Lior Strahilevitz (law, Chicago), has an interesting post at the Chicago Faculty Blog on what he calls “symmetrical privacy.” He begins by discussing Friendster, a social networking website where individuals post profiles and look up the profiles of others. Strahilevitz’s post was inspired by a post by Tara Wheatland at Boalt.org, who wrote:
Friendster suddenly and without notice changed a fundamental assumed feature of the community–that you could look at anybody’s profile you wanted to, while remaining anonymous yourself. Before this change, people who did not want random people to look at their profiles could change their settings accordingly. To apply this new feature retroactively and without notice really feels like a serious invasion of privacy. I don’t like it. . . .
As Strahilevitz notes: “Now Friendster users could quickly satisfy their curiosity by finding out who had viewed their profiles, but were mortified to learn that other users could do the same thing to them. Friendster was deluged with outraged user emails.”
Strahilevitz agrees that Friendster made a big gaffe by not informing people in advance, but he applauds Friendster’s “initial instincts” for devising a system of symmetrical privacy, which is a kind of privacy tit-for-tat. If you access my data, I get to access yours:
If an employer, identity thief, health insurer, or credit card company wants to access my credit report, at least let me know about it. If someone makes a FOIA request for government documents that reveal something about me, I should be notified of this request by the government. If someone goes to Fundrace.org or a similar site to see which political candidates I have donated to, I have no right to stop them from doing so, but I ought to have the right to be informed of their snooping. Symmetrical privacy might or might not be a solid foundation for a social networking site, but it seems to me that it is an excellent starting point for the law’s treatment of private information.
This is an interesting idea. We have something like that here, and so do many blogs. It’s called Site Meter. We can see how many of you are visiting and learn information about you. It’s quite interesting. Although we don’t learn your names, we can see what institutions you belong to, where you’re located, how many pages you’ve viewed, and more. Is this “symmetrical privacy” – we give you information on this blog and we get to see information about you? Actually, everybody can see this information at our Site Meter. You can too by clicking here. We’re all in a big fishbowl, and visits to this blog (and many blogs) are not totally private. Now, that’s symmetrical! I’ve always felt ambivalent about Site Meter. I am fascinated by the information about the visitors to this site, but it has always made me feel a bit like a voyeur.
I generally agree with Strahilevitz that people should be more aware of who is accessing their data. But the devil’s in the details. How far should this go? For example, I just posted about Harriet Miers’ donations to political candidates. Indeed, people can look up anybody’s contributions. Should Miers get a notice anytime somebody looks up this information?