Skip to Content

Privacy & Data

Closing Pandora’s Box

Last night, Pandora announced on their blog that they are taking all their users through a new interface to choose privacy settings for sharing information on its popular music listening site.  We think this is a big deal for consumers, and we’re glad to see Pandora taking affirmative steps to put users in control of their privacy.

A bit of background here:  Pandora attracted a lot of attention a couple months ago when they started partnering with Facebook’s new “Instant Personalization” program.  Although Pandora users already had “public profiles,” few knew or took advantage of them — most just went to the site to listen to music anonymously.  That all changed when Pandora started using Facebook data to identify its members by real names and to publish to a user’s Facebook friends what music he or she was listening to.  Many privacy advocates at the time criticized this data sharing and the confusing opt-out structure that users had to go through to avoid sharing information about their music listening tastes.

Pandora has responded to this criticism with a great tool to put its users in charge of their privacy.   Now, when Pandora users return to the site, they are shown a box that asks them whether they want their profile to be “public” or “private.”   Users have to pick one or the other — they can’t just close the box to return to the default of public sharing.  The box also contains links to give users the chance to learn more about sharing works.

CDT worked closely with Pandora to come up with this solution, and we think this sort of “forced choice” should serve as a model for other companies who seek to merge data in ways consumers might not expect.  Now, returning users to have to affirmatively click “Public” in order for their information to be shared — they don’t have to hunt around for a mechanism to turn information sharing off.  There are some remaining issues about what to do for mobile users (who aren’t shown this interface) or for old users of Pandora who don’t come back to the site (their music listening history is still published under their real names), but by and large, this new and unavoidable privacy interface is an excellent way to inform users about how their data may be shared and to give them a real choice about whether to share or not.

CDT believes that data merging is going to be more and more of an issue for online — and offline — consumers.  Companies are increasingly linking different data sets about consumers in ways they wouldn’t ordinarily expect.  If a company wants to use social networking or other data to “personalize” a site by tying previously anonymous or pseudonymous activity to real name identity, we think they need to give consumers an upfront choice about whether they want to participate or not.  As companies begin to roll out more features like this, we hope Pandora has set a standard for moving informed consent forward.