Privacy Lawsuits Will Force VCs to Re-evaluate Profit Models
Page 1 of 2
That user outrage you hear over Web privacy is going to force venture capitalists and the sites they fund into some seriously disruptive re-evaluation of profit models based on the use and sale of personal information.
Legal action against Amazon, DoubleClick and other sites is more than money-grubbing nuisance suits by privacy fanatics eager to score a goal for their checking accounts. Web users are mad as hell and arent going to take any more of the snooping that for too long has masqueraded as a sound business model.
Almost exactly a year ago, I was writing for a very big-name, high-profile, now publicly-traded online investment site when I approached my editor there about what I saw as the coming dark clouds over privacy issues raised by profiling, click-stream analysis and other e-Peeping Tom techniques.
But the "conventional wisdom" of a year ago stopped that column in its tracks: my editor and the VCs I interviewed were united in their opinions that users didn't really care, that "opt-out" systems were sufficient and that the ease and convenience of getting user-specific advertisements and product offers would override privacy concerns.
But just try that line on Harriet Judnick, the San Francisco-area woman who filed suit against DoubleClick on Jan. 27, charging the web's largest ad server company with violation of privacy and deceptive business practices. She found it not a bit convenient and more than a little creepy that she received a steady stream of spam from insurance companies after a visit to an online health insurance site. You could also try telling that to the outraged surfers taking their own legal action against Amazon and RealNetworks when it was learned that these sites were busy sneaking their personal data for commercial uses.
Imagine the horror if a surfer makes frequent visits to sites about HIV or those dealing with suicide intervention and then finds that his health insurance has been canceled because DoubleClick or some other profiler sold that data to the insurer. It takes very little information to imagine scores of other reprehensible examples from this sort of privacy abuse.
The problem was a bit more benign a year or so ago -- back in the days when cookies were the biggest concern but when profilers still lacked the ability to match a cookie with a person's specific identity along with her e-mail, phone number and other personal identification.
That changed big-time last year when DoubleClick (DCLK) bought Abacus, a huge data warehousing company with dossiers on specific individual's catalog purchases complete with name, address and products bought. That, plus an information exchange with its partner sites for e-mail addresses and personal preferences, made DoubleClick a hot stock with those who didn't see the "Big Brother Inside" sticker.
So what does this all mean to investors? First of all, DoubleClick is by no means the only or even the worst offender; these won't be the last lawsuits filed. Second, there is the regulation: Sensing a political horse to ride, there are no fewer than five bills already introduced in Congress that would nail companies that abuse privacy. California and New York have bills in their legislatures. The issues raised further erode the notion that self-regulation is best for both the Internet and Web surfers alike. A study by the Georgetown University Health Privacy Project found that even those web sites that have strong privacy policies often don't follow their own guidelines and freely share information on visitors with their business partners, including health insurers.
Lawsuits and increased regulation will mean higher administrative costs for the companies involved regardless of the outcome, and that doesn't even consider the potential monetary damages should they lose the l