Gartner Blog Network


If It’s OK for Websites to Sell My Data, Why Can’t I Know Who It’s Sold to?

by Craig Roth  |  April 13, 2011  |  2 Comments

I’ve received two notifications this week that my email address has been leaked.  Here’s one of them, from the McKinsey Quarterly:

“We have been informed by our e-mail service provider, Epsilon, that your e-mail address was exposed by unauthorized entry into their system. “

Call me a cynic, but at this point it might be more useful for every company I have a registered ID with to send me an email at the end of the year if they haven’t leaked my email.  Like this:

“Hello Craig!  As the end of the year approaches, CuteKittyPosters.com is happy to inform you that this year we did not leak your email ID, change our privacy policy, get bought by an entity with a different view of privacy, sell your overly personal cookie tracking data, or have your account information compromised.  You’re welcome!”

If I don’t receive an email like that or there’s a part of it missing, I’ll just assume it compromised my data. 

To make that yearly notification seriously useful, how about providing me a year-end list of the external entities my data was shared with and whether it was a financial transaction?  Sure it’s within the privacy policy to share my data in aggregate, non-identifiable form.  But if there’s no privacy issue sharing my data with a third party, why should there be a privacy issue with telling me who it was shared it with?  Is my data open for sale but the buyer needs to remain in shadowy secrecy?  Seeing that list may make me feel more comfortable with the relationship, or may alert me to actual uses of my data that I couldn’t discern from the multi-page vague privacy policy.  It makes the privacy policy real and makes the information-for-personal data relationship more transparent. 

Category: 

Craig Roth
Research VP, Tech and Service Providers
7 years at Gartner
28 years IT industry

Craig Roth is a Research Vice President focused on cloud office suites, collaboration tools, content management, and how they are being impacted by digital workplace and digital business trends...Read Full Bio


Thoughts on If It’s OK for Websites to Sell My Data, Why Can’t I Know Who It’s Sold to?


  1. Jay Heiser says:

    CuteKittyPosters.com is happy to inform you that, AS FAR AS WE ARE ABLE TO ASCERTAIN, this year we did not leak your email ID, change our privacy policy, get bought by an entity with a different view of privacy, sell your overly personal cookie tracking data, or have your account information compromised. You’re welcome TO DISCUSS THIS WITH OUR CORPORATE LEGAL DEPARTMENT.

  2. Per Olsson says:

    In these times of total transparency, you got a point. It would be interesting if the companies would actually inform the customers who their information are shared with. The problem is that if they share it with one company, that company share it with another company and so on, I guess.



Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.