Last month Professor Valerie Steeves, Department of Criminology at the University of Ottawa, spoke at the 29th International Conference of Data Protection and Privacy Commissioners about children’s online privacy.  It’s an interesting (if not social-media paranoid) speech about blurring the line between content and marketing.  She focuses on Neopets, Barbie.com and Webkinz and their EULAs.

Here’s the video. Here are the notes.

I’m not sure what the panel had to say – but I hope someone touched on the fact that companies need to monetize traffic in order to create compelling content and that the creation of content by a community is not a bad thing. When I think of the latter in terms of real world, my local city would be a frustrating and boring place if I couldn’t: vote for change and actively participate in it, volunteer or communicate with my peers etc.

The issue of receiving virtual rewards for participation in a sponsored survey is indeed a little on the grey side…but my question is - why is everyone so scared of online?  You can bet that companies like McDonald’s have perfected the Happy Meal by looking at their real-world data. Not only that but they can watch your kids as they react at their favourite toys and watch you react with them.

In addition to abiding by PIPEDA and COPPA and self-regulating through CARU or ASC, companies can start writing their EULAs in kids speak and create clear community guidelines based on business rules so that there is some transparancy in the way that online companies operate (I like my local government this way too- I know they’re elected so it might not be a perfect example but still…).

I think speeches like this do nothing but encourage kids to be fearful of social media- when in fact everyone should educate kids on what personal info is and how to protect it so that they can have confidence and security online. 

Funny, I was checking my feeds this morning and came across a ‘free’ white paper on creating a framework for information security governance. I wanted to check it out so I went to the site, clicked on the ‘free pdf’ link and was directed to a page where I had to fill out at least 10 fields of information about me.

I don’t know if that’s ironic, but I consider my personal information valuable. I know it’s worth money- if not by sale to third-parties then to the companies who collect it that can behaviourly target their advertising to me. So the first thing I thought was: “this paper is not free.”

I don’t know if my job makes me paranoid about my personal information, but I do find myself asking more questions these days. Like when I shop…

About a month or two ago, I bought a couple of pairs of shoes at Skechers. At the point of purchase I was asked for my postal code. I am the salesperson’s pain in the ass at this point because I always ask why they need it. Partly to see if they are PIPEDA compliant and partly because I really do wonder why they need to know exactly where I live. Also, I tend to be entertained by the look of panic on the cashier’s face when they remember from their training (hopefully) that they have to have an answer or find someone who does. In the case with the shoes, it was for any future returns- so I consented.

I’m always impressed when a company displays the info they collect before a purchase. The Canadian government does a good job in giving retailers the tools they need to do this without having to spend bucks on lawyers.

What information are you giving out when you shop? And when you think that you don’t – remember those reward cards you keep in your wallet.

I would have loved to attend this hour-long lecture called ‘Privacy by Design’ by Canada’s Privacy Commissioner, Dr. Ann Cavoukian. Speaking to technologists at the University of Waterloo, Cavoukian’s main message was for developers to consider complete frameworks for protecting user-privacy. Thankfully it’s online here. She also maintains that you don’t have to give up privacy to get security. Kind of a different outlook compared to U.S. Secretary of Homeland Security, Michael Chertoff’s view these days.

I spend a lot of time with developers and lawyers. The technology seems to be accelerating faster than the laws and every country has different ones. When going into a major online community project, one of the very first questions that should be on the table is: what are our business rules surrounding collection of data of any kind- from personal and aggregate info to ideas and user generated content?

If privacy and security are part of the foundation of a healthy community, it’s important to have clear objectives and to have your developers present and informed at your project’s kick-off.

Now if you’ll excuse me, I have a lecture to attend…