Wednesday, 5 November 2014

Privacy policy is not enough

Not that we read them anyway and not that we understand them when we do. One of the most important things we can do to protect ourselves is to understand the motives of service providers. A dating site targeting people with STDs seems like it ought to be on the side of people newly concerned with safe sex. But selling data about people with STDs is bound to be tempting. It’s the sort of data lots of people want.

I don’t know whether PositiveSingles set out to betray its customers, but that’s what it did.

Its privacy policy stated fairly clearly that it might share it’s customers’ details with whomever they liked, but its branding and advertising claimed confidentiality. 

"We do not disclose, sell or rent any personally identifiable information to any third-party organisations."

But they did. You can imagine what sort of company might be interested in STDs and the negative effects that might have on PositiveSingles’ customers.

They did other things, too. The site used its customers’ profiles on other sites, which were misrepresentative. Those sites included AIDSDate, Herpesinmouth, ChristianSafeHaven, MeetBlackPOZ and PositivelyKinky.

Privacy policies don’t keep you safe. At best they give you a basis to sue once your privacy has been violated. When you decide to trust a company with your personal details, always consider its likely motivations. How is this company making money? Could it make more money by betraying you? Could it promise you one thing now and then change its mind later, when they have attracted lots of customers on the basis of the policy?

No comments:

Post a Comment