I recently had a humbling experience as an analyst, which is usually a good thing. I wrote a note in October that I expected would generate a bit of interest, and maybe even some outrage (see "Some Web Conferencing Products Present Privacy Issues"). It described a potential privacy issue with some Web conferencing products that tell meeting organizers when participants have clicked to another application on their computer, without telling participants that they provide this information. However, several weeks after publishing, I haven't received a single inquiry on the issue and no one from the trade press has picked up on it. The vendors tell me they have not received any questions on the issue either. In fact, one vendor told me it expects to get more prospects from people who want access to that kind of potentially intrusive functionality.

Now, this will not be the first time that something I thought important did not register with clients; that happens. I really don't believe that the world is hanging on my every word just because I am a Gartner analyst. This is not a particularly grievous invasion of privacy. It does not expose truly sensitive information like credit card numbers or confidential personal information. Still, it could be embarrassing if the CEO knows that you weren't paying attention to his or her corporate strategy presentation.

The lack of interest in this issue is surprising, however. When I did an informal poll of other analysts and friends as to how serious they saw this, reactions ranged from "An issue, but not a big one" to "Good God! How dare they? We must organize a boycott at once!" No one dismissed it as irrelevant or trivial. I expected that concern about privacy issues was growing among most users and figured someone would be interested.

But maybe this is just another little concession that we are collectively willing to make. Most people agree to provide personal information when there is some benefit provided. We accept cookies to make Web surfing better. We provide information about ourselves to personal portals such as Yahoo and Google so that they can tailor the information they provide to us. Maybe we are getting progressively inured to these little concessions to privacy so that we only get upset about really serious stuff, such as the loss of credit card numbers or massive dumps of personal data. Is our tolerance for invasions of privacy getting higher? How high is too high?

Maybe it really is not that big a deal and I should not be surprised that few people care. Maybe meeting organizers should be able to know if I click away to read e-mail, even if I don't know that they know that. What do you think?

Submit a Comment | Permalink

I don't think privacy matters until it matters. Meaning things like:

- Your personal funds have been accessed and stolen.
- Private information about you appears in a public place.
- A public persona makes a "private" reference to you (for example, company official refers to private issue).

There are more examples. Remember these three points:
- Privacy is important, but only in principle — as an abstraction.
- Privacy invasion matters only if it hits close to home.
- If it is a "shared violation," then it doesn't matter (for example, someone looking through another's apartment window).

I agree with Rita, but I also believe that we need to differentiate between different levels/tiers of privacy and the potential consequences of misusing such private information. As long as there is a benefit, consumers are less concerned about it.

Remember when the media tried to scare everyone because of Internet cookies? I don't think there are many people who are not using the Internet because of cookies, simply because the value they receive from using the Internet outweighs potential concerns.

I examined the consumer privacy issue from a car ICT (vehicle-centric information and communication technologies) perspective a few years ago. We asked consumers under what circumstances they would be willing to give up some of their driving-related privacy. The results showed that the majority of consumers would be willing to give up this specific information if they received a monetary incentive (for example, reduced insurance premium/taxation). There was even a large group of U.S. vehicle owners that were willing to provide their driving information if it helped to improve community-related objectives, such as improving traffic flow and reducing pollution.

Well there can be no absolute definition of what is or must be treated as private. There of course would be fairly general agreement about the examples Rita gives as needing to be kept private but beyond those it is less clear. I am astounded that so many people open up their private lives on MySpace - this seems to be generally accepted with that generation... not mine... not in a million year would I do that! Privacy requirements between individuals in the same generation can vary too. It's all very relative. For me the trick is to apply empathy and respond to individuals in the products and services we sell.. and in our personal dealings with people.

"We accept cookies to make Web surfing better." - Speak for yourself. Your blog attempted to place several cookies on my data storage device. (Several, not one for identification as stated in your privacy policy.) All were declined as a matter of course.

"We provide information about ourselves to personal portals such as Yahoo and Google …." Not only on the internet, but also the so-called membership retailers etc. Fortunately, I am still able to find a grocer in my neighborhood that offers the same pricing to all comers.

Some people still do care about privacy and discretion, but are tired of complaining every time. Occasionally I feel the urge to tell retail clerks that before asking for the name, address, phone, and personal spending pattern of customers they should first offer the names, addresses, phones, and salaries of their employees. The mood passes quickly because it is just depressing to explain the joke to someone who simply cannot see the point.

It is one thing for me to choose to give away information about myself. That is agreeable to me. I am in control of the decision.

It is another thing entirely for an organisation to take information about me and / or my behaviour without asking my permission. I consider that to be my unacceptable and a definite 'stealing' of my privacy.

Spying on me in this way may only be a small thing - but it raises the broader question. What comes next? At what stage do we draw the line and say "enough"?

When considering privacy issues in the virtual world I always make the real world test. Lets say we have a conversation face to face and I look away, start browsing a newspaper or my cellphone. I am now communicating to you that you are not very fascinating, but thats really not what I did it for. Same thing as in your example. Maybe not very polite - but a very honest and uptodate feedback on your information flow ...

For us IT people its all about making collaboration as lifelike as possible. We can never get there completely - but we can make our best effort. In a professional environment I wouldnt mind as part of the audience that a speaker in a webcast had an idea if I was glued to her every word or browsing my bookmarks to pass the time. Feedback is good - and communication is all about adapting to the feedback. Paranoid security developers are more of a problem....

I can't agree with Bjørn Tore more. Instead of pretending to be 'viewing the presentation politely', there is clearly something else going on...
As you point out in your original article, it's not quite sure what though. DO you have me doubting myself so I'm off elsewhere to verify what I did this morning? Or is what you saying so lacking in content that I'm off doing real work?

Any employer that looks at this information for signs of staff 'not paying attention' should feel the wrath of a walk-out, not the tech company providing the services.

So you can't conclude anything from the information, and any negative conclusion you could draw as an employer would be ridiculous in any case. Why sweat the point?

Now if we could up the quality of the feedback to say 'listenere has moved away to email to verify your facts' or something a bit richer than there is, maybe we can get a more life-like remote meeting experience.

At what point though does as a society we need to start sacrificing some privacy? We provide biometric technology that takes a photo of your hand's shape for authentication purposes and people have concerns about this as privacy. Should the employee take this negatively or that the employer does not trust them? How do you protect your business if you are always concerned about everyone's feelings?