Infomediaries and Negotiated privacy

By Mark Hissink Muller

Many people came to the parallel-session on "Infomediaries and Negotiated Privacy" to hear about these initiatives to help the consumer to get a grip on his or her privacy. Moderator Jason Catlett indicated the topics would be addressed one at a time starting with infomediaries.

An infomediary is probably best described as a broker for consumer information. Currently a lot of money is made by certain companies selling people's personal information. Infomediaries are founded on the idea to give consumers a possibility to financially benefit from their personal information being available to third parties.

Many consumers won't have the time to extensively surf the net to find the best deal for a product they're looking for. Infomediaries think people are interested having that done for them. Some consumers may be interested when their privacy is well protected.

Jason Catlett started by asking the panel whether the rise of the infomediary is a good thing for privacy. Privacy advocate Beth Givens stated that the key-issue is trust and she made a few critical remarks. She stated that is not a good idea to trust a company with so many personal information because companies are just not stable enough and tend to change their policies. In a rapidly changing environment it's not possible to predict how a company will still handle in your specific interest in a few years. Criticaster Alexander Dix added to the discussion that the business model of the infomediary is not economically viable just guarding consumer's personal information and that sooner or later they would have to resort to selling secondary information to "untrusted" third parties. As they would start combining online and offline information consumer privacy would even diminish. Although he did like the idea of the infomediary in theory he said there are just too many practical problems.

After that the floor was given to the representatives of various companies that more or less could be seen as infomediary . First Steve Lucas from Privaseek told that their company was founded two years ago with the vision of giving consumers the ability to "own" their personal information. Steve tried to take away the privacy advocate's fear by stating that Privaceek allows consumers to access and control that they put in the database. Apart from that Privaceek also maintains a very strict policy to which companies they share data with. Their partners are audited and bound to strict regulations.

AllAdvantage's representative Ray Everett-Church explained that their business model differs in some ways. First of all AllAdvantage does not trust 3rd parties to utilize customer information. Because their partners have no direct access to the information they are not able to use the customer information. Second of all AllAdvantage uses a viewbar to interact with customers, so they are also able to turn the viewbar off when they do not want their browsing to be monitored. Ray Everett-Church declared that when a customer wants to quit membership all entries are deleted.

Paul Perry with from Microsoft Corporation explained their Passport technology enables a user to logon just once per session after which a consumer would not have to type a password when visiting a website that uses Passport-technology. Paul stated that the information given to the website that is visited is very limited and as such Passport is not an infomediary, but more like a mega-service to the consumer. He stated Passport is a prerequisite for infomediaries.

Members of the panel indicated that infomediaries would not make legislation unnecessary. As Ray Everett-Church put it; "legislation is necessary for creating a playing field on equal footing from which infomediaries can deliver". Alexander Dix added that right now infomediaries policy is aimed at collecting as much information as possible, whereas the policy should be aimed at minimizing data collection.

Platform for Privacy Preferences (P3P)

P3P is a technology that enables the user to exercise control over their personal privacy policy. This could be implemented by sounding an alarm bell when a company's privacy practice differs from a consumers preference. When surfing the web today there is just the SSL-icon to indicate a secure connection. There is no indication of a website's privacy-statement whatsoever. P3P is to be a framework that makes just this possible.

P3P has been heralded as the savior for privacy. Industry used it to say: "We don't need legislation, we've got P3P". Alexander Dix does applaud the goal of P3P, but stated that the society-neutral framework would have to be filled for every country by law. "P3P technology is a tool, it's necessary but not sufficient". Jason criticized that P3P assumes that companies use a specific policy, but that in fact their actual policy can differ from the P3P-setting.

Main criticism on P3P was that nothing has been delivered to date and it was the question whether companies would be interested in adopting the technology. Is there an incentive? Ray indicated that companies are not likely to install a technology that limits the user friendliness of their website. You need carrots if you want to encourage companies to adopt, sticks are not going to work...

Beth added to this that she's happy with P3P, but really people must be educated to acknowledge the value of privacy. "That's why I'm so very happy with CFP2000."