I’ve been scratching my head reading a WAA discussion that raised privacy concerns. The original post said this:
One of my clients is a professional membership association. They
would like to track which pages members go to after they have logged
in to the Website Members Only section, on an individual (i.e. by name) basis.
Perfectly reasonable, I thought. Apparently others disagreed, perhaps because of that parenthetical “by name” part, which perhaps deserves to set off a minor privacy concern.
I would be very disappointed if privacy issues made it impossible for use to differentiate between registered users and other visitors. I don’t think there is any reason for that, even when using third party analytics solutions and their privacy restrictions. Assuming that membership is required for full participation, people who go to the trouble of becoming members implicitly are the most active and involved people in the social network.
For example, rewarding “super-users” is generally regarded as a key to community management, but it is only possible if analytics tells us who they are. Privacy policies were never intended to prevent such analysis; their purpose is to restrict who has access to which data when third parties are involved.
Here is the relevant section of the Google Analytics Terms of Service:
Now we need a definition of “personally identifiable information,” so here is what Wikipedia has to say about that:
In information security , PII is any piece of information which can potentially be used to uniquely identify, contact, or locate a single person or can be used with other sources to uniquely identify a single individual.
So, as long as I, the site operator, am the only one who can connect the user IDs in the analytics system back to an individual’s real identity, I don’t believe there is a privacy violation. In other words, if I’m using a third-party analytics solution, I cannot include any sort of ID that would allow anyone other than me to connect the data back to a real person . No social security number, phone number, email address or anything like that, which I hope is common sense these days.
Our litigator-infested world has raised the privacy stakes considerably as digital media has grown. I have no objection to giving it a lot of thought and attention. However, as my friend David Brin has written, the trade-off between privacy and freedom is not as real as many people think.
Note: I host a mailing list that (purportedly) focuses on Brin’s ideas, along with other “Killer B” science fiction writers – Gregory Benford, Greg Bear, Stephen Baxter and Vernor Vinge (who is an honorary “B”).