19 Dec 08 Privacy and third-party analytics

I’ve been scratching my head reading a WAA discussion that raised privacy concerns. The original post said this:

One of my clients is a professional membership association. They
would like to track which pages members go to after they have logged
in to the Website Members Only section, on an individual (i.e. by name) basis.

Perfectly reasonable, I thought. Apparently others disagreed, perhaps because of that parenthetical “by name” part, which perhaps deserves to set off a minor privacy concern.

I would be very disappointed if privacy issues made it impossible for use to differentiate between registered users and other visitors. I don’t think there is any reason for that, even when using third party analytics solutions and their privacy restrictions. Assuming that membership is required for full participation, people who go to the trouble of becoming members implicitly are the most active and involved people in the social network.

For example, rewarding “super-users” is generally regarded as a key to community management, but it is only possible if analytics tells us who they are. Privacy policies were never intended to prevent such analysis; their purpose is to restrict who has access to which data when third parties are involved.

Here is the relevant section of the Google Analytics Terms of Service:

7. PRIVACY . You will not (and will not allow any third party to) use the Service to track or collect personally identifiable information of Internet users, nor will You (or will You allow any third party to) associate any data gathered from Your website(s) (or such third parties’ website(s)) with any personally identifying information from any source as part of Your use (or such third parties’ use) of the Service. You will have and abide by an appropriate privacy policy and will comply with all applicable laws relating to the collection of information from visitors to Your websites. You must post a privacy policy and that policy must provide notice of your use of a cookie that collects anonymous traffic data.

Now we need a definition of “personally identifiable information,” so here is what Wikipedia has to say about that:

In information security , PII is any piece of information which can potentially be used to uniquely identify, contact, or locate a single person or can be used with other sources to uniquely identify a single individual.

So, as long as I, the site operator, am the only one who can connect the user IDs in the analytics system back to an individual’s real identity, I don’t believe there is a privacy violation. In other words, if I’m using a third-party analytics solution, I cannot include any sort of ID that would allow anyone other than me to connect the data back to a real person . No social security number, phone number, email address or anything like that, which I hope is common sense these days.

Our litigator-infested world has raised the privacy stakes considerably as digital media has grown. I have no objection to giving it a lot of thought and attention. However, as my friend David Brin has written, the trade-off between privacy and freedom is not as real as many people think.

Note: I host a mailing list that (purportedly) focuses on Brin’s ideas, along with other “Killer B” science fiction writers – Gregory Benford, Greg Bear, Stephen Baxter and Vernor Vinge (who is an honorary “B”).

Filed in Privacy

http://nickarnett.net Nick Arnett

A member of the WAA group raised a question about my interpretation… you can read the TOS as saying that you, the site operator, cannot associate any data from GA with PII that you have.

My response:

I think you may have a point there… Am I the only one whose eyes start watering reading this stuff?

Here’s a larger excerpt: “nor will You (or will You allow any third party to) associate any data gathered from Your website(s) (or such third parties’ website(s)) with any personally identifying information from any source as part of Your use (or such third parties’ use) of the Service.”

I’m having trouble believing that this would actually restrict anybody from doing exactly what they could otherwise do with log file or application server data, so long as no PII ends up in a third party’s hands. In fact, although I am also not a lawyer, I have a hard time believing that this would be enforceable.

People who log in as members are no longer anonymous to the site they are visiting, so any assurance of anonymity, as the GA TOS seeks, is baloney at that point. All the site operator can assure is that Google and third parties aren’t getting any PII.

I like it when lawyers include a description of the intent of statements like this one. That would go a long way toward clarifying the issue.

I am assuming that Google’s intent is to prevent PII from ending up in Google’s hands. You are suggesting that Google is going much further and asserting a right to tell me what I can do with data that originated on my site. The fact that it passed through Google’s servers doesn’t give them the right to create such restrictions, in my opinion.

In other words, I believe that they can restrict the kind of data I send them to avoid violating my visitors’ privacy, but I have a hard time with the idea that they can restrict how I use data that came from me (and my visitors) in the first place.
http://365cigars.com cigar reviews

“Organisations are starting to wake up to the fact that people are using social media to actually find things out,” he said. “That's where the conversation …
http://www.mycheapvegas.com/hotels cheap trips to vegas

Demdex allows publishers to create a “behavioral bank” of user profiles with the data captured on their websites or purchased from third-party data sellers. …

19 Dec 08 Privacy and third-party analytics

Recent Posts

Recent Comments

Blogroll

Tags