In the past few years we have witnessed the competing interests of technological convenience, personal privacy, and e-business needs. Consumers are finding that e-businesses are asking for—or taking—more personal information than they may be willing to give in order to utilize goods and services. E-businesses counter that they only take necessary information to complete transactions and perform effective marketing and customization of their products and services.
Consumers want to actively control how much personal information they disclose depending on the level of trust inherent in each e-business relationship. A consumer using a familiar Web site with privacy policies she trusts will be more willing to divulge crucial information an e-business needs, such as demographic data and shopping preferences. E-businesses want to create an atmosphere that will foster this trust and information sharing.
However, there is a palpable tension between consumers and e-businesses at the start of a partnership. This tension exists because of a lack of trust between users and e-businesses. This mistrust is not unfounded. E-businesses have a poor record when it comes to protecting consumers’ privacy online.
Privacy and the Consumer
The popular Apple iTunes software is no stranger to privacy indiscretions. In early 2006, Apple released iTunes version 6.0.2 which included a new feature called the MiniStore (Borland, 2006). The MiniStore enabled iTunes to offer customized user recommendations based on past browsing and purchases. Granted, this customizable feature offered a means to enable users to find more personalized selections. However, computer experts found that in addition to the song selection, unique data about each user was sent back to Apple via the MiniStore (McElhearn, 2006). Once this information was found, the software’s user agreement was analyzed by experts who found no mention of this particular MiniStore functionality (Borland, 2006). Apple soon recanted and explained to users how to turn off this feature. In all new versions of iTunes, MiniStore functionality must be enabled by users (Apple, 2007).
However, Apple’s iTunes is once again in the privacy spotlight. In 2007, researchers discovered that all DRM-free music purchased via iTunes embeds each user’s personal information in the file (Fisher, 2007). Additional research found that all iTunes purchases include this information with no explanation from Apple.
Apple is not the only organization tracking users’ information without their knowledge. Microsoft Windows Media Player stores data about all users’ media files that they watch either online or on DVDs. The Media player encodes all selections with a “Windows Media Player ID number” specific to each user (Festa, 2002; Smith, 2002a). This information is then sent to an online Microsoft database. These “SuperCookies” can be used to track user viewing habits, Web surfing preferences, and other personal information. While Microsoft denies any plans to use this data and provides instructions on how to disable this feature on its support pages (Smith, 2002b), the feature is on by default until a user completes a series of steps hidden within a detailed privacy statement (Microsoft, 2003).
Other companies have also amassed consumers’ data without their knowledge. In 1999, researchers learned that Comet Cursor was tracking the clickstreams of over 16 million people who downloaded the free software (Oakes, 1999). Other companies that have tracked, or are tracking, online user movements include RealNetworks, DoubleClick, HitBox, and X10. Some companies, such as DoubleClick, had discontinued tracking in favor of consumer privacy because of lawsuits and user complaints (Krill, 2002). However, Google’s pending acquisition of DoubleClick raises new concerns (EPIC, 2007).
Ultimately, while many of these e-businesses have either changed data collection practices or written the procedures into privacy policies, users still are not always aware of the privacy implications. Moreover, much amassing of data is conducted without users’ awareness. Companies such as WebTrends specialize in offering e-businesses detailed user data and Web site usage in order to analyze what users do at the e-business site (WebTrends, 2007). Users are not usually made aware of the clickstream tracking, page views, or other data being collected about them with each click and view of a Web page within a site.