http://www.nytimes.com/reuters/2012/02/19/technology/19reuters-privacy-explainer.html

February 19, 2012

Q+A: The Complex Interplay of Social Media and Privacy

By REUTERS

SAN FRANCISCO (Reuters) - Living in the world of social networking and mobile smartphones means trading away some of your personal information.

But assessing the price of admission to join the super-networked, digital class is not so simple; even experts on the issue admit that they don't have a full picture of the way personal information is collected and used on the Internet. But here are some basic guidelines to keep in mind.

Q. What information do you have to give up to participate in social media?

A. Social networks such as Facebook and Google+ require at a minimum that you provide them with your name, gender and date of birth. Many people provide additional profile information, and the act of using the services - writing comments or uploading photos or "friending" people - creates additional information about you. Most of that information can be kept hidden from the public if you choose, though the companies themselves have access to it.

If you use your Facebook credentials to log-on to other Web sites, or if you use Facebook apps, you might be granting access to parts of your profile that would otherwise be hidden. Quora, for example, a popular online Q&A site, requires that Facebook users provide it access to their photos, their "Likes" and information that their friends share with them. TripAdvisor, by contrast, requires only access to "basic information" including gender and lists of friends.

Social media apps on smartphones, which have access to personal phone call information and physical location, put even more information at play.

On Apple Inc's iPhone, apps must get user permission to access GPS location coordinates, a procedure that will now be applied to address book access as well after companies including Twitter were found to be downloading iPhone address book information. Beyond those two types of data, Apple locks away personal data stored in other applications, such as notepad and calendar apps, according to Michael Sutton, the vice president of security research at email security service ZScaler.

Google Inc's Android smartphone operating system allows third-party apps to tap into a bonanza of personal data, though only if they get permission. In order to download an app from the Android Market, users must click 'OK' on a pop-up list that catalogues the specific types of information that each particular app has access to.

With both mobile and Facebook apps, often the choice is to provide access to a personal information or not use the app at all.

Q. Should I worry about how my information is being used?

A. Personal information is the basic currency of an Internet economy built around marketing and advertising. Hundreds of companies collect personal information about Web users, slice it up, combine it with other information, and then resell it.

Facebook doesn't provide personal information to outside marketers, but other websites, including sites that access Facebook profile data, may have different policies. Last year, a study by Stanford University graduate student found that profile information on an online dating site, including ethnicity, income and drug use frequency, was somehow being transmitted to a third-party data firm.

The data that third-parties collect is used mainly by advertisers, but there are concerns that these profiles could be used by insurance companies or banks to help them make decisions about who to do business with.

Q. Are there any restrictions on what information companies can collect from Internet users or what they can do with it?

A. In the United States, the federal law requires websites that know they are being visited by children under 13 to post a privacy policy, get parental approval before collecting personal information on children, and allow parents to bar the spread of that information or demand its deletion. The site operators are not allowed to require more information from the children than is "reasonably necessary" for participating in its activities.

For those who are 13 or older, the United States has no overarching restrictions. Websites are free to collect personal information including real names and addresses, credit card numbers, Internet addresses, the type of software installed, and even what other websites people have visited. Sites can keep the information indefinitely and share most of what they get with just about anyone.

Websites are not required to have privacy policies. Companies have most often been tripped up by saying things in their privacy policies - such as promising that data is kept secure - and then not living up to them. That can get them in trouble under the federal laws against unfair and deceptive practices.

Sites that accept payment card information have to follow industry standards for encrypting and protecting that data. Medical records and some financial information, such as that compiled by rating agencies, are subject to stricter rules.

European privacy laws are more stringent and the European Union is moving to establish a universal right to have personal data removed from a company's database-informally known as the "right to be forgotten." That approach is fervently opposed by companies dependent on Internet advertising.

Q. Is there likely to be new privacy legislation in the United States?

A. The year 2011 saw a flurry of activity on Capitol Hill as U.S. lawmakers introduced a handful of do-not-track bills with even the Obama White House calling for a "privacy bill of rights."

Leading the charge on do-not-track legislation are the unlikely pair of Reps. Edward J. Markey, a Massachusetts Democrat, and Joseph Barton, a Republican from Texas, who have jointly led a "Bipartisan Congressional Privacy Caucus."

Still, with half a dozen privacy laws meandering through Congress, most observers expect it could take a long time before any are passed-and not before they are significantly watered down in the legislative process.

(Reporting by Alexei Oreskovic, Gerry Shih and Joseph Menn. Editing by Jonathan Weber and Richard Chang)