Companies have traditionally used data they collect about the customer, any way they please to do so. By custom, it is their data.
"Wait a minute," you say, "it's my data." No, it isn't. Here in the United States, by ''legal custom'', any data that a company learns about you, in the course of doing business with you, belongs to the company, not to you. When you assert that the company cannot use your data any way they wish, it annoys them, because they know better.
Yet today, consumers are more wary of data sharing, and more assertive about how companies may use the consumer data. Consumers want to see that companies will use their data only in appropriate ways.
Annoyed or not, companies now find themselves confronted by hordes of angry consumers if they don't promise to handle customer data in appropriate ways. To mollify the consumers, companies have taken to publishing "privacy statements" (or "privacy policies") that describe how the company ostensibly "protects" the consumer from abuse.
Unfortunately, with very rare exceptions, these privacy statements are useless, because almost all of them are variations of what I call the "Universal Privacy Denial" (UPD). The UPD is used to inform you that the company is still going to use your data any way they please, while at the same time misleading you into believing that the company really respects your privacy and will only use data in "your" interest.
The typical UPD contains these points:
- This document discloses our practices with respect to the handling of your data. [Note that our means ours alone; this is merely a "report" of their practices and you have no enforcement rights.]
- We only share your data with our business partners. [Business partner means any person or company with which they write a contract—really, anyone.]
- We use your data to enhance your experience, [As they define "enhance your experience", not as you define it; and if you don't agree, too bad. You say you don't like 300 junk emails a day? I reiterate: Too bad.]
- We restrict access to your data to those who need to access the information. [The company alone will decide who those people are. The company alone will also define what need means."]
- We respond to subpoenas, court orders, or legal process. [Legal process is a nice cover term for being free to respond to anyone who can wave a badge at at a company representative; or to any attorney that waves a lawsuit threat at the company attorney.]
Many falsely comforting words, promising nothing. Everything solely at the discretion of the company.
The typical Universal Privacy Denial: Aren't you glad they "care"?
Update March 17, 2012