BOLD - Internet Privacy

BOLD:
Berkman Online Lectures & Discussions

Harvard Law School > Berkman Center > Open Education >

PRIVACY IN CYBERSPACE

Module 1	Module 2	Module 3	Module 4	Module 5	Module 6
Intro	Online Profiling	Employees Privacy on the Net	Governmental Collection of Data - Part I	Governmental Collection of Data - Part II	Cryptography and other Self-Help Mechanisms

Module II - Online Profiling

Assigned Reading:

1. Please read the Introduction to this module

2. Please read the following:
a. Privacy in Cyberspace: Rules of the Road for the Information Superhighway, www.privacyrights.org/fs/fs18-cyb.htm
b. Getting Started: Online Tracking FAQ http://www.cdt.org/privacy/guide/start/track.html
c. To find out what information sites can find out about you, click on the following website. Scroll down to read what a website can learn about the computer system you use, including hardware and software configuration. http://www.elfqrin.com/binfo.html
d. Who's Watching You on the Web? http://www.pcworld.com/features/article/0,aid,14817,00.asp
e. On the Web You Have No Secrets http://www.pcworld.com/features/article/0,aid,10979,00.asp
f. Who Leads at Half-Time? Three Conflicting Versions of Internet Privacy Policy, by Karl Belgum (only Section III: The Current State of Privacy Regulation)

Discussion Topics/Assignment:
Please read through the following hypothetical scenarios and discussion questions. Use the links after each question to submit your thoughts to the discussion board. You should try to seriously consider at least two of the scenarios discussed, but feel free to submit as many additional responses as you would like.

1. You saw how easy it is to find out information about users when you looked at the elfgrin website, above. Some people have argued that you can avoid these privacy problems simply by disallowing your browser's acceptance of "cookies". Is this truly a choice? Try turning the cookies off on your browser to find out. If you're not sure how to do this with your browser, the following website may help:
To turn off cookies in Netscape:
http://howto.lycos.com/lycos/step/1,,110+24030+14569,00.html
To turn off cookies in Internet Explorer:
http://howto.lycos.com/lycos/step/1,,110+24030+14567,00.html

Now try logging on to any website in which you have an account. If you have a hotmail account or other online email service, try logging in. What happens? Try surfing around to a few other sites. Is this really a valid option?

2. Bellyuptimes.com, a "dot.bomb" is closing the proverbial "doors" of their Internet business and have decided to recoup some of their losses by selling data they had collected about their customers to a data marketing firm. Some of the information they collected is personally identifiable and some is not. Are there privacy issues we should be concerned about? Does it matter whether or not bellyuptimes.com notified people that selling of information was a possibility? Does it matter if consent was required by a small-print disclaimer that a registrant would have had to unclick during the registration process? What if, instead of opting-out (just described), users could opt-in in exchange for an added perk? How about if notification was simply listed on some part of the website that a normal user would never see? Under what circumstances should the FTC allow this transaction and when should the transaction be barred?

3. A strong consumerist model might require websites to obtain your explicit consent before collecting data. At present, most websites that collect data for their own purposes assert that they use it to benefit their customers. Should websites that collect information that they will sell to other businesses be required to ask consumers' specific permission on every occasion before doing so? For example:

We would like to collect and sell to other businesses data about your use of our site. May we?

YES/NO

4. Do Websurfers know that their online behavior is being tracked? Should websites that track mouseclicks be required to state this explicitly? Why or why not?

5. Many websites contain "Privacy Policies." For example, here are three such policies:

http://legal.web.aol.com/policy/aolpol/privpol.html

http://privacy.yahoo.com/privacy/us/

http://www.amazon.com/exec/obidos/tg/browse/-/468496/102-5248837-1691317

Each website discloses to the reader that they collect certain information, but to learn this the reader must click through to the policy and read and understand several paragraphs. Furthermore, each website's policy is different. Consequently, a motivated consumer would need to investigate each individual website's privacy policy to determine what, if any, information is collected about the user. Is it realistic to think that consumers concerned about privacy will be able to review and analyze the policy of each website they visit?

Does this site-by-site approach, requiring a careful visitor to a hundred sites to read several pages of text at each site to discern what that site's privacy policy is, make any sense?

Even if a site-by-site approach is sensible, does a vague approach (e.g., Gap.com's as described in the Introduction) to notifying users of online profiling constitute adequate notice to the user that data about their surfing behavior is being collected by the website?

6. Does the fact that a website is collecting data about users with every mouseclick require more prominent notice than that typically contained in privacy policies? For example, does the example of a blinking icon at the bottom of every page that explicitly informing users that data was being collected meet a strong consumer "notice" test? (See the Introduction.)

Go to Discussion Summary

Additional Readings

a. Who Leads at Half-Time? Three Conflicting Versions of Internet Privacy Policy, by Karl Belgum (the rest of the article)
b. Restatement of the Law of Torts (2d), sections on Privacy Torts
c. A Selection of Common Law tort privacy cases
d. The Death of Privacy? by A. Michael Froomkin
e. Website Privacy Policies in Principle and in Practice, by Scott Killingsworth in Practising Law Institute, September 2000
f. Establishing a Legitimate Expectation of Privacy in Clickstream Data, by Gavin Skok, Michigan Telecommunications & Technology Law Review 2000
g. The Law and Economics of Consumer Privacy Versus Data Mining, by Peter H. Huang http://papers.ssrn.com/sol3/papers.cfm?abstract_id=94041#Paper Download
h. Net Regulation: Taking Stock and Looking Forward, by Yochai Benkler article in University of Colorado Law Review
i. Check out the articles on http://www.cookiecentral.com/

Suggested Advanced Readings:

a. Our Data, Ourselves: Privacy, Propertization, and Gender, by Ann Bartow article, University of San Francisco law review, summer 2000

b. David Brin, The Transparent Society: Will Technology Force Us to Chose Between Privacy and Freedom? (1998), Perseus Press

c. Judith Wagner Decew, In Pursuit of Privacy: Law, Ethics and the Rise of Technology (1997), Cornell University Press

d. Internet Privacy in the Courts (this is a good listing of relevant cases and complaints) http://www.sidley.com/cyberlaw/features/int_privacy.asp

e. Visions of Privacy: Policy Choices for the Digital Age (edited by Colin Bennett and Rebecca Grant) (1999), University of Toronto Press

RETURN TO COURSE HOMEPAGE AND SYLLABUS

Please send all inquiries to: BOLD@cyber.law.harvard.edu

Welcome | Registration | Discussion | Reference |

The Berkman Center for Internet & Society