2010 -- A Low Water Mark for Internet Privacy

There were several important controversies around Internet privacy in 2010, including these involving Internet giants Google and Facebook:

• in February, Google's forced retreat from the default setting of Google Buzz that made Gmail address books into public contact lists;
• in May, Facebook's introduction of simplified privacy settings, as part of a forced retreat from an effort to broaden its usage of user data (including making friend lists effectively public); and
• also in May, the discovery that Google had gathered a variety of data from home WiFi networks as part of its Street View project, leading to ongoing controversy for the rest of the year.

It has become clear that these events and this year represent a low water mark for Internet privacy.  It is increasingly difficult for major companies to take such actions with such blatant disregard for privacy.  The above actions failed this year, and similar actions will fail in the future.

Sure, there will be major controversies in the future over use of personal data, and technologies that threaten privacy will become increasingly sophisticated.  But serious players in the online economy are facing clear and increasing pressure to think carefully about handling data in ways that taking privacy into account.  Probably the most substantial reason is pressures from government.  Enforcement of the EU data protection law is becoming increasingly aggressive; and even in the United States, which has shied away from broad privacy regulation, the Department of Commerce has just proposed a Privacy Bill of Rights.

This does not mean that our personal data will become safe from abuse.  Indeed, considering privacy in the traditional paradigm of secrecy and confidentiality, the reality is likely to remain, in the prescient words of Scott McNealy of Sun in 1999: "You have zero privacy anyway.  Get over it."  And wide availability of personal data, combined with Internet technologies and evolving business models, can also have significant benefits for individuals.  

In this environment, rather than rules preventing the spread of personal data, we will instead see a rising tide of increasingly strict rules about how widely dispersed personal data may be used.  It is highly unlikely that this rising tide will in our lifetimes subside to the low water mark of 2010.