So eBay’s partnered with Google to provide Google adwords results for the non-US market; eBay has exactly the same deal with Yahoo for the domestic US market. Odd moves indeed, but definitely safe ones for eBay.
The business behind the partnership is obviously sound; as the Search Engine Journal notes, Google has a greater search engine market share outside the US, which eBay is moving to capitalize on.
However, what worries me (a vague, insubstantial ghost of a worry for the moment), is what happens to our user data. Does eBay really share just search keywords with Yahoo/Google? Or does more user data get moved around? eBay’s privacy policy indicates that personal information may be shared with “members of our corporate family to help detect and prevent potentially illegal acts and provide joint services; (Our corporate affiliates will market only to users who request these services.)”. What exactly that means with regards to the partnerships with Yahoogle (pardon my French) remains unclear - does redirection of user-provided search keywords qualify as a “joint service”? Will users get to opt in to this service (we don’t seem to right now)?
Even if eBay were not to share any user information with Yahoogle, there still remains the matter of the numerous cookies that Yahoogle and others have cluster bombed our browsers with, tracking our every move. Yahoogle will at the very least know that you made a search on eBay, and what you made the search for - information about users, or what John Battelle called the Database of Intentions is, after all, the currency of business on the web.
(Serendipity - as I write this post, I find that John Battelle recently posted something similar, as has Tim Bray)
A little mucking around the web reveals that old world businesses that have been wheeling and dealing consumer information for many an year now, those evil credit rating agencies, already have legislation in place (in the US, at any rate), called the Fair Credit Reporting Act, restricting their behaviour. While the FCRA may not cover the kinds of implicit and explicit information trades that occur on the web, it does, in principle, provide an excellent definition of what might be considered a personal information aggregator. As the FTC’s staff opinion on the subject states:
Section 603(f) defines a “consumer reporting agency” as any person “which, for monetary fees, dues, or on a cooperative nonprofit basis, regularly engages in whole or in part in the practice of assembling or evaluating consumer credit information or other information … for the purpose of furnishing consumer reports to third parties …”. In turn, Section 603(d) defines a “consumer report” as the communication of “any information” by a CRA that bears on a consumer’s “credit worthiness, credit standing, credit capacity, character, general reputation, personal characteristics, or mode of living” that is “used or expected to be used or collected in whole or in part” for the purpose of serving as a factor in establishing eligibility for credit or insurance to be used primarily for personal, family, or household purposes, employment purposes, or any other purpose authorized under Section 604.
What happens when eBay, Yahoo, Google, Amazon and the other heavyweights of the web start sharing user information, explicitly via partnerships, or implicitly, as occurs today, via cookies and beacons? Will it all come down to the Googlezon infocalypse, once we’ve all been indexed, ranked and neatly slotted away?
Think this shouldn’t worry you? To give you an idea of what, and how much, information is gathered, consider AOL’s practically criminal release of user search data, including personal names, social security numbers and just about anything else that goes in a search box.
It may be worth considering that something akin to antitrust law for mergers of user databases might be a good idea. Information monopolies are as much of a worry as monopolies in other commodities, and they are a problem we should start addressing right away.
Perhaps it’s time for a Fair Information Reporting Act, one which forces personal information aggregators to inform us of what information they’re implicitly collecting about each of us, forces restrictions on how long such information may be stored in its raw form, and restricts explicit personal information trades. It may be fair to expect that aggregate information about searches could be maintained, since this is really the commodity that allows Yahoogle et al., to function; such aggregate information must be stripped of any personally identifying characteristics, ensuring that searches may never be traced back to individual users.
How would such a law affect services such as del.icio.us and Technorati? It may be that as long as information is made publicly available in an unencumbered form governed by something like a Creative Commons license, it is excluded from the ambit of the law. I don’t pretend to have all the answers; these questions do need further debate - where’s a good lawyer when you need one? ;-)
Stake Five :: Standardizing Privacy Policies | 11-Sep-06 at 12:32 pm | Permalink
[…] If a site were to draft its own policy, a policy validator could be provided that would check which of the common policies the site’s policy conforms to. Now that would be great, especially if a site’s privacy policy could automatically be checked for conformance to APPEL (the P3P Preference Exchange Language, used to form rules defining P3P user preferences) expressions of privacy law for different jursidictions. And perhaps (just perhaps!) we might be able to catch those nasty information monopolists in the act, just so long as their P3P files do indeed declare their true intentions. […]
Stake Five :: The Singularity Cometh Forth | 16-Sep-06 at 2:52 pm | Permalink
[…] Around the time I put up my first post on privacy, I started noticing conversation on the topic in the blogosphere. Oddly enough, I had started writing that post before I noticed the attention the blogosphere was paying to it. […]