HomeBlogAbout UsWorkContentContact Us

The comments in this post are my own personal opinions. They do not necessarily represent the opinions of my past, present (or future) employers.

Privacy is dead. Long live Trust!

I’ve been thinking a lot about privacy lately. It’s been in the news, and I’ve just come back from a privacy conference. I’ve been involved in the privacy industry for close to a couple of decades now (including over a dozen years at Microsoft, as a privacy champion), and hold a CIPP qualification from the IAPP, so feel qualified to comment on this subject.

Focussing on privacy, is focussing on the wrong thing.

You can’t put the genie back into the bottle

Whilst it might sound a little controversial, I think there’s been a bit of an overreaction on the issue of privacy. Gosh Nick, how can you say that, you, an ambassador of privacy? Well, the truth is we are now living in a hyper-connected society. Different rules (and expectations) should apply.

You can’t harness decades old rules and expectations to modern society.

Whilst put incredibly undiplomatically, the hyperbole of Scott McNealy “You have zero privacy, get over it!” has a lot of truth. Our expectations need to adapt to reflect how information moves.

Two hundred years ago, photography was invented:

“Please don’t take my picture, you’ll steal my soul”

As crazy as it sounds, that’s partially true. Part of your soul is captured in a photograph. It’s not stolen, it’s just frozen for all time.

At the time you could understand people’s concerns and fear over this witchcraft. It was scary technology. For countless millennia previously, people had been able to come and go as they pleased, leaving nothing but their shadows and their memories, then wham, there was a device that captured any moment for all time. No longer were you able to say “I was never there”, or “I’ve never met him”, or “it’s his word against mine”. Now there was the concept of photographic proof. Damn you George Eastman you are the devil!

The camera was the beginning of the end of privacy in the modern world.

You can't un-invent the camera. You can't un-invent the internet.

With early cameras, sure, there were often only a limited number of copies of any image, but thanks to Guttenberg and the printing press, it didn’t really matter; one is all that is needed. If your photograph was taken, even if you didn’t want it taken, well there is not much you could do about it. If someone wanted to share this snapshot of time, they were more than able.

In the early days, publishers and printers had vastly asymmetric powers. As an individual you had little-to-no negotiating power to refute, rebut or repudiate, hence the quote “Don’t pick fights with people who buy ink by the barrel”. These days, with the power of the internet, social networks and connectivity, everyone has the power to make even their tiny voice scream.

Progress has benefits. Today, anyone can publish to the World!

Fast forward to this century and the proliferation of digital cameras, and now the ubiquity of smart phones (the vast majority of which have two cameras!), and web cams, and security cameras. Unless you live in the Antarctic, it’s practically impossible to go through a day without multiple images of you being captured (most of which you are oblivious to).

At the conference there were people on stage demanding the “right to be forgotten”. It’s a nice Utopian dream, but being realistic, it’s impossible. Paradoxically, the people who were onstage pitching this concept were being videod and photographed by at least a dozen people. I’m sure many of the photographers uploaded the images taken to facebook and tagged the speakers with their names.

Sure the speaker could make a request to facebook (or use tools) to be untagged and ‘forgotten’, but what happens when someone re-uploads that image (or a different image) the next day?

Ironically, does the speaker have to be remembered by facebook in order to be forgotten by facebook ?!?!

Also, what happens if the uploader doesn’t tag the image with the speaker’s name, but still uploads the photo?

Everyone who views the image can see it’s the speaker (many will know his name even without the tag), everyone can see what he’s saying and doing, everyone can see who he is shaking hands with, who he is on stage with, maybe who he is laughing about. If there is video, they can hear what he says, and how he acts.

Is his privacy protected by his right to remove the tag of his name? If he does not know that he is tagged, will he be any the wiser?

How many photographs of you are there on the internet that you have no concept even exist?

Privacy Policies

Another big conversation topic at the conference was the (farce of) privacy policy statements (or data use disclosures as they are now sometimes being referred to). Everyone jokes about how crazy it is that they are dozens of pages long, and that nobody ever reads them. Do you read them?

“They should be short, easy to read, and easy to understand”, the privacy advocates demand!

I’ll let you into a secret: I’m sure companies would love to write short privacy policy statements. But that’s adjusting things for the wrong audience. The privacy policy is not written for the end user!

You see, a privacy policy statement is written by a lawyer, to defend the company against other lawyers. It’s a binding agreement; In a privacy policy, you are making a declaration of what you collect, and how you use it. If you don’t make the statement accurate you get into serious trouble. They are written as they are to help protect a company from being sued.

Companies employ clever people. They employ word-smiths, and marketers, and designers and people with degrees in communication. These people write compelling adverts, users manuals and press releases. If given the task, I'm sure these people could craft privacy policies that enumerate the uses of data and be written in a compact way that an educated 13 year old could comprehend.

They could probably even turn them into catchy jingles!

The problem is, however, because of their simplicity, these compact policies would be written as the spirit of the law, not the letter of the law and could be pushed over by any competent opposing council with a proverbial feather. They would offer no protection to the company.

I love to say otherwise, but that’s the reason privacy policies are so long and cumbersome. If you wrote a simple, easy-to-digest policy, by its simplicity, it would not capture the subtle nuances, edge cases and loop holes that other lawyers would exploit to sue you. And, if you wrote two (one understandable by people and one by lawyers), well, what is the point of that? Some progress has been made in the adoption of a “layered approach”, but at the end of the day, a legal contract has to be technical and complete.

So what to do?

Privacy is the wrong description of the problem. What companies should worry about is Trust.

Trust is measured by perception, behavior and the (lack of) surprises.

If you ask people if they trust a company, they will often be able to give you an answer right away. “Tell me, do you trust American Express?” (or whoever) “Yes, I do.”

If you ask them “Why do you trust American Express?” I think it’s pretty fair to say the answer will not be “Well, I read their privacy policy statement from cover to cover and I agree with the trade-off of utility I get for providing my data. I found their description of fair information privacy practices detailed and descriptive, and I fully understand how they will collect, store, use, share and destroy the various categories of sensitive, personal, financial, pseudonymous and anonymous data they collect about me. Overall I trust them.”

Instead, you might get answers like “They have not done anything wrong so far” or “I’ve heard no bad stories in the press or from my friends” or “They seem very responsive and helpful over email/Twitter/facebook/phone to my questions”, or simply “I just trust them” or “They treat my data with respect” and “They seem like an ethical company”.

“You are judged on how you behave, not how you tell me you will behave”

Trust is based on reputation and perception (and personal experience).

Trust is nebulous, hard to define, but like so many things “You know it when you experience it” or more strictly, “You know it when it is breached”. Like I keep telling my kids; You are judged on how you behave, not how you tell me you will behave.


Successful companies will be successful by building trust. They will build trust, not through telling people they are trustworthy in some privacy statement, but by actually doing things that build trust.

How do you build trust? I’ve hinted about this already, but there are three things you can do to earn (or lose) my trust:


No surprises is a key to building trust. The first time I used LinkedIn, it freaked me out a little. What I did not know was, if I was logged in and navigated over to the profile of someone else, that person received notification I had viewed their profile! I had no idea that was going to happen! It was a surprise! They lost my trust, and I’m still wary to use their site. In addition to surprise, they did not give me good notice about what would happen, nor give me a choice to accept this (maybe they did – if they did, it was certainly not in a clear, conspicuous and obvious manner), so I had no control.

Even if something is done legally, if it is creepy, it is creepy. Companies should wake up and understand this. Creepy is bad for trust. Creepy is bad for business.

The average user of the web does not know what an ad-network is, nor what it does. They are unaware of cross-domain sharing of information. If they visit one site and search for a pair of pants, it’s creepy to see adverts for the same pair of pants five days later on a totally different site. This is a surprise. They were not expecting that to happen.

Surprise erodes trust. (They also push most of the blame onto the collector of the data and ding that site, not the consumer of the data, the ad-network and the sites served by that).

We’re starting to see slow progress on this front as some targeted adverts are now support logos and phrases about “Why am I seeing this advert?” It’s no longer a mystery, and this should help attenuate some of the issues about the surprise.

I'm all for transparency in advertising. People should have the option to know why they see what they see.

Value proposition!

Giving up data is a trade. It should be a fair balance. You give up something and you get something in return. This is all about transparency. People want to give data if it helps them, but they want understand what they are getting from it (or what they lose).

“Tell me your birthday, and we’ll send you a 20% gift card on that day to help you celebrate.” The value proposition here is clear; yes, you're giving up my birthday, but you're getting something in return. Each person can decide if they accept the terms of the contract. Different people will have their own comfort levels, that's fine. You've explained the trade, and they can accept or decline. Some guidelines here:


As mentioned above, this is part of the value proposition. It’s about notice and choice. I only want to provide data if I am comfortable with the contract.

I’ve heard different estimates from different people, but some claim over 20% of people might be using cookie blocking technology because they don’t feel they have control of their data (Of course, the sad thing is that this is become less important because browser finger printing technology is getting mature enough to allow pretty targeted identification without the need for cookies - cookie blocking is giving the illusion of privacy).

Control can also mean control after I’ve provided data to you. Do I have to right/option to adjust how it is used later?

Bark worse than its bite?

Back to the controversy …

I think the media might be guilty of inflating certain aspects of privacy. There's a confusing co-mingling of privacy issues with security breaches.

Security I can understand the obsession and concern about; data breaches are bad. I’d be very unhappy with a company that lost my data. If that happens, I’ve lost control of my data (see above). You can’t have privacy without security (though you can the other way around).

If you ask someone if they are concerned about online privacy, of course they are going to say “yes!” Who is going to say “no”? It’s like asking someone if they don’t want to breathe. What possible reason is there for not wanting to have your personal data kept securely?

But put it into context, just a few years ago, everyone’s name, address and telephone number were printed in giant directories printed by the tens of thousands and left in public phone boxes around the country. They were free for anyone to read, scan and use. But today, if this same information is breached from an online database, it’s headline news and scandalous.

Some data is sensitive (There is no argument that sexual or political preference is delicate and disclosure/exposure, without consent, of these data could cause harm). Similar for financial data and medical data. But what about shoe size, or favorite color? (I’m sure if you thought hard enough it might be possible to engineer a scenario where a breach of shoe size could possibly be maligned to cause of problem, but it would be pretty contrived).


It’s human nature to go “Shields up” when someone asks you a question out of the blue (with no context) for any kind of information.

Imagine if a random stranger stopped you in the street and said “Tell me you shoe size please”. I bet a typical response to a scenario like that would be “@#%$ off!” (or the polite people would ignore or say “No thanks” or “Why do you want to know?”)

At the conference there was an excellent presentation by a couple of ladies from a company called Creative with Context. Part of their presentation was presenting data about surveys they undertook about shoppers. People, when questioned, would not give up their home address, but when asked if they would give up their home address for a 50% discount on a gallon on milk !?!?, over 40% of the people said yes!

This certainly puts a value on that piece of personal information!

In the same study they asked people who had apps on their smartphones if they had ever read the Privacy Policy/Terms for their apps. Everyone said “no” and/or joked about it and how they just pressed “I accept” without reading. Then they made these users sit down and physically read the privacy policy statements. Of course, this freaked them out, and when questioned afterwards there were a lot of “oh my god” style comments, and “I had no idea”, and “it says they can do this with my data, I don’t want that” … Many people then said they were going to uninstall the apps in light of this new revelation …

However, when they called these people back in a couple of months later, for a follow up, less than 2% of these people had uninstalled the app. People said they were outraged by the privacy policies, but at the end of the day, did not really care that much.

More complex

Trust gets a little more challenging with it comes to behavioral, implied and derived data. If I complete a web form and submit data, it’s clear what I have provided. If a site makes a transparent statement of what it will do with this data, it’s implied that when I hit submit, I agree to the contract.

It’s less clear when a site has been monitoring what I’ve been doing and stored this data without any ‘direct’ input from me. It’s even less clear if it derived data about me: “You are a good credit risk”/”You are a poor credit risk” based on my inputs. I’m not saying a site needs to disclose the secret working of the credit ranking algorithm, but if it wants to build my trust it could explain “You’ve been turned down from your loan because your credit score is below 450”.

Privacy is dead. Long live Trust!

I would like to believe that, in the free market, ultimately trust will win out. Companies that build trust (doing the right things, giving no surprises, giving notice, choice and control) will earn business. Companies that abuse trust, I hope, will either change, or asphyxiate.

Focusing on trying to tell people you are trustworthy is a waste of time. Trustworthy is what trustworthy does.

Trustworthy is what trustworthy does

You can find a complete list of all the articles here.      Click here to receive email alerts on new articles.

© 2009-2013 DataGenetics    Privacy Policy