Millions of customers of some of the biggest businesses in the U.S. recently got a wake-up call when they were notified that a data breach at a large e-mail marketing firm had exposed customer names and e-mail addresses. The attack left the affected consumers vulnerable to spam-based scams known as spear phishing, in which cybercrooks use personalized e-mails to con you into sending money or divulging financial information.
But the incident also made people think about how much of their personal information is whizzing around in cyberspace, totally beyond their control. The effect was to intensify an ongoing debate about how to balance Web users' privacy against the demands of a gigantic Internet economy with a voracious appetite for personal data.
At issue is targeted advertising, also known as interactive or behavioral marketing. That's how you get ads for portrait studios when you type "photography" into a search engine, coupons for Cheerios when you buy cornflakes at the grocery -- or even a coupon on your smart phone as you are standing in line at a store. Such ads can help you find products or services that fit your needs or preferences.
But all that convenience comes at a price: snippets of data garnered on Web sites and social networks, collected, shared and aggregated into giant dossiers. Online marketers and data brokers know where you've been (both online and, via GPS-enabled mobile apps, in the real world) and what your interests are -- even if they can't identify you by name. They can predict how much someone is willing to spend and may offer products at various prices, depending on buyers' profiles. You may like ads that sync with your interests and conclude that being able to surf ad-supported content free is worth the trade-off. Or you may just find it creepy.
The problem is that most people are in the dark about how -- and how much -- personal data is being used and how often it's shared with third parties. The data collection itself is invisible.
Not all companies disclose their practices. When companies do, their privacy policies are often long and incomprehensible. And changes are tough to keep up with, says Alessandro Acquisti, professor of information technology and public policy at Carnegie Mellon University. "Technology improves so quickly, by the time consumers understand one issue, there's a new one to worry about."
Regulators, Internet companies and advertisers themselves are starting to "get" that privacy is a big deal. A new bill in Congress outlines rules for collecting consumer data, keeping it secure and sharing it. Noticeably absent, at least from the first version of the bill: a Do Not Track tool, like the one proposed by the Federal Trade Commission for Internet browsers, which would signal preferences about tracking and targeted ads to Web pages you visit. Microsoft's Explorer and Mozilla's Firefox already have their own versions, and Google's Chrome will soon follow. Meanwhile, online advertisers are starting to place icons on Web ads that show surfers when they're being tracked and allow them to opt out.