The responses from the panel were not well informed - they confused the issue between privacy afforded to users of a service by the service provider and the issue of keeping your data private from the general public.
The two issues are totally different and need to be addressed separately...
- How service providers can use the information you upload to their service is very important.
We're all familiar with the tick boxes on marketing boxes letting you opt in or out of the ability for them to use your data to pass on to partners and 3rd parties (the majority of companies require you to opt out - default is opt in).
Many online service providers use data from their users to improve the service and I personally do not have an issue with them doing this as long as they are transparent about how they are using it.
With regards closing an account, it is reasonable for users to expect that all data is removed from the service within a specific time frame.
- Providing personal identifiable information (aka PII) online.
PII and who can access it online is very different to the above. Many of the social networking sites (Facebook, Bebo, Myspace) allow you to set the level of privacy you would like for your account.
Most services allow you to tweak security in a granular manner. For example, Facebook by default will make your profile public to everyone on Facebook (and a subset of it to search engines). However, you can restrict this to just your friends (or even a particular subset of friends). This allows you to share your phone number with your best friend but let your classmates see your photos.
How granular you can set permissions varies from service to service and users often have to make trade offs when it comes to privacy. e.g. You must decide to share your status updates with all your friends or just a subset. There is no way to share some with everyone and others will only your best friend. Few users default to "total privacy" so data leaks are common.
My approach to privacy on the Internet is to only provide my data to companies I trust to protect it and use it responsibly. For keeping in touch with friends, I have a Facebook account with various levels of privacy set. By default no-one can see any details about me until I've added them as a friend. Even then, depending on how well I know the person I will limit the data they have access to. Old school friends I haven't seen in 20 years get very data (status updates, ability to message me). Close friends get full access to most my data.
My rule? If you would share the data with the person in real life (IRL), then sharing it with them online is acceptable. If not, then set the relevant privacy option.
One thing I haven't touched on here is security. Security plays a part for both the service provider and your friends. If the service provider has poor security processes, attackers may retrieve data from the service which they do not have permission to access. If you friends are lax with security (weak passwords, unlocked screens), people you do not know may access their account and access your information.