Putting a Price on Privacy
Technology has advanced exponentially in recent years, but many privacy laws are stuck in the digital Dark Ages. Cars can now keep track of your mileage, the speed at which you drive, the locations to which you travel, who you call, and to whom you send messages. All of this information tells volumes about you—if you went to an abortion clinic, a gun show, a church, or a political rally. And it's stored where people other than you may have access to it.
How, then, is consumers' privacy being protected? The Electronic Communications Privacy Act (ECPA) was enacted in 1986, following a flurry of U.S. Supreme Court decisions, in which the court held that once a person shares information with a third party, the person no longer has an expectation of privacy.
But today, that means that if a driver were to use an on-board communication service to dictate a text message, he would no longer have an expectation of privacy regarding the content of that message. Consumers would be forced to sacrifice the convenience of technology or consent to disclosure of their private information, an untenable choice.
In enacting the ECPA, Congress created a baseline, different from the Supreme Court's, to safeguard personal information because it did not want people to have to choose between using cell phones and maintaining control of their private information. But that was before the proliferation of the Internet, not to mention social networking, smartphones, and location tracking devices.
Many consumers might not realize the high price they're paying for "free" software that can be downloaded to smartphones and tablets. "If you're not paying with money, you're paying with personal information, sometimes with both," says Nicole Ozer, technology and civil liberties policy director at the ACLU of Northern California.
Even with paid services, like the ones that enable users to dictate text messages while driving, people may not be thinking about where the content of their messages is going. Where they go could depend on the privacy policy of the service one uses.
CarWings, available in the Nissan Leaf, has a feature that enables users to receive third-party RSS feeds to their cars. Initially, CarWings transmitted location, destination, and speed information to the RSS provider, information not necessary to provide the feed, but consumers were not happy.
"[We] take consumer concerns very seriously," says Steve Yaeger, technology and motorsports communications manager at Nissan Americas. "[Nissan] responded quickly to stop the transmission [of the data]."
OnStar took a lot of heat after changing its privacy policy in 2011. The company added terms that allowed it to collect and sell private information including the GPS history of the car and the speed(s) at which it was driven. The policy said the data collected is anonymized, although forensic scientist Jonathan Zdziarski says this is impossible.
"It's like [saying] someone's Google Map lookup from [his] home is 'anonymized' because it doesn't have [his] name on it," Zdziarski says on his blog.
Companies, in implementing privacy policies that protect their customers, should:
- Develop a comprehensive, easy to understand policy.
- Collect and store only necessary user information and aggregate the information whenever appropriate.
- Promptly give notice to users about disclosure requests that were made for their information and only disclose information when required.
- Safeguard user data by implementing strong security practices, including encrypting data and collecting and storing data securely.
"If [manufacturers] never hear from their customers, there may be little pressure for them to put privacy protections in place. And it's hard to push for change unless you know how your information is being used," Ozer says.
Consumers should contact companies directly and ask:
- What data is the company collecting?
- How much and for how long is data retained?
- How is the data protected and how might it be used?
- What kind of legal process is in place?
It is possible to enjoy the convenience of new technology while ensuring personal privacy. But, it's a big ship; it takes time to shift direction. Just as it took many years before safety features like seat belts and airbags were required in cars, consumers need to advocate for the change they want to see in privacy policies. Companies would do well to listen.
Robin Springer is an attorney and the president of Computer Talk, Inc. (www.comptalk.com), a consulting firm specializing in the design and implementation of speech recognition and other hands-free technology services. She can be reached at (888) 999-9161 or contactus@comptalk.com.
This column is not intended as legal advice. It is for informational purposes only.