What do you think about drawing the line between privacy and marketing?
For example we're sending e-mail to our mail-list, shall we keep track of their clicks in the e-mail? Personally I hate this thus we don't use the tracking links. But this effects the business since now I don't have any metrics to analyse subscribers' behaviour.
Another similar example is DRM in software licences or tracking users who run the application with a simple version update check. Which helps a lot to avoid pirated software and can help you to keep track usage and maybe even usage patterns. Although DRM is major pain in the arse and tracking users via version check without informing them is just dirty (in my book )
I can give more examples like these.
Where do you draw the line? Right now in our company we are trying to get rid of all these stuff and pretty strict about users' privacy. I see many companies don't care about these stuff that much. Maybe I'm too strict on the subject which might be clouding my judgement on the subject from marketing/business point of view.
Assuming you're not operating a website for highly confidential data, I'd go with tracking clicks in aggregate, meaning that it's ok for you to know that 20% of people click on picture A.
But I would not collect, throw away or never look at the data that says "firstname.lastname@example.org clicked at 5am". You don't need data to contain personal information.
Patterns are ok in my book. Individual information (John connected from IP x.y.z yesterday) is not.
Great question with a though answer...
I don't think there's a real answer for it, but here's my 2 cents on this subject.
It's kind of "obvious" that the balance should be drawn where your business does not suffer and you're not sending customers away.
Is the click tracking system hurting your business? If so, and if it is not sending away customers, then why not have it?
If you find out that your marketing techniques is sending people away, then it's clear you need to redefine your strategy.
If you find that you don't really need to get all that user information, then collect only the minimum.
From time to time, review the collected data and check its real usefulness and evaluate the need for new data to be collected.
You can also try to check if customers are "scared" or being sent away. Try to contact some of them and see if they are willing to collaborate in a simple and small inquiry about your marketing techniques. This may be easier to do if you're not focused on a mass market.
If it feels wrong, it probably is.
If you wouldn't admit to doing it on your public blog, read by both customers and potential customers, it's probably wrong.
To me, however, tracking clicks isn't wrong. But this is a personal decision.
This is hard to answer. Both subjects -- marketing and privacy -- are large. Mixed together, they're huge.
The best approach is probably to just ask one particular question. You could then use an existing ethical framework and try to judge possible answers from a ethical point of view.
I'd personally look at contract-based frameworks first. These includes, for example, Kant's Categorical imperative and Rawl's Theory of Justice. If these provide not clear ethical judgement, I'd look into Utilitarianism (ie. an economics approach): Which answer is more likely to increase public welfare? If this doesn't provide a clear judgment of the answers, too, I'd leave it to market forces: Try to increase your welfare and hope your consumers are willing to pay the price ("lesser privacy") for the value you provide.
This is a tough one because different people have different expectations of privacy. I always apply the "Platinum rule" -- Treat other people like they want to be treated. This seems vague but your policy should consider how people will react to any intrusion into their privacy.
The best way to do this would be to state how you will use their data and have them opt into it. You can have different levels of opt in from purely informational to full out pitching. If you leave it up to your customers to decide, I think that will be your best bet.
Good thoughtful question. Privacy matters!
1) Ask yourself how would you feel if another site was doing what ever you're thinking about to you or to someone in your family.
2) Disclose your policy aggressively, clearly, and in simple English.
3) If you do collect personal information, ensure that you have it securely protected. Bring in an outside auditor to check. If you don't think you can afford this - then don't collect the information.