Fellow PhD student Alice Marwick blogs about TechCrunch’s coverage of ClickTale, the latest in website surveillance tools:
ClickTale shows you the full story: every mouse movement, every click and every scrolling action. By using ClickTale you will gain insights that will improve your website’s usability, enhance navigation, and increase effectiveness.
How is user’s privacy affected?
ClickTale provides detailed information about users’ browsing behavior, so that usability of websites can be improved. ClickTale does not record any activity outside of the specific web page or outside the browser (no personal files recorded, no internet history, and no interactions with locally installed software). Also, ClickTale does not track users between websites. Inside the browser, no passwords are recorded.
Rose-colored glasses, eh? No mention about what the folks at ClickTale do with the data themselves (it all is stored on their servers, afterall). No mention of whether users actually consent to such monitoring, or if they can do anything to prevent it.
In the comments of the TechCrunch post, a representative of ClickTale makes this remark in reaction to others’ privacy concerns:
I concur fully with Alice’s assessment:
Again, privacy is reduced to a boutique concern of a small number of users. This is unbelievably irresponsible and I have no problem calling ClickTale out on that. There are plenty of ways they could require informed consent from users, but they know that marketers far prefer users not to know about tracking, because users will then opt out. These types of technologies should not be opt-out in the first place, and I am curious how this will fly in the EU where privacy rights are more strict than they are in the United States (which has some of the weakest privacy rights in the world).
…The argument “privacy is dead anyway” is a straw man. Privacy rights have diminished greatly in the United States because people don’t know that most privacy violations are going on, people don’t know what their rights are, and because the government has not legislated any sort of privacy protections. If these things changed, we could have a greater expectation of privacy. To say “there’s nothing we can do” ignores the fact that we are going to see more technologies like this which are increasingly intrusive and problematic.
My solution would be legislative, since neither marketers nor technology companies seem to be able to follow an internal code of ethics. Similar to anti-spam laws, technologies which track user data should a) notify the user and b) require consent to proceed. I also believe that tracking cookies (like DoubleClick) violate privacy, and this type of requirement would cover those as well.