Consumer 11.0: On the Web, 'privacy policies' often a misnomer

Shopping online recently for life insurance gave me a disturbing window into websites' "privacy policies," as they are quaintly called, and drove me back for now to a traditional, off-line agent.

The widely touted website where I started seemed to have modest plans for any data I entered. Essentially, it promised to use my personal information only to provide quotes or other product pitches, send me surveys, answer my requests, or offer me information "on products and services offered by our select business partners."

But when I read the privacy policy of one of those partners, I realized I was entering tricky territory. To get an offer, I'd undoubtedly have to enter a wealth of personal information: not just basics such as my age, height, and weight, but every detail of my personal and family medical history.

And what might that insurer do with my data? Its privacy policy was even more misnamed. It retained the right to lease or sell my data to anybody it wanted. Did I mention that this was all just to get a price quote?

The label "data privacy" is broad, deep, and, let's face it, often snooze inducing. It's one of those subjects many of us say we care about in the abstract, but we don't dwell on the details until we discover a disturbing breach - anything from identity theft to a marketing pitch that suggests uncomfortably personal knowledge about us.

"Location services" are the latest hot-button privacy issue, a concern demonstrated again last week when the Senate Commerce Committee questioned officials from Apple Inc., Google Inc., and Facebook Inc. about their privacy practices.

Tech experts made headlines recently when they reported that Apple's iPhone retained a data file that could, in theory, draw a detailed map of everywhere an iPhone user has been - a potentially valuable tool for, say, divorce lawyers or mistrustful bosses.

Apple is addressing the problem. Meanwhile, it and the burgeoning app industry have insisted that there is nothing nefarious about the iPhone's capabilities or location services in general, a point vice president Catherine A. Novelli repeated Thursday.

"Apple does not track users' locations," she told the committee. "Apple has never done so and does not plan to do so."

The committee heard similar assurance from Google, which makes the software for Android smartphones.

Google's Alan Davidson said the company doesn't collect any location information from Android users "unless the user specifically chooses to share this information with Google." Even then, he says, information is held anonymously - "not tied or traceable to a specific user."

More to the point, Davidson, Novelli, and other witnesses insisted to a frequently receptive panel, was what location services could do for consumers.

Real-time traffic warnings. Directions to the nearest gas station, mailbox, or all-night pharmacy. "Mobile services may soon be able to warn people in the event of a tornado or a tsunami and guide them to a safer location," Davidson said.

Congress and the Federal Trade Commission have turned a spotlight on data-privacy issues, and both are plainly struggling to achieve the right balance. Too much interference, and they worry they'll harm one of the few jet engines of an otherwise lumbering economy. Too little oversight, and - well, what?

It's not always clear what we lose when we give up so much private information - perhaps one reason we're often willing to do so for something as meaningless as the chance to play a free Internet game or get a $5 coupon, according to the University of Pennsylvania's Joseph Turow.

Turow, a professor at the Annenberg School for Communication, has been studying data-privacy issues for more than a decade and looking at the juncture of media and marketing for his entire career. He is concerned about some of the long-term trends he sees - especially the growing power of often-obscure companies that collect, aggregate, and market the flood of data that the Internet has unleashed.

"People know they're being tracked. But they don't understand the sophisticated nature of this - they don't understand how hundreds of data points about them are being combined," Turow told me last week.

He says the problem isn't the individual data point - where your phone is at a particular moment, or what magazine you read or restaurant you book online. It's the sum of all the data - and what it can predict - that is so valuable to marketers.

What worries Turow is that people will be increasingly pigeonholed - not just in the commercial pitches they see, but in the journalism and noncommercial information that is directed their way. That's where the market seems to be headed, he says, because of the commercial value of online profiles that can be linked to particular computers, tablets, or smartphones and, in some cases, to identifiable people.

In a new book due out this fall from Yale University Press, The Daily You, Turow builds on what the Massachusetts Institute of Technology's Nicholas Negroponte once called "The Daily Me," but sees a downside that Negroponte largely overlooked.

"The concern is that sophisticated data will be used to separate us out. You don't know how advertisers are constructing you. They're building pictures of you, and you have no clue," Turow says. "We're talking about making up stories about people in ways they may not like."

Is there a way to stem the tide? One of Turow's main hopes is that people become more guarded about what personal information they give up in return for digital trinkets - that they come to recognize its inherent value.

I especially like another proposal he offers: That the term privacy policy be junked.

Turow's own studies have repeatedly shown that six in 10 people believe that the mere presence of a privacy policy means, "Your information is protected."

"The words privacy policy on a website seem to get Americans thinking that the company cares about their privacy," he says.

If we've learned anything from the endless tide of privacy breaches, it's that the opposite is pretty much true.