in search, location, notification, and a thousand other niche markets enable developers to draw upon a wealth of data for their applications at a price that independent teams could never match.

The price of economy, however, is that any single piece of data provided to an application may pass through a dozen hands over the course of its operational lifetime. It sounds bad, but it usually isn’t: general practice is to make transactions with 3rd-party services in the blind. Even when data flows freely between an application and an unaffiliated service provider, it usually does so without any identifying information attached. For instance,

If I ask my friendly local recommendations provider to find “tacquerias near me”, my request will at least pass through whatever service is used to provide an interactive map on the results page. When the map provider gets the request, however, it won’t have my name or e-mail address attached. Instead, the only data to pass through the blind will be an innocuous, detached request for a map to show me where I can find burritos.

That kind of not-quite-explicitly-authorized transaction doesn’t really hurt my privacy, but it does help me get to the nearest burrito. It’s a simple case, but it clarifies the point: one-size-fits-all privacy guidelines are out of step with reality. Data integration isn’t just business-as-usual on the web—it’s also the oil greasing the cogs underpinning the kinds of seamless experiences that internet users have grown to expect. My service provider could have prompted me every step of the way (“do you really want that burrito? How much? Enough to tell us so? Enough that we can pass your request along to someone else who can show you where to find it?”). It wouldn’t enhance my privacy, but it might drive me away in disgust.

Privacy and interaction are opposite poles on the same axis. Having both means compromise, and compromise means carefully weighing the costs and benefits associated with each before leaping into radical action.