Privacy is increasingly becoming a topic of discussion in the world of online advertising. As new tools emerge to target advertising based on user behavior as well as provide social relevance, privacy is becoming a critical issue. Whether it’s the tracking of users via cookies or the monitoring of their activities throughout “the social graph”, we are in a new era in which the lines between personal and public lives have become blurred if not eliminated.

Today, Chris Kelly, the Chief Privacy Officer of Facebook spoke to the United States Senate Committee on Commerce, Science and Transportation about the “Privacy Implications of Online Advertising.” A full transcript of Chris Kelly’s testimony is available on the Senate’s website. On the topic of differentiating between personally identifiable information and non-personally identifiable information, Chris Kelley stated:

The critical distinction that we embrace in our policies and practices, and that we want our users to understand, is between the use of personal information for advertisements in personally-identifiable form, and the use, dissemination, or sharing of information with advertisers in non-personally-identifiable form. Ad targeting that shares or sells personal information to advertisers (name, email, other contact oriented information) without user control is fundamentally different from targeting that only gives advertisers the ability to present their ads based on aggregate data.

Chris Kelly also gave an overview of Facebook’s SocialAds and their Beacon program. From the initial glance at this hearing, there is not much significant revealed. What is clear is that the govenment is actively involved in discussing the privacy of internet users and this arrives at a critical time. Advertising networks are racing to develop systems that target users based on their friends and activities and in some cases it is pushing the limits of privacy standards.

I frequently discuss the privacy of social network users on this site and the implications that these new advertising systems have in regards to their privacy. It is excellent to see that the govenment is quickly to discuss what it taking place. Personally, I hope that we see a global set of privacy standards and rights developed in the near future.

I’d imagine that one day we will have an enforcement organization that monitors the activities of many of these companies.

Targeted advertising has become a hot button topic in the social advertising industry. New advertising models have been introduced to target users based on their gender, age and interests as well as tools that target based on their online behavior. Caroline McCarthy posted today about a new eMarketer study released called “Behavioral Targeting Attitudes: The Privacy Issue.”

The new report examines consumers’ attitudes toward targeted advertising and the data being collected about them online. The conclusion is that only 23 percent of users are comfortable with having their online behavior tracked for the purpose of serving more relevant advertisements online. I’m not quite sure whether or not this information is surprising or not but it definitely emphasizes that advertisers need to do a better job of educating consumers about their advertising programs.

I cover privacy issues on this site on a regular basis but readers of this blog are more educated than the average consumer. Just the other day I ran into someone who had heard about the risk presented by Facebook applications through a Washington Post article. He said that he no longer installs the applications. Clearly mainstream media coverage will assist in educating consumers about privacy issues and advertising practices.

For the time being we’ll have to expect many users to be uneducated on the issues leaving the discussion to industry professionals. Not exactly the type of discussion that I’d hope to see but I guess it will have to do for now!

Sarah Perez has started a great conversation about whether or not social network should be regulated. I’m excited to see the conversation at least started as I have mentioned this before. Sarah quotes an article in today’s Guardian which states that, “Nine out of 10 people think there should be tighter regulation of information on social networking websites” and “89% of those surveyed by the Press Complaints Commission said there should be a set of widely accepted rules to help prevent personal information - such as private photographs - being abused.”

The bottom line is that people believe there should be regulations but in this country at least, very little regulation (if any) has been focused on social networks aside from privacy policies and the creation of policies to protect children. One of the most substantial problems is that people are not aware how their information is being used and how public it really is when they post it online.

Theoretically a similar argument could be made for just about any online service that doesn’t have bank-like security. Can you blame the ignorance of the user for information being publicly displayed? While there is legislation on the table in the European Union and there has been proposed legislation in the United States, nothing has happened so far.

With the recent breach of privacy of Paris Hilton and Lindsay Lohan on MySpace being blamed on a failed Yahoo! API, the issue of user privacy and protection is back at the forefront. The question is: should there be laws that protect the users online when interacting with social networks?

This afternoon I was reading an editorial piece by Adam Cohen in the New York Times. Adam makes a great point about the need for granular privacy settings, “Users should be asked if they want information to be viewable by others, and by whom: Their friends? Everyone in the world? Privacy settings, which allow for this kind of screening, should be prominent, clear and easily managed.”

What I’m a little confused about is why he said Facebook hasn’t made enough steps to empower users to control their privacy settings. Currently, Facebook offers the most granular privacy controls of any website. The existing problem is not with Facebook but instead with users’ identities across the web. The interesting part of this is that suddenly bloggers, journalists and the general web community appear to believe that privacy controls are something they have a right to and it should be included with all websites.

Aside from the Beacon fiasco, I’m not quite sure why Facebook receives all the blame for failure to provide granular privacy settings. In fact they are one of the few sites that provide such detailed selections. Regardless of whether or not Cohen made an appropriate accusation, we are headed toward a virtual world in which we have more granular controls across all the websites that we participate in. As communication between the multiple services that we use becomes commonplace we will see the emergence of the identity control panel.

We have yet to determine the exact location of that control panel. Right now sites like Facebook and FriendFeed appear to be ideal locations for managing our identity privacy controls. Just as there is a race to develop a singular Social Graph API, I think the next step is a standard for expressing our privacy settings. While I may be ahead of myself on this one, a basic level of privacy settings (make certain friends private, others public) should be eventually build into the social graph API.

Of course a standard for identity management needs to be adopted prior to a standard for privacy. Something eventually needs to get put in place though. I previously suggested that perhaps this is where government should step in. What do you think? Should there be a global privacy standard?

There is much discussion taking place about the privacy implications of the new Social Graph API. Given the current state of the API the discussion may be premature but then again it’s never to early to protect against a future disaster. There are a number of discussion points brought about by Danah Boyd, Joshua Porter and Marshall Kirkpatrick.

What is taking place?
As I have been discussing over the past couple days, Google announced the new Social Graph API last Friday. In theory, the point of the technology is to ultimately construct our own digital identities by leveraging Google’s index of the web. It’s as simple as that. The technologies being used (XFN and FOAF) are really a moot point in this conversation. It is even more so a moot point now that Marshall Kirkpatrick has pointed out that Google will begin indexing MySpace pages as well to include in their index of the Social Graph.

Who is making the decision?
Part of the contention is that as Danah Boyd points out, this is not the masses that are choosing how their information gets organized and distributed, it is the technocrats. Danah states, “Being socially exposed is AOK when you hold a lot of privilege, when people cannot hold meaningful power over you, or when you can route around such efforts. Such is the life of most of the tech geeks living in Silicon Valley.”

The only comparison I can come up with is elected politicians making life changing decisions for a population except that the geeks have not been chosen by the people to make privacy decisions for them. Danah Boyd suggests that we’ll all end up like hermits to cope with the exposure created by these new technologies. I would argue that you can choose not to display your information on the web to protect your privacy. Then again what happens when you are eventually punished indirectly for not sharing your information with the public?

What is at stake?
As I alluded to in my last sentence, our right to privacy is at stake. When suddenly everyone begins sharing their information online (as is happening now), eventually we will be punished for not participating. Imagine students in a high school that are all active on MySpace. If a student chooses not to participate, they are going to be the outcast from the rest. Ultimately, we are currently headed down that path and now we are developing technologies that link all of our associations together.

The Social Graph API creates an image of your identity on the social web by crawling through Google’s index of billions of pages. Facebook creates an image of your identity based on the people you approve as friends and by the details that you choose to place on your profile. Currently Facebook’s version may be more accurate and may be protected from indexing by Google but ultimately Google has access to both MySpace and Orkut. If you were ever on MySpace chances are Google now has a fairly accurate representation of your identity at one point it time.

Having all of my friends connected to me currently enables me to have random chats with others over twitter. It will also one day enable me to walk into a store and pull out my phone and see what items my friends recommend from that store. Perhaps I will also be able to automatically control which friends can enter through my security system even when I’m not at home. Law enforcement will also be able to fight crime more effectively thanks to the new social graph. There are benefits but for many there could be adverse effects of these new technologies.

Can we have it all?
So we want the cool toys but we don’t want to give up our privacy. I am saddened to say that I think we gave up much of our privacy the moment we logged on. Suddenly logging onto the internet has become synonymous with being in public. We can participate in whatever we want online but don’t be surprised when your information ends up publicly available. As Joshua Porter writes, “I’m reminded again by the age-old saying: ‘the best way to prevent secrets from getting out is to not have any in the first place.’ As technology makes it easier to share information, it becomes harder and harder to keep any of that information secret.”

The bloggers will tell you to “Get naked” because transparency is ultimately in the best interest of organizations and professionals. In reality you might want to put on some socks, or maybe even gloves. While your at it, throw on some underwear because ultimately everybody can see you. Marshall Kirkpatrick sums it up perfectly, “It’s a matter of free will and sometimes personal safety. Web users should not be asked to give these things up in exchange for participation in all that the internet is making possible.”

Do you think we can have the cool new technologies while also protecting our individual privacy?