Woman allegedly threatened Apple CEO Tim Cook Dolly Parton cake mixes Supreme Court Justice Stephen Breyer plans to retire Stimulus check update: Watch for this IRS letter Free N95 masks Google Doodle honors sculptor

Privacy advocates wary of data-sharing standard

A new technology standard that smoothes the way for online businesses to easily share detailed customer profiles is sounding an alarm for privacy advocates.

A new technology standard that smoothes the way for online businesses to easily share detailed customer profiles is sounding an alarm for privacy advocates.

The Customer Profile Exchange (CPExchange) has developed a standard endorsed by about 90 companies that takes advantage of XML, a programming language that makes it as easy as tapping a computer key to exchange large amounts of information over the Web.

Powerful data-sharing technologies in many ways represent the pinnacle of the Internet's potential to breaking down barriers that block the free flow of information and the improvement of business efficiencies. But privacy watchdogs say that's not always a good thing, especially when it comes to safeguarding confidential consumer data, where barriers are desirable.

"This will just grease the skids for companies to exchange information about us," said Richard Smith, chief technical officer at the Privacy Foundation, a nonprofit research center.

Backers of the CPExchange standard say rich data culled from customers--such as incomes, home addresses and shopping habits--will provide better customer service. As it is, company representatives have a hard time helping customers because information about who they are and what they buy is usually stored in various computer systems.

But at least one member of Congress is skeptical. Sen. Richard Shelby, R-ALa., sent a letter Tuesday to the Federal Trade Commission, asking it to review the development of the CPExchange standard and consider its impact on the privacy of consumers.

"While efforts to streamline e-commerce may seem innocent, we have all seen the zeal with which businesses pursue our most private personal information and their complete willingness to sell our information for their own profit," Sen. Richard Shelby said in a statement. "It is absolutely wrong."

To quell privacy concerns, the CPExchange group, chaired by IBM, included in the standard a way to place tags on consumer profiles, flagging individuals who want to keep their data secret.

"This is absolutely not about spreading information to everybody in the world," said Bradley Husick, vice president of software maker Vignette, one of the organizers of the profile exchange initiative. "This is designed to allow different applications to access customer data across a trusted network. It speeds up the rate that we can deploy new products and solutions." (CNET Networks, publisher of News.com, is an investor in Vignette.)

Privacy fears have spiked over the past year as consumers have become more aware of how much personal data is gathered any time they shop or surf online. In addition, the practice of selling the data to third parties leaves people with little power over their own dossiers, advocates say.

Aside from the annoying tracking and spam that may result, the big concern is that criminals can grab identifying information and cause serious harm.

A few horror stories have already come to light. In 1999, a cyberstalking case resulted in the death of a 20-year-old Nashua, N.H., woman named Amy Boyer. The killer tracked her down after buying her social security number online, according to Nashua police, who found details of the murder in the killer's Web journal.

But most of the focus has centered on direct marketers prying into the shopping and surfing habits of people online. The practice has resulted in many public relations disasters, making privacy an issue companies can't ignore.

Advocates such as the Privacy Foundation's Smith and Jason Catlett of Junkbusters.com laud the CPExchange group's efforts to include the privacy mechanism in the standard, but they point out that nothing compels members to adhere to the policies.

"The special standard can't force companies to act on the privacy wishes of a consumer," Catlett said. "To be fair, it would be impossible, just like you can't design a car that can't be driven off the cliff."

Husick acknowledged that "CPExchange doesn't guarantee enforcement" but added that the point of the standard is to make data storage easier for individual companies.

"Wouldn't it be great," he said, "if when you call the customer relations department about a problem with the new laptop you bought, that they know exactly what kind of machine you bought and when you bought it? That's what this standard does. It helps with customer service."

It is unclear when the software to swap consumer profiles will be available or how it will work. Members of the CPExchange group represent a cross-section of the online business world. Among them are online advertisers 24/7 Media and Engage, brokerage Charles Schwab, and Siebel Systems, which makes software for managing customer service.

The 127-page standard, released in October, doesn't limit the amount of information companies can include in the profiles, making it a potential danger zone, according to analysts.

"It's not a cause for alarm, but now there is a tool that can be used for good or for evil," said Eric Schmitt, an analyst at Cambridge, Mass.-based Forrester Research.