SAN FRANCISCO Feb 19 Living in the world
of social networking and mobile smartphones means trading away
some of your personal information.
But assessing the price of admission to join the
super-networked, digital class is not so simple; even experts on
the issue admit that they don't have a full picture of the way
personal information is collected and used on the Internet. But
here are some basic guidelines to keep in mind.
Q. What information do you have to give up to participate in
social media?
A. Social networks such as Facebook and Google+ require at a
minimum that you provide them with your name, gender and date of
birth. Many people provide additional profile information, and
the act of using the services - writing comments or uploading
photos or "friending" people - creates additional information
about you. Most of that information can be kept hidden from the
public if you choose, though the companies themselves have
access to it.
If you use your Facebook credentials to log-on to other Web
sites, or if you use Facebook apps, you might be granting access
to parts of your profile that would otherwise be hidden. Quora,
for example, a popular online Q&A site, requires that Facebook
users provide it access to their photos, their "Likes" and
information that their friends share with them. TripAdvisor, by
contrast, requires only access to "basic information" including
gender and lists of friends.
Social media apps on smartphones, which have access to
personal phone call information and physical location, put even
more information at play.
On Apple Inc's iPhone, apps must get user
permission to access GPS location coordinates, a procedure that
will now be applied to address book access as well after
companies including Twitter were found to be downloading iPhone
address book information. Beyond those two types of data, Apple
locks away personal data stored in other applications, such as
notepad and calendar apps, according to Michael Sutton, the vice
president of security research at email security service
ZScaler.
Google Inc's Android smartphone operating system
allows third-party apps to tap into a bonanza of personal data,
though only if they get permission. In order to download an app
from the Android Market, users must click 'OK' on a pop-up list
that catalogues the specific types of information that each
particular app has access to.
With both mobile and Facebook apps, often the choice is to
provide access to a personal information or not use the app at
all.
Q. Should I worry about how my information is being used?
A. Personal information is the basic currency of an Internet
economy built around marketing and advertising. Hundreds of
companies collect personal information about Web users, slice it
up, combine it with other information, and then resell it.
Facebook doesn't provide personal information to outside
marketers, but other websites, including sites that access
Facebook profile data, may have different policies. Last year, a
study by Stanford University graduate student found that profile
information on an online dating site, including ethnicity,
income and drug use frequency, was somehow being tramsitted to a
third-party data firm.
The data that third-parties collect is used mainly by
advertisers, but there are concerns that these profiles could be
used by insurance companies or banks to help them make decisions
about who to do business with.
Q. Are there any restrictions on what information companies can
collect from Internet users or what they can do with it?
A. In the United States, the federal law requires websites that
know they are being visited by children under 13 to post a
privacy policy, get parental approval before collecting personal
information on children, and allow parents to bar the spread of
that information or demand its deletion. The site operators are
not allowed to require more information from the children than
is "reasonably necessary" for participating in its activities.
For those who are 13 or older, the United States has no
overarching restrictions. Websites are free to collect personal
information including real names and addresses, credit card
numbers, Internet addresses, the type of software installed, and
even what other websites people have visited. Sites can keep the
information indefinitely and share most of what they get with
just about anyone.
Websites are not required to have privacy policies.
Companies have most often been tripped up by saying things in
their privacy policies - such as promising that data is kept
secure - and then not living up to them. That can get them in
trouble under the federal laws against unfair and deceptive
practices.
Sites that accept payment card information have to follow
industry standards for encrypting and protecting that data.
Medical records and some financial information, such as that
compiled by rating agencies, are subject to stricter rules.
European privacy laws are more stringent and the European
Union is moving to establish a universal right to have personal
data removed from a company's database-informally known as the
"right to be forgotten." That approach is fervently opposed by
companies dependent on Internet advertising.
Q. Is there likely to be new privacy legislation in the United
States?
A. The year 2011 saw a flurry of activity on Capitol Hill as
U.S. lawmakers introduced a handful of do-not-track bills with
even the Obama White House calling for a "privacy bill of
rights."
Leading the charge on do-not-track legislation are the
unlikely pair of Reps. Edward J. Markey, a Massachussetts
Democrat, and Joseph Barton, a Republican from Texas, who have
jointly led a "Bipartisan Congressional Privacy Caucus."
Still, with half a dozen privacy laws meandering through
Congress, most observers expect it could take a long time before
any are passed-and not before they are significantly watered
down in the legislative process.