Recently the Wall Street Journal ran an article about a “break-in” at PatientsLikeMe, a website largely by and for people suffering from a range of medical and psychiatric conditions. Nielsen, in a practice they have since vowed not to repeat, was scraping postings, profile data, and in some cases, personally identifiable data from private patient forums on the site. They did this despite a User Agreement that explicitly states, “You may not use any robot, spider, scraper, or other automated means to access the Site or content or services provided on the Site for any purposes.”
Professionally, as a Communispace officer, I couldn’t help but recognize how this incident validates and reinforces the value of our approach to gleaning data and insights via social media. By recruiting and rigorously vetting community members, by not enabling self-enrollment into our communities, by ensuring that our sites are encrypted and password protected, by not indexing our sites for search engine optimization – by taking all of these measures – we guard against our content and member data being scraped. That’s always critical, but especially important in our pharma and financial services communities, where members are sharing highly personal, intimate information about their health, psyches and finances.
But guarding privacy is more than a technology choice, and it’s part of a larger commitment to transparency about who we and our clients are, why we’ve recruited members to participate in the community, and what we’re going to do with what they tell us. As professionals tasked with generating insights, we enter into a social contract with our members, one where in exchange for their time and candor, we commit to creating a safe and respectful environment in which they’re protected not just from flaming, spamming, solicitation and privacy intrusions, but in some cases even from overzealous clients who cross the line from learning to selling.
So while I recognized that this incident could be good for Communispace, I think it’s not at all good for our industry (or for society as a whole).
“Come on,” some pragmatists argue. “Nobody reads those User Agreements. More to the point, if you want to maintain your privacy, then just don’t post online. It’s disingenuous to think that anything you post won’t eventually make its way into the public realm.”
Call me naïve, even call me a Pollyanna (though she made me cringe even when I was a kid), but I think that’s a dangerous stance for companies and the marketing research industry to take. Not only is it legally questionable to violate Terms of Service, but it’s ethically dubious to flagrantly disregard consumers’ belief that if they are posting to a private forum, their postings will remain private.
One can legitimately argue that aggregating anonymized data (which PatientsLikeMe does) doesn’t represent a privacy violation, and I agree – but again, only if contributors to that site know how their content is going to be used.
At the end of the day, if we are not who we say we are and do not honor what we commit to doing and not doing, we’ll kill the golden goose of insight that social media enables. Consumers will pull back, withhold, and be right to do so.
Online, as in the physical world, “No” should mean “No.”