Current Issue
This Month's Print Issue

Follow Fast Company

We’ll come to you.

Online Privacy: What If Your Valuable, Personal Online Data Got Old and Died?

Facebook signup page

Online privacy is a hot potato.

VC notables Venrock, Kleiner Perkins, and Accel Partners are all betting big bucks on privacy startups. "Privacy is a big issue, and it's going to get bigger because people realize it can be used against you. That spells market opportunity," says Ted Schlein of Kleiner Perkins.

Meanwhile, the government is preparing to update existing legislation that protects individuals' personal data further, meaning someone's going to get burned. We're looking at you, Facebook and Google.

But what if the question weren't whether to completely allow or block certain private information but how to make it fade away over time? Dutch student Harold van Heerde, of Twente University's Center for Telematics and Information Technology has a proposal to increase a person's privacy on the Internet, using software that automatically "fades" information after a certain amount of time.

Van Heerde told FastCompany that, although "traditional databases have not been designed to remove data in such a way that it gives guarantees that data has been indeed irreversibly removed, we developed a prototype showing that it is feasible to implement the techniques." Would Facebook submit to such a system? And what about its 500 million or so users?

"Facebook messages are only relevant from a user's point of view for a relatively short amount of time. How many users will search or look for messages a friend posted months ago? For Facebook, this data is much more relevant, since they can build profiles of their users to make money out of it. So Facebook will be very afraid that they might lose their business if this data will be destroyed."

It's not so bad for Facebook, however, says van Heerde. "Degraded data can still be valuable, but less privacy sensitive. They [will have to prove] that it is necessary for the business to retain data endlessly. Otherwise, if old data doesn't contribute much to their business, they should take the risk into account of data disclosure and balance this risk with their interest."

There are some places where an automatic lifespan wouldn't work—medical records, for example—but we're thinking more of those photos you posted on your Facebook Wall of your New Orleans Mardi Gras trip or the shots of you on Google Image performing in "Destiny," your 11th grade jazz choir.

No one would expect the harvesters of personal data to jump on this—it's more like an idea for legislators looking for ways to balance the privacy issue with fair but effective law.

While Facebook is definitely a believer in openness on the Internet, last month it had to make its privacy settings simpler, despite its CEO's disdain for the concept. Mark Zuckerberg, at Facebook's European Developer Conference was facing an increasing barrage of complaints from politicans and Internet users alike.

Google's Street View technology, meanwhile, is hitting the headlines again today for all the wrong reasons, as French data protection agency CNIL has discovered that people's email passwords were hoovered up as the search engine giant logged Wi-Fi hotspots as it developed location-based services. Head of the FCC's Consumer and Governmental Affairs Bureau, Joel Gurin, wrote on the FCC's blog: "Whether intentional or not, collecting information sent over Wi-Fi clearly infringes on consumer privacy."

Homeland Security Secretary Janet Napolitano is well aware of the problem and believes that if the U.S. is to be safer, it will have to wave goodbye to some of its civil liberties. "The First Amendment protects radical opinions, but we need the legal tools to do things like monitor the recruitment of terrorists via the Internet," she said in a speech last week.

In other words, collecting data to ward off potential acts of terrorism and harvesting everyone's personal data—be it wittingly or unwittingly—are, two sides of the same coin.

Which makes the case for a lifespan rather than a total blockage of personal data stronger. On the user side of the equation, van Heerde, for one, reckons, "A major privacy incident has to happen before people realize that they have something to hide. People do want to share what they are doing right now with the world, not what they did five years ago, and certainly not to an unauthorized audience."