Internet companies such as Facebook must strike a balance between users' privacy and offering them customized content.

Story highlights

Companies like Facebook and Google must balance advertiser and customer data demands

All major browsers now offer a "do not track" setting, but it is difficult to enforce

Privacy settings will probably become more customizable and easier to understand

What level of privacy will we have online in the future?

Will people share their personal data freely in exchange for more customized service? Or will they become fiercely protective of private information, using tools and browsers that protect their identity from advertisers and other third parties?

Privacy experts from Facebook, Google, Mozilla and Microsoft have been tackling these big questions this week at the RSA security conference in San Francisco.

Public changes to privacy policies, like the ones that make news when Facebook or Google change their settings, are just a small part of the story. Behind the scenes, these companies have full-time staffs of privacy experts, lawyers and engineers who are juggling an array of privacy demands. In addition to what the users expect, there are government regulations, industry standards and rules that vary across operating systems.

Companies that provide free services, such as search engines or social networks, have to strike the right balance between respecting their customers’ privacy concerns and serving advertisers.

“It’s important and easy for everyone to acknowledge that much of the incredible growth of the Internet today has been fueled by advertising,” said Keith Enright, Google’s senior privacy counsel. “I believe that will continue to be true.”

For Web titans, the money still flows in from advertisers, not consumers. Facebook made $4.2 billion, or 84% of its revenue, from online advertising in 2012. Google saw $43.6 billion in advertising last year, accounting for almost 95% of the company’s revenue.

Customers’ leverage

They may not be paying for the services directly, but customers still have a lot of power – and companies know that they need to listen. People can switch to another browser, ditch Facebook and go back to writing e-mails, stop Googling and start Binging. And privacy is becoming more and more important to them.

“Privacy is increasingly becoming a feature,” said Brendon Lynch, Microsoft’s chief privacy officer.

The customer demand for stronger data controls led to the introduction of the “do not track” feature. “Do not track” is a setting that can be now found on all the major browsers: Firefox, Internet Explorer, Chrome and Safari. When turned on, it asks sites not to track that person’s online activities. A Microsoft survey found that 75% of people were concerned about online tracking and thought the setting should be turned on by default.

“Do not track” seems like a clear, smart option to give consumers, but it has has been difficult to enforce. There are talks under way by the World Wide Web Consortium (W3C), an international organization that develops standards for the Web, to make it official. However, advertisers and other third parties are pushing back.

Changes to consumers’ data, like “do not track,” can come at the expense of advertisers, creating friction. When Mozilla recently announced that it was testing a feature that disabled third-party cookies by default in its Firefox browser, the general counsel for the Interactive Advertising Bureau called it “a nuclear first strike” against the ad industry on Twitter.

“We can’t just sit back and allow the industry to just continue to ignore a core component of the user experience online,” said Alex Fowler, Mozilla’s global privacy and public policy leader.

The issues will become only more complex in the future, when small sensors and devices that can track things like location, fitness and environment become ubiquitous. The more devices that connect to the Internet, from smart cars to home thermostats, the more data there are about a person to collect.

Location data are already being tagged on to photos, tweets and other online actions when people use their mobile phones. For many people, they are considered private data, whether they show where someone is at that exact moment or where they’ve been over time.

“How can you take the data, make it less sensitive but still make it of value to the user?” asked Lynch.

Balancing privacy and usefulness

According to the panelists, personal data such as location have many potentially positive uses, for individuals as well as advertisers. Consider the wealth of location-based tools already in use, such as food recommendations, social apps and dating services.

There will probably be future options that strike a balance between sharing information and cutting off all data. Not everyone will want the same level of privacy, so options and customization will have to be made available.

People could share their location information on a case-by-case basis but still stay anonymous. They might choose to have a persistent anonymous ID for location-based services, so that their location history and other data can be used without connecting them to a specific person.

It’s also possible that over the next five to 10 years, people’s attitudes toward privacy and their data will change, and they’ll be willing to share more personal information, attached to their real-world identity, in exchange for more heavily customized computing experiences.

“You don’t want to punish the user who cares about privacy by saying, ‘Give it up or don’t participate,’ ” Fowler said.

For the people who don’t want to share at all, one option floated at the panel was to charge for the services and jettison the ads. This kind of either/or option is popping up in the mobile-app world and with services like Pandora. Free versions come with ads, but for a price, people can upgrade to the ad-free experience.

A paid subscription option is unlikely to come to the big services people are used to getting for free, such as Facebook. Erin Egan, Facebook’s chief privacy officer, said that one of the chief requests from users is that the company never charge for the service.

The lengthy privacy policies, thick with legalese, that most services use now will never go away, but better controls will probably emerge. Whatever the tools are used to protect and collect personal data in the future, it will be important for companies like Facebook and Google to educate their consumers and to provide them with options for all levels of privacy.