Ok… I know I am a bit late to the party with this, but it’s been a busy week. Give me a break and let me get my jabs in…
“If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place. If you really need that kind of privacy, the reality is that search engines –including Google –do retain this information for some time and it’s important, for example, that we are all subject in the United States to the Patriot Act and it is possible that all that information could be made available to the authorities.”
Supporters of the statement above always point out that if you are doing something that requires privacy, it’s probably something you should not be doing. Numerous commentators have already pointed out the logical fallacy that this statement fails to take into consideration:
The problem with that point of view is that it assumes you can only be concerned about privacy when you are doing something illegal or unethical.
What about when you search for something deeply personal, such as symptoms of certain types of cancer, or the effects of drugs you are currently taking? What if health insurance companies were somehow able to obtain this information. Not because Google decided to give it to them, but because some nefarious organization obtained access to the data and offered to sell it for a premium. Do we honestly think the insurance company is going to do the right thing here, or do you think they are going to do what is best for their bottom line?
Putting aside for a second the sheer unpopularity of the Schmidt statement from end-users and privacy advocates everywhere, this really underscores the hubris of companies that think they just need to keep every last bit of information regarding their customers in the hopes that it will someday become useful. Do they not understand how this puts countless people at risk under the law? Currently if you have the data, and it is subpoenaed you have fork it over. Suddenly a hobbyist looking for materials to fuel his sons toy rocket is an enemy of the state for his potentially threatening searches. Of course this is an extreme example, but why take the risk?
Why not just tier the data? After an personally identifiable artifact is obtained add that object to an anonymous and sanitized demographic data set and then assign the demographic block to that particular user account. At least with this method you still accomplish some of your targeted advertising goals while still providing a level of privacy for individual users.
Unfortunately, yes anything you do on the Internet is captured and indexed somewhere. And yes, it personally identifies you, and yes if someone really wants to get at that data, they can. It’s time for the world to wake up, realize this and take action. Companies will only do the thing that will make them profitable. If capturing personal information suddenly makes them less profitable than purging it, they’ll stop. You can figure it out from here.
[Note: I don't even want to get into the legally mandated privacy violations we experience every day. That is something that can only be corrected at the ballot booth.]