Features

net.wars: Was that private?

Time and again the Net has proved that anything large corporations can do to us, we can do to ourselves - much more effectively and willingly.

Churn, for example, used to be something people fired stockbrokers for; it is the practice of buying and selling stocks much more frequently than is rational in order to profit from the brokerage fees. But during the dot-com day-trading boom, as I remember brokers saying at the time, people churned their own accounts far more than any broker would ever have dared to do (and, we add, probably losing themselves far more money).

The same is happening now with privacy. If, say, Tesco posted the real names of its club card members on a Web site complete with little jokes about the foods they buy and the times of day they like deliveries, there would be considerable outrage. (And rightly so.)

When a government allows the kinds of leaks detailed here on the Blindside site (to which I contribute) we are significantly unimpressed.

On the other hand, over and over on the Net we see people invading their own privacy to a degree that probably no corporation or government would dare. We post about our friends, our habits, our flight times, the shinies we just bought, the books and newspapers we read, the TV programs we watch (and, in some cases, download) our religious feelings or lack thereof, and the organisations we join and promote. We do this for the same reason people feel safer driving in their own cars than they do flying on someone else's airplane: we think we're in control.

Which all leads to a 2003 European court decision that was noted this week by Oxford Internet Institute law professor Jonathan Zittrain (who had it from Karen McCullagh) about Mrs Bodil Lindqvist, a Swedish church catechist who apparently chatted rather liberally about some of her fellow church committee members on a Web site they didn't know she'd created. Among other information, she included names, the fact that a colleague was on partial medical leave because her foot was injured, phone numbers, and so on.

Your attitude about this sort of thing depends partly on your personality, your culture, and your own online habits.

So many of my friends blog what seems to be their whole lives in copious detail that it never occurred to me I was doing anything privacy-invasive when I visited a foreign country and blogged the name of the friend of a friend I met there and an account of a day we spent together. The blogee, however, was unhappy and asked me to remove the name and other identifying details. I was surprised, but complied. Referring to someone's injured foot seems kind of harmless, too.

On the other hand, I would never, however, put someone's telephone number online without their consent, even though my own phone number is on my Web site. Yet that prejudice seems irrational if you instead call the information about the injured foot "personal medical data" but see the phone number as something anyone could find in the phone book.

Fortunately, I don't live in Sweden. Mrs Lindqvist also took down her pages when she found out the people she had mentioned were upset. But nonetheless she was prosecuted for several violations of the data protection laws – processing personal data without giving prior written notice to the data protection authorities, processed sensitive personal data (the medical information about the foot) without consent, and transferred personal data to a third country.

The European Court of Justice, where the case eventually ended up, concluded the third of these did not apply – simply posting something on a Web page that can be read by someone in another country isn't enough for that. But the ECJ agreed she was guilty of the first two of these offences – as are, by now, probably hundreds of thousands, if not millions, of other Europeans.

This judgement was rendered (and ignored) before Facebook and MySpace became phenomena, and before blogging became quite such a widespread pastime. It acknowledges the competing claims of laws guaranteeing freedom of expression, but still comes down against Mrs Lindvist – who, frankly, seems like pretty small beer compared to this week's announcement that Facebook is to open its member listings to Google's search engine.

The problem with the Facebook decision is that one of the things that really does govern the Net (while the law is still making up its mind) is community standards.

Based on Facebook's assurances that the system was closed to members only, people posted material about themselves and their friends that they thought would stay private. The decision to open the service makes them more like celebrities at Addictions Anonymous meetings.

They are about to discover this in the same way that a generation of Usenet posters did when the archives of what they thought were ephemera were assembled and opened to the public by Deja News (now Google Groups). What they will also discover is that although they can delete their own accounts or mark them private, like Mrs Lindqvist's church colleagues, they have no control over what others have said about them in public when they weren't looking.