'I made a mistake.' With those words Kevin O'Connor, founder and CEO of DoubleClick, the net's biggest supplier of advertising banners, attempted to reclaim his company's good standing. DoubleClick's 'mistake' was its plans to match anonymous data collected from web visitors with personal data collected offline. This delighted Wall Street and appalled 'privacy advocates'.
One issue is becoming clear: consumers are just beginning to understand how information can follow them from web site to web site. And this brings up another issue: how much privacy is the individual entitled to in the internet era? Privacy used to be achieved through the sheer 'friction' of everyday life: distance, time and the lack of records. Most people who wanted to escape their past could simply move. Now you can escape your surroundings through the internet, but your actions and words can easily catch up with you.
And it's not just the internet: it's card transactions, vendor databases, and so on. What makes all this information more scary is the growing ability to combine it. Though it's not the use of this information for marketing that most find troubling; it's how someone with an agenda might put the pieces together. DoubleClick said that consumers always had the option to ask to be removed from its database, but that didn't mean much to most people. After hoping the issue would go away, the company last month announced a privacy initiative.
But that wasn't enough. And so O'Connor admitted his mistake and announced: 'Until there is agreement between government and industry on privacy standards, we will not link personally identifiable information to anonymous user activity across web sites.' That sounded like a request for government regulation, as there is in the EU. The irony is that the recent sequence of events illustrates that publicity and disclosure can work in changing corporate behaviour. And ironically, it is a corporation that is requesting straightforward rules.
If consumers want free content on the web, marketers argue, then they should have it - and we should have their data in exchange. In many circumstances, consumers are happy to be 'known' (it's convenient, for example, to have a vendor know your shoe size). So the solution is not to stop progress. It's to put control of the data back in the hands of the individuals who generate it. By and large, that doesn't mean new laws, but rather getting individuals to demand the terms and conditions they have a right to. A comprehensive, flexible approach to personal privacy won't come from a single set of laws or from a single sector of society. It will result from a variety of interacting forces and sectors.
Governments need to enforce statutes against fraud and misrepresentation. Private certification organisations must encourage companies to disclose their data policies - and enforce them. Industry associations can promote data policies among their members. Consumers need to take the trouble to protect themselves. All these interacting forces can help maximise the benefits of a data-rich society while assuring individuals that their personal data is secure.
Esther Dyson chairs Icann, the committee assigning net names worldwide. e-mail: firstname.lastname@example.org.