I can hear the chorus of yawns and wisecracks already.
Privacy policies are typically little more than boilerplate that have very little to do with protecting people’s privacy or even giving them useful information to help them understand which companies to do business with. But AT&T has decided that appearing to take the high ground on privacy will help it in Washington in its battle with Google, and perhaps will improve its image among those who are angry about its cooperation with the government’s warrantless wiretapping program. […]
It has a prominent section on location information, one of the biggest new types of information being collected by cellphone companies. It makes clear that AT&T knows where its cellphone customers are and uses that information to show ads for local merchants when they check yellow pages and use other services.
The policy is certainly explicit in addressing many practices that other companies gloss over. For example, it says that AT&T buys information about customers from credit bureaus and mailing list aggregators. And it explains how it tracks users of its Web sites and then can use that data to tailor ads to them on other sites. (This came up when Ms. Attwood misspoke about this practice at a Congressional hearing.) […]
The company says it can keep all the information it collects about customers as long as they do business with AT&T. Many privacy advocates argue that a policy to have records regularly destroyed can be an important way to prevent their misuse.
And the company gives itself wide authority to do most anything with data that it defines as anonymous or aggregate. That means it well create a service that would let advertisers put ads on the cellphones of “American Idol” fans in Pittsburgh who call florists more than once a week.
But interestingly, AT&T has created a rather broad definition of what is personal information, rather than anonymous information.