Trying to make sites more trustworthy with users' personal data
POSTED: Sunday, December 23, 2012 - 11:00am
UPDATED: Sunday, December 23, 2012 - 11:04am
CNN — There's a lack of trust between Internet users and the websites that collect their private data.
These sites aren't going to stop gathering personal information anytime soon, but one company hopes to make the exchange less mysterious when people sign on to a site using a social-media profile.
Logging in to third-party sites or commenting systems with Facebook, Twitter, Yahoo, Google+ and other social profiles is common -- 53 percent of people have done it, according to a recent study by Gigya, which handles these social logins for major sites such as Pepsi, CBS and Verizon. But Gigya is more interested in the other 47 percent who don't use social logins and what it can do to change their minds.
In theory, signing in to a third-party site with an existing social-media account should make life a bit easier. There are no forms to fill out, no new passwords and login names to memorize. Just enter two bits of information you're already intimately familiar with from checking Facebook or Twitter a million times. Once logged in, you might even like how easy it is to share content on your profile, or enjoy seeing what your friends bought, read, listened to or watched.
In exchange for these benefits, you give that company access to personal information telling them who you are, such as your age, gender, location, e-mail address, list of friends and what your interests are. That data is extremely valuable, and is used to tailor the site or app experience to individual visitors. People who log in with a social-network profile are better customers. They stick around longer and are more engaged.
The holdouts who avoid signing in with social profiles don't want to give third-parties the keys to their personal data. They believe companies will take their profile information and sell it, spam their friends or post to their social networks without permission, according to the Gigya survey.
"There's a real question of transparency and trusting, and confusion as to what's happening," said Gigya CEO Patrick Salyer. He believes much of it is a "perception issue" and that increased transparency between companies and customers would be mutually beneficial.
That's where the Gigya's new SocialPrivacy Certification program comes in. In exchange for publicly promising to use data responsibly, sites can sport a seal proclaiming that they are certified as trustworthy. The companies must follow these rules: they will not sell your data or your friends' data, spam you with e-mails, post on your social networks or contact your friends without permission.
Gigya is training a team of 35 employees in its client-services department to audit companies to ensure they adhere to the criteria. The companies are vetted when they first request certification and audited regularly after they're signed up to make sure they're still sticking to the rules. Gigya has not settled on a price for the certification yet. Any site can apply for the program, and Gigya plans to develop a similar code of conduct for apps in the future.
In theory the certification will assuage consumers' fears, and in turn boost the usage of social logins across the web. To increase the program's credibility, Gigya consulted privacy experts and collaborated on the final product with the Future of Privacy Forum, a privacy think tank in D.C. supported by companies such as Google, Amazon and Facebook.
Currently there aren't any laws regulating what sites and apps can do with your personal information, and companies are hoping to stave off any government regulation by taking matters into their own hands with initiatives like SocialPrivacy Certification.
"There's no obligation to be a good privacy citizen unless it's health or banking information," said Jules Polonetsky, director and co-chair of the Future of Privacy Forum.
Facebook, Twitter and some other networks have guidelines for developers that prohibit some of these behaviors, including bans on selling data. But by taking it one step further and publicly declaring it won't misuse personal data, a site can suddenly be held accountable for any violations by a group with a bit more power: the Federal Trade Commission.
"The FTC can sue you for making a deceptive statement to users who relied on that when they signed onto your site," said Polonetsky.
The SocialPrivacy Certification program is launching with a handful or partners, including Martha Stewart and the Toronto Globe and Mail. Until it becomes standard across the industry, its usefulness will be limited. But as long as people remain paranoid and hesitant to share their information, sites that want that data will be motivated to be more transparent.