 |
     |
|
|
If you participate in a social group (like an "identity" or "privacy" community) which is having, wishes to have, occasionally has, or would have if given half the chance -- a conversation, is it an invasion of my privacy to be contacted by any one of the other members? I don't think so, even if that membership extends to a "market" in this crazy, consumerist world. Having said that, it would be nice to put everyone at arm's length once in a while. So who's responsibility is that?
Anyway, I got an email in response to an earlier post about the subject of privacy (I guess I just don't understand privacy): a butterfly-wing set of a post here on the other side of the world that has started something of a hurricane (or at least a stiff breeze) on the other side of the world based on the commentary and linked blog posts going up here, here, here, here, here, here, and here at least. (All of which is having a dark impact on my attempts to keep bandwidth on my blog's server down. . . .) It came from a privacy consultant in Ottawa, Murray Long. I've posted it in its entirety below because (a) he said I could and (b) it adds to the discussion. Before leaving you to Murray's text, I need to say that it still is troubling that issues and terms are being used interchangably when they shouldn't. Moreover, as I posted as a follow up to the original (I still don't understand privacy, but maybe it's a language barrier), the entire vocabulary matter will not go away by turning away from it. Anyway . . .
Hi TimothyI am responding to an item which I noticed in ISPI clips with the following heading:
This From: RecrusiveProgress, July 26, 2005
I guess I just don't understand PrivacyTim Grayson
July 25, 2005I get your point. In the privacy community, we have interchanged the word "privacy" with "protection of personal information" because it's an easier term to use, but as you point out, opting out of secondary marketing has little to do with a normative view of what "privacy" really is.
In the context of fair information principles, identification of purposes and consent are paramount requirements. As per Alan Westin's modern definition of
privacy in the information age, privacy in dealing with corporations is "the ability
to determine for ourselves when, how, and to what extent information about us is
communicated to others."The CSA Model Code for the Protection of Personal Information takes this a step
further provides the ability to control when, how and to what extent information of any type is communicated to us."In the context of PIPEDA (the federal Personal Information Protection and Electronic Documents act), corporations must explain purposes and seek consent before collecting, using or disclosing our personal information for any purpose.
In the case of low-level and non-sensitive uses of personal information (for example billing stuffers), implied consent is adequate - which can be construed as the right to opt-out. In the case of the bank that was the subject of the complaint that led to Michael Geist's article, this bank did not provide any such opt-out and argued that no personal information was ever used to send out the billing stuffers, as the bank machinery inserted the same information into every statement sent out, and did not in any way personalize the stuffers.
The fact that two other banks surveyed by the Privacy Commissioner's Office did
permit opting out of secondary marketing stuffers was enough to persuade the
Commissioner that this bank should also offer an opt-out. Of course, the
Commissioner first had to make a determination that personal information had indeed been used.You could argue that, if only the mailing address was used, this information, while personal, also qualified for use without consent under PIPEDA if it was a publicly available address (i.e. in the phone book). However, as a lot of listings are not in the book, this logic would not have applied to all customers and, realistically speaking, the bank was better off to cave-in on such arguments, accept the position taken by other banks and figure out a way to segment its statement mailing runs to satisfy opt-out customers.
In the bigger scheme of things, it is a picayune privacy victory. Yes, privacy
purists get the right to pot out of unwanted secondary mailings. They will still
get some stuffers with their bank statements as banks are required by law to send out some types of financial notifications. However, the secondary, third party stuff will all disappear.If only one to two percent of customers chose to opt out, it's not a big problem for marketers (although an added cost to the bank that may be borne by other customers - this is one of the interesting economic issues about privacy: with the market default position being we will send you information unless you opt out and with the cost of opting out, therefore, not built into the economic model, it is those people who don't care as much about privacy who bear the costs - which inevitably must be passed along somehow - of protecting the privacy rights of others. The social value placed on the preservation of human rights, however, makes it difficult to raise such issues. It would be like 100 motorists trying to argue that the sole pedestrian using a crosswalk should have to pay to have it installed.
If a lot of customers opt out, then marketers will simply find other - and more
intrusive ways - to reach customers. For example, householder mailings which do not use any personal information, while far less effective than bank-screened secondary mailings, might increase - adding to everyone's junk mail. Marketers might also turn to more telemarketing, etc. (although new legislation might curb this).I tend to agree with you that tis is a very insignificant privacy issue. However,
the right to refuse such secondary marketing is provided under PIPEDA and, to the extent that people complain about such issues, privacy commissioners are forced to make rulings accordingly.Murray Long