When I first heard of the pii2010 (privacy identity
innovation) conference, I had my concerns. I imagined an endless series of
technical lectures on installing web security. It sounded dreadful.
Because I have certain masochistic tendencies, I spent Wednesday
at the conference, which in fact proved to be a brilliant, human and
thought-provoking discussion of social questions rather than technical architectures, posed
by strikingly intelligent speakers and participants. I loved every minute of it.
One theme that kept arising, much to the chagrin of some participants, was the monetization potential in the privacy space. It’s
largely uncharted and unconquered territory, likely because entrepreneurs view “privacy”
as a frustrating PR hurdle rather than a market. But privacy raises big
questions that require big solutions, and if you’re looking to get into a
market before anyone else notices it’s there, you should be looking at privacy.
Here are four of the hundreds of questions raised at pii, along with the markets
quietly building beneath them. There are plenty more where these came from. Go next year.
The Question: How
are employers expected to use the social web to make hiring decisions?
A recent
Microsoft-sponsored study found that 70% of hiring managers have rejected
candidates based on information they found online about the candidate.
“So they broke the law,” commented a panelist.
But you’d have to be crazy to hire someone
without Googling them or checking their Facebook page. I don’t know a single
woman who will go on a date without first running a Google search. Of course employers
are going to be Googling.
One can argue that this is fair, because when we put
something on Facebook or Twitter or a blog, we’re essentially making a public
speech. But what about the things other people write about us on Twitter and on
blogs, true or not? What about the photos they post and label? What about our
past legal and credit entanglements? What about the false accusations of others? As Michael Fertik
of ReputationDefenders.com noted in his keynote, the media is far better at
covering accusations than eventual acquittals, and Google’s indexing process
reflects this.
In the future, will we expect employers to review social web
data in hiring decisions? Say an elementary school hires a teacher with a clean
legal record and a perverted Twitter feed. If the children are later exposed
to inappropriate material, are the employers liable? Is it going to become an employer’s
duty to review key online aspects of an applicant’s persona?
The Markets: You
can follow this two ways. There is a service like Fertik’s Reputation
Defenders, which assists in both crisis management and preventative measures
for online reputations – a service which has seen phenomenal growth and minimal
competition in recent years. And then there is a service like panelist Peter
Kazanjy’s private-beta Unvarnished (getunvarnished.com), which essentially
serves as a way for users to pseudonymously comment on a person’s work
performance (think glassdoor.com for individuals). Kazanjy swears these pseudonyms
are, behind the scenes, linked to actual identities and tracked for authority,
but the room engaged in mass eye-rolling every time he discussed his product.
While the concept lacked support from this particular
audience (although, in his defense, I thought he made a lot of interesting and
potentially even valid points about the value of more public data than less), the
market for such a service seems imminent. When you think about the
public support for websites like hollaback,
it’s not hard to imagine the next step being something like Unvarnished. You
just have to find a CEO who’s as willing as Kazanjy to toe the party line in
the face of daily public floggings.
The Question:
Does the Children’s Online Privacy Protection Act unfairly force children to
choose between exclusion from the social web and lying about their age?
COPPA, enacted in 1998, details the responsibilities an
operator assumes to protect the privacy and safety of individuals under 13. It
does not expressly prevent these individuals from giving out their personal
information, but the paperwork and potential repercussions of a violation
result in a significant number of web properties (like Facebook) opting to
prohibit the under-13 set from participating. Of course, no one’s checking IDs,
so the kids lie.
This one struck a nerve for me. I have a vivid memory of
being an 11-year-old gymnast, active in a Prodigy bulletin board (old school!) about gymnastics. Without
warning, the board became 13-and-over only, and I was blocked. I ran sobbing to
parents, devastated to have the community I loved pulled out from under me. I
cried until my face was raw. My father changed the age on my account to 13 so I
could participate. But now I was racked with guilt about The Giant Lie. Now I
was being dishonest with the community I loved! At age eleven, the spectrum of
honesty looks very black and white, and I felt like a dark, horrid impostor, a
bona fide Bad Person. I stopped participating entirely, and I changed my age
back to the truth. (A slew of bouncers in my hometown can assure you I had
no such compunctions about veracity by age eighteen.)
Nearly twenty years later, I still have a visceral response
to that memory. It’s something I was pleased to see addressed at pii from the
perspective of children’s rights. The social web is ubiquitous, and kids want
and expect to participate wholly. While we try to look out for their best
interests with these laws, we also put them in the awful position of having to
lie to participate in a conversation we like to consider global.
The Markets:
Consulting with websites to navigate and streamline the legal pathways toward
including the under-13s. Serving as an intermediary between the legal guardians
of the kids, their data, and the online properties (i.e. a service that
facilitates a parent legally consenting to their child’s creation of a true-age
Facebook page or otherwise sharing data online).
The Question: How
do you handle death on social media?
Currently, most online services have no way for a deceased’s
loved ones to access a password-protected account. These online lives are just
left lingering mid-air, like DJ AM’s ominous final Twitter update.
Should loved ones be able to access these accounts after a death? What should
happen to your personal data after you die?
The Markets: Data
wills. Password lockers. Integrated apps that facilitate the online mourning
process.
The Question: Will we eventually use a centralized store for our online data?
We trust our money to our banks and to our government. We
know exactly whom we’ve trusted with every cent of our money, and we can
move it back and forth between financial institutions with confidence. We can invest and trade it. There is no such concept for our valuable online
data – it’s such a shadowy area that a panelist asked for terminology
suggestions from the audience. Is this a data store? Data vault? Data bank?
Data service?
“Wait -- what, specifically, are we even talking about?”
asked a participant.
“We’re still trying to work that out,” the
panelist responded.
Who would we trust to operate this “data bank” anyway?
The audience voted, and the top response was “no one.” After that came the
government. Facebook received zero votes.
The Market: Build
a system for consumers to track, invest and move their online data. Sell it to
the government. Duck.