• by Tom Hespos , May 6, 2002

"I am altering our deal. Pray I don't alter it any further." – Darth Vader to Lando Calrissian in The Empire Strikes Back.

Remember what happened to Vader after he spoke these words to Calrissian in the second Star Wars film? Vader turned over Han Solo to the bounty hunter Boba Fett, which was not an original condition of his deal with Calrissian. This heavy-handed approach to his business dealings led Lando to give Vader the shaft, free Leia and Chewbacca, and join the Rebel Alliance. Calrissian was so ticked off that he even destroyed the second Death Star at the end of Return of the Jedi.

(This isn't just a silly Star Wars tie-in for the sake of venting my excitement over the upcoming release of the Star Wars Episode II movie. There's a lesson to be learned here. I swear!)

I often feel like Lando Calrissian did when I get notices from my favorite web properties about alterations they plan to make to the privacy agreements I made with them years ago. Most recently, I received an email from a popular web destination, altering the terms of their privacy policy. The email asked me to opt out if I didn't agree to the changes to the policy. If I did nothing, the policy changes would be implemented automatically. Just as I expected, when I tried to opt out via a link to the company's website, I got a "Page not Found" error.

It's obvious what happened here. The web property wanted to do some more data-intensive deals with advertisers, and it needed the flexibility to be able to share data, so it altered its policy. Marketers knew that taking an opt-in approach to the new policy would yield poor results, so they weighed the benefits of using an opt-out approach against the "piss-off factor" and chose unwisely.

The expectation of any web user who enters into an agreement is that the terms of that agreement will be upheld, just as in any offline contract or transaction. Working against that expectation is a great way to make enemies and erode faith in web-based companies in general. The problem is exacerbated by the nuances of the medium. For instance, consider the case in which a customer no longer has access to the email address under which he registered. With an opt-out approach, the original deal might be altered without the customer's knowledge, much less his consent. The broken opt-out link is just another slap in the face. It made me wish I had a light saber and the home address of the company's privacy officer.

Privacy is one of the hot button issues in this medium. Citizens of the web are so concerned about privacy that they resist the sharing of data acquired via online channels, when offline companies routinely share data acquired offline. Privacy violations – or even perceived violations – erode confidence in the medium. Such erosion affects us in ways we probably don't yet understand. Just talk to a few newbies about how comfortable they are with submitting credit card information via the web and you'll get the picture.

Companies that fail to fully realize the importance of the privacy issue are sending the message that they don't care about their customers. Taking the opt-out route toward making changes to a privacy policy is careless, belittling, and smacks of taking the easy way out of a situation. Doesn't that sound like the modus operandi of a certain Dark Lord of the Sith whom we all love to hate?

At such a critical point in the medium's development, we can't afford to "alter the deal" on privacy. In the words of a wise Jedi master, "Once you start down the Dark path, forever will it dominate your destiny."