Beyond closed doors: privacy in the age of big data.


When the details of your online activity are now considered currency, and money can be made off what amounts to a digital stream of consciousness as you click through your day, what does privacy really mean anymore?

As the CEO of a new app startup, I’ve been contemplating the ethics of privacy and the implications of the post-privacy world we seem to be entering with each permission granted, term searched, and user profile created.

The concept of privacy is a modern construct, according to Greg Ferenstein in this fascinating article. The luxury of walls and doors that we can secret ourselves behind for various activities is not something that our fairly recent ancestors enjoyed. But we take it for granted that we can close a door behind us when we are in the bathroom, the bedroom, or the office, and that we have the right to do so.

Most of us would feel weird if someone was sitting in the room with us, recording what we did moment to moment on a log. It would feel creepy and uncomfortable. And yet, that’s exactly what’s happening every time we search Google, sign onto Facebook, or open the majority of the apps on our phones. Except instead of a voyeur checking out our physical actions, we are giving companies access to our thoughts, our medical and financial information, our political leanings, and yes, our most private curiosities and desires.

Data is now big business and has created a new arena of the economy that didn’t exist before. Users have come to expect that most software should be available to them “for free”, showing up on their browsers like magic.

But the programmers behind those sites know the amount of work that goes into building and maintaining them, and this work is often paid for in user data. Sites like Google and Facebook gather a shocking amount of information as “payment” for use of their services, but most users, while they might conceptually understand this is happening, don’t really internalize the implications of it, because it’s not happening right in front of them.

I imagine that my browsing habits might look very different if a Google employee was sitting directly behind me at all times, taking note of what I was looking at. I might be too ashamed to take that Buzzfeed quiz to find out “how 90’s” I am, I might think twice about quickly checking my ex’s Facebook page for god knows what reason, and I would most certainly try to shield my screen while entering financial, medical, or other personal data into the various sites I use to manage my life.

When I consider this, I am overwhelmed by feelings of violation and powerlessness. Even if I care about my online privacy, what can I do about it? I “need” to use Facebook to communicate with family and friends. The majority of my personal and professional communication over the last 10 years is archived in my Gmail account. I turn to the internet to research random interests, to numb out when I’m exhausted or sad, and I’m unsettled by the fact that this information is aggregated into a profile that might tell me (or anyone with the money to buy it) more about myself than even I am fully ready to admit.

Privacy today is not about shutting a door. It’s a real-time recording of my moment-to-moment thought process. It’s about who has access to that data and how it might be manipulated and used for purposes that I may never know about, or, as seems increasingly possible, used against me in some way. It’s a frightening reality that no longer belongs in some sci-fi futuristic dystopia. It’s happening now.

There seems to be a kind of cultural dissociation going on. Plenty of people feel uneasy about the increasing lack of privacy and control over their online data, and yet our collective actions haven’t changed much. We still like pages and upload personal pictures on Facebook, we still send sensitive emails from Gmail, and we blithely enter our credit card numbers and addresses to purchase everything from bird seed to sex toys. Most of us know this information is being recorded, and yet we offer it up anyway, as though there are no consequences to relinquishing it.

But what are the consequences, and why should we care? I’ve been reading articles about how data is used, and some, like this one, increase that feeling of dissociative helplessness, because it seems that we have already lost control. The recent decision by our own government to give your ISP permission to sell your browsing history is disheartening and frustrating. With the conversation of the entire world going online, are we essentially going back to a time before doors and walls? Except now, while we can make love and use the bathroom in relative privacy, are we agreeing to leave open the doors to our innermost experience as as we bare all on our browser of choice?

As the CEO of App Match, an app discovery service that gets to know our users by asking questions so we can make personalized app recommendations to them, I am running into this ethical quagmire where serving the company and serving our customers gets really murky. I want to gather information about our users so I can provide them with an excellent, targeted service. This, of course, is the stated reason behind most of the data that’s collected on the sites that you visit: the more the company knows about you, the more precisely they can optimize your experience. It’s Business 101 at this point.

However, can I feel ethical asking my users to tell me about their lifestyle when I am concerned about the amount of information other sites are collecting about mine? I’ve found myself increasingly curious about what makes a “good” privacy policy, and how personal data might be used in a positive way.

A shining example of data for humanity is the period-tracking app Clue. While I was quickly won over by the pink-free interface and lack of cheeky references to this biological event that I’ve been dealing with every month since I was 13, what really impressed me was their privacy policy.

For one, it is written in plain language that anyone can understand, and it gives users the choice to opt out of having their data stored anywhere but right on their phone. Additionally, Clue offers ways to enhance privacy on a user’s device, including PIN or TouchID authentication.

Clue is collaborating with academic institutions to provide “long-term or large-scale data” to promote research into women’s health. If a user gives Clue permission to use their data, Clue anonymizes this data and shares it with researchers who previously did not have access to this kind of information on the scale that Clue is able to provide.

It’s a fascinating win-win-win: users not only have a comprehensive tool to track their cycles, they also have total control over their data by choosing to share it or not. Researchers have a new, ongoing wealth of data available to them in the realm of women’s health, and global women’s health studies progress. All because of a period-tracking app.

It’s clear that Clue takes privacy seriously, and they make good use of the data their users are gracious enough to share.

When the team at AppMatch read Clue’s privacy policy, we were blown away. We started looking at the privacy policies of all the apps in our system and realized there were some we could no longer recommend. Even if an app provided a unique and needed service, if there was no privacy policy, or a policy that did not reasonably protect user data, we could not feel comfortable recommending that app to our users.

This led us to think about our own privacy policy, and how we feel compelled to use the data we collect responsibly. We store user information in a password-protected database and use analytic tools that rely on anonymized and aggregated data, none of which is personally identifiable. We encrypt the entire website with HTTPS. We do not sell user information, but rather have an income model that relies on application fees.

The bottom line is, at AppMatch, we really care about user privacy, and we won’t do anything with your data that we wouldn’t want to have done with ours. We are on the lookout for amazing apps with privacy policies that respect the user. And, we are always open to feedback and suggestions on how to improve ours.

Have a privacy policy you think is amazing? Want to keep the conversation going? We’re listening! You can reach us at