As everyone pours their personal lives into Facebook et al, what happens to it? Some companies reckon they own it all. Others reckon they can change the rules at any time, and just tell you afterwards.
Alec Saunders has proposed a Privacy Manifesto for the Web 2.0 Era (and you can follow that link for some discussion of the why):
- Every customer has the right to know what private information is being collected. That rules out any secret data collection schemes, as well as monitoring regimes that the customer hasn’t agreed to in advance. It also rules out any advertising scheme that relies on leaving cookies on a customer’s hard disk without the customer’s consent.
- Every customer has the right to know the purpose for which the data is being collected, in advance. Corporations must spell out their intent, in advance, and not deviate from that intent. Reasonable limits must be imposed on the collection of personal information that are consistent with the purpose for which it is being collected. Furthermore, the common practice of inserting language into privacy policies stating that the terms may be modified without notice should be banned. If the corporation collecting data wishes to change its policy then it’s incumbent upon the corporation to obtain the consent of customers in advance.
- Each customer owns his or her personal information. Corporations may not sell that information to others without the customer’s consent. Customers may ask, at any time, to review the personal information collected; to have the information corrected, if that information is in error; and to have the information removed from the corporation’s database.
- Customers have a right to expect that those collecting their personal information will store it securely. Employees and other individuals who have access to that data must treat it with the same level of care as the organization collecting it is expected to.
Hat tip to Peter Black.