Module II - Online Profiling
1. Please read the Introduction
to this module
2. Please read the following:
a. Privacy in Cyberspace: Rules of the Road for the Information
b. Getting Started: Online Tracking FAQ http://www.cdt.org/privacy/guide/start/track.html
c. To find out what information sites can find out about you, click
on the following website. Scroll down to read what a website can
learn about the computer system you use, including hardware and
software configuration. http://www.elfqrin.com/binfo.html
d. Who's Watching You on the Web? http://www.pcworld.com/features/article/0,aid,14817,00.asp
e. On the Web You Have No Secrets http://www.pcworld.com/features/article/0,aid,10979,00.asp
f. Who Leads at Half-Time?
Belgum (only Section III: The Current State of Privacy Regulation)
Please read through the following hypothetical scenarios and discussion
questions. Use the links after each question to submit your thoughts
to the discussion board. You should try to seriously consider at
least two of the scenarios discussed, but feel free to submit as
many additional responses as you would like.
1. You saw how easy it is to find out information about users when
you looked at the elfgrin website, above. Some people have argued
that you can avoid these privacy problems simply by disallowing
your browser's acceptance of "cookies". Is this truly
a choice? Try turning the cookies off on your browser to find out.
If you're not sure how to do this with your browser, the following
website may help:
To turn off cookies in Netscape:
To turn off cookies in Internet Explorer:
Now try logging on to any website in which you have an account.
If you have a hotmail account or other online email service, try
logging in. What happens? Try surfing around to a few other sites.
Is this really a valid option?
2. Bellyuptimes.com, a "dot.bomb" is closing the proverbial
"doors" of their Internet business and have decided to
recoup some of their losses by selling data they had collected about
their customers to a data marketing firm. Some of the information
they collected is personally identifiable and some is not. Are there
privacy issues we should be concerned about? Does it matter whether
or not bellyuptimes.com notified people that selling of information
was a possibility? Does it matter if consent was required by a small-print
disclaimer that a registrant would have had to unclick during the
registration process? What if, instead of opting-out (just described),
users could opt-in in exchange for an added perk? How about if notification
was simply listed on some part of the website that a normal user
would never see? Under what circumstances should the FTC allow this
transaction and when should the transaction be barred?
3. A strong consumerist model might require websites to obtain
your explicit consent before collecting data. At present, most websites
that collect data for their own purposes assert that they use it
to benefit their customers. Should websites that collect information
that they will sell to other businesses be required to ask consumers'
specific permission on every occasion before doing so? For example:
like to collect and sell to other businesses data
about your use of our site. May we?
4. Do Websurfers know that their online behavior is being tracked?
Should websites that track mouseclicks be required to state this
explicitly? Why or why not?
5. Many websites contain "Privacy Policies." For example,
here are three such policies:
Each website discloses to the reader that they collect certain
information, but to learn this the reader must click through to
the policy and read and understand several paragraphs. Furthermore,
each website's policy is different. Consequently, a motivated consumer
to determine what, if any, information is collected about the user.
Is it realistic to think that consumers concerned about privacy
will be able to review and analyze the policy of each website they
Does this site-by-site approach, requiring a careful visitor to
a hundred sites to read several pages of text at each site to discern
Even if a site-by-site approach is sensible, does a vague approach
(e.g., Gap.com's as described in the Introduction) to notifying
users of online profiling constitute adequate notice to the user
that data about their surfing behavior is being collected by the
6. Does the fact that a website is collecting data about users
with every mouseclick require more prominent notice than that typically
contained in privacy policies? For example, does the example of
a blinking icon at the bottom of every page that explicitly informing
users that data was being collected meet a strong consumer "notice"
test? (See the Introduction.)
Go to Discussion Summary
a. Who Leads at Half-Time?
Belgum (the rest of the article)
b. Restatement of the Law
of Torts (2d), sections on Privacy Torts
c. A Selection of Common
Law tort privacy cases
d. The Death of Privacy? by
A. Michael Froomkin
Privacy Policies in Principle and in Practice, by Scott Killingsworth
in Practising Law Institute, September 2000
f. Establishing a Legitimate
Expectation of Privacy in Clickstream Data, by Gavin Skok, Michigan
Telecommunications & Technology Law Review 2000
g. The Law and Economics of Consumer Privacy Versus Data Mining,
by Peter H. Huang http://papers.ssrn.com/sol3/papers.cfm?abstract_id=94041#Paper
h. Net Regulation: Taking Stock
and Looking Forward, by Yochai Benkler article in University
of Colorado Law Review
i. Check out the articles on http://www.cookiecentral.com/
Suggested Advanced Readings:
a. Our Data, Ourselves:
Privacy, Propertization, and Gender, by Ann Bartow article,
University of San Francisco law review, summer 2000
b. David Brin, The Transparent Society: Will Technology Force
Us to Chose Between Privacy and Freedom? (1998), Perseus Press
c. Judith Wagner Decew, In Pursuit of Privacy: Law, Ethics and
the Rise of Technology (1997), Cornell University Press
d. Internet Privacy in the Courts (this is a good listing of relevant
cases and complaints) http://www.sidley.com/cyberlaw/features/int_privacy.asp
e. Visions of Privacy: Policy Choices for the Digital Age
(edited by Colin Bennett and Rebecca Grant) (1999), University of
RETURN TO COURSE HOMEPAGE AND SYLLABUS