July 25, 2005

I guess I just don't understand Privacy

Michael Geist, law professor, columnist, and proclaimed guru of all things Internet, has weighed in on the Canadian Privacy Commissioner's recent finding that inclusion of marketing materials in a statement to a client/customer constitutes "secondary marketing" and is a privacy breach. The client/customer must have the ability to opt-out from receiving the intrusive extra paper. The Toronto Star column, the link to which will likely disappear soon, is at: Building privacy culture from the ground up.

I understand the all-permeating opt-out zeitgeist. It stands in accord with the basic citizen's -- or even human -- right and freedom to choose whether, how, and when anyone -- not exclusively, but especially commercial businesses -- may communicate with an individual. It is a wickedly individualistic imperative that in many instances allows for and encourages an individual to extricate herself from the group (the market, the customer base, the social network, etc.). But that's another matter. Suffice it to say that the Commissioner's decree that opt-out is required makes sense within the environment of the day.

What makes less sense is what comes of that foundational premise. First, the Commissioner and Geist take the position that these "secondary marketing" materials are an unauthorized use of customers' personal information. Interesting. With reference to the online practice of ensuring opt-out from mailings of "other interesting and valuable information from associated companies," I see the consistency. I, a customer, did not specifically allow you, the business, to send me any information beyond that which relates directly to the service you are providing. OK. But what does that have to do with privacy?

The bank under scrutiny notes that it bulk mails such enclosures to all its customers with their regular statements. The mailings are apparently not individuated and personalized by customer. Moreover, the envelope is a means to convey an essential element in the provision of the service: the statement. That it also affords a fabulous, paid channel to the individual for added messaging is a bonus not especially different than having sponsor's signs painted on hockey rink boards, commercials on television, ads in magazines, or . . . Yes, no doubt, the paper that is received inside the envelope, inside my house, is much more insidiously annoying and difficult to block out like those other ads. Yes, they are inside my house and therefore have breached my territory (without my desire or approval). All true. So what?

If the material was sent, albeit directly addressed to an individual because of the statement that had to be provided as an essential aspect of the service for which the customer "opted-in," without any regard for who specifically it was being sent to, without any delimitation on the individual target's profile beyond being a member of a particular group (the bank's customer), without personalization or customization that would render it a more potent and effective solicitation, what's the harm? That it was addressed to a person by name? Secondary marketing materials are ever so slightly more of a nuisance than primary marketing materials. But unless the bank -- in this case -- provides the means for follow up by the marketer (a phone number or the address of the customer so that the secondary marketer can pursue a solicitation), given that the customer was not selected for personalized communication based on personal data and information, it is only a nuisance. To deem it to be an invasion of one's privacy stretches the bounds of what constitutes privacy of information.

Let's presume that the bank: merely included an item of marketing material inside the envelope to its customer; neither customized the targeting (i.e., everyone got the same paper) nor divulged the name, address, or other information about any customer to the secondary marketer that paid for the medium (i.e., the space in the envelope). If so, there was no solicitation made based on uniquely identifying personal information nor was the personal information distributed to any other party. Nothing was taken from the customer but a little bit of effort to sift through yet ignore the envelope clutter. How is this an invasion of privacy?

To be an invasion of one's privacy presumes that all communication and contact with a person has to be approved by the recipient. The logical extent of this is that there can be no communication because the initial mover is prevented from moving. That logical extent is, of course, ridiculous. But what it does present is bold relief of the inherently unworkable nature of a "privacy culture" that extends the definition of privacy in this excessive, individual-centric way.

Instead, it may be of greater long term value to restrict the definition of "privacy" to the inhibiting of any activity: that distributes or makes use of personal information to customize and personalize solicitation/communication; that distributes without the subject's approval any of that subject's personal and personally identifying information; that uses access to a subject and that subject's personal information to take away from the subject additional knowledge of it or other such of its intangible property(ies). That would be consistent with an invasion of privacy whereby somebody learns/sees/hears something that they shouldn't; somebody accesses something that is protected.

I can't stop people from yelling at me, but I can stop listening. I can't stop people from looking at me, but I can draw the blinds. I can't stop people from eavesdropping on my conversations, but I can hold those conversations out of their earshot. It makes little difference if I get more junk mail -- even inside my mail -- because I can ignore it.

Posted by Grayson at July 25, 2005 12:35 PM

Your blog intrigues me. I suppose if people want complete privacy, they can live in caves, cut off from the rest of the world.

My full response is in my blog today:


Posted by: Mark Dixon at August 2, 2005 10:14 AM

I don't have my own blog yet so will provide my full comments here :-)

I read this entry with interest as the question of privacy and individual rights is one I am struggling with at the moment.

It seems to be a question as to whether the individual has the ability to stop the "invasion of privacy". In your example, you can stop the people who yell at you from entering your house or ask them to leave if they are alredy in the house (except for your family :-)

I think the key is that I need to be able to inform the bank that I do not want to receive the "junk mail" and expect it to stop (in the same way that I check the box when I register for some online service). This is what prompted the "Do Not Call" list, maybe we need a "Do Not Mail" list as well.

Posted by: Mark O'Neill at August 2, 2005 10:54 AM

Excellent feedback. There is no doubt that part of the issue here rests on the ability to stop the adultrating paper from getting in: the opt-out provision. That appears to be the crux of a lot of what's going on here, as pointed out to me in an email from Murray Long, a privacy consultant in Ottawa, which I've posted to the blog today (2/08/05)

Posted by: TRDG at August 2, 2005 12:34 PM