We have just had one of the periodic waves of articles and blog posts about privacy, touched off by news about Phorm.  The typical concern, which was invoked by Tim Berners-Lee, runs something like this:  You start reading a lot online about cancer and suddenly find that your health insurance rate goes up or is not renewed.  The proposed solution to this problem, is to more clearly give the ownership of private information such as one’s clickstream to the individual.

Much as a I like the basic notion of individual empowerment behind this, I believe there are a lot of practical challenges.  For starters, in my experience fewer than 1% of folks read a privacy policy before they check the box.  So there would have to be a requirement for either a more complicated opt-in process or a mandated use of something like the platform for privacy preferences.  Even then, most privacy policies are subject to change and are also assignable in the case of a corporate transaction.  So in order for this to have any teeth there would have to be steep penalities and for infringement and legal restrictions on the steps required to get individual’s to waive this right.  I believe this would have huge unintended consequences, that would severely reduce innovation by startups.

Instead, it seems to me that starting with something more narrowly targeted has a higher likelihood of success without side effects.  For instance, further extending legislation that makes it illegal for insurance companies to use any data that they have not obtained directly from the patient or with the patient’s explicit per disclosure consent.  In addition, this legislation should require insurers to be allow individuals to easily inspect all information kept by the insurer on the individual. 

We have just had one of the periodic waves of articles and blog posts about privacy, touched off by news about Phorm.  The typical concern, which was invoked by Tim Berners-Lee, runs something like this:  You start reading a lot online about cancer and suddenly find that your health insurance rate goes up or is not renewed.  The proposed solution to this problem, is to more clearly give the ownership of private information such as one’s clickstream to the individual.

Much as a I like the basic notion of individual empowerment behind this, I believe there are a lot of practical challenges.  For starters, in my experience fewer than 1% of folks read a privacy policy before they check the box.  So there would have to be a requirement for either a more complicated opt-in process or a mandated use of something like the platform for privacy preferences.  Even then, most privacy policies are subject to change and are also assignable in the case of a corporate transaction.  So in order for this to have any teeth there would have to be steep penalities and for infringement and legal restrictions on the steps required to get individual’s to waive this right.  I believe this would have huge unintended consequences, that would severely reduce innovation by startups.

Instead, it seems to me that starting with something more narrowly targeted has a higher likelihood of success without side effects.  For instance, further extending legislation that makes it illegal for insurance companies to use any data that they have not obtained directly from the patient or with the patient’s explicit per disclosure consent.  In addition, this legislation should require insurers to be allow individuals to easily inspect all information kept by the insurer on the individual.