Privacy: Difference between revisions

From Internet Law Program 2011
Jump to navigation Jump to search
 
(24 intermediate revisions by 2 users not shown)
Line 3: Line 3:
==Overview==
==Overview==


'''[[Program_Schedule#Wednesday.2C_September_7.2C_2011|Wednesday]], 4:00-5:30pm'''<br/>
'''Wednesday, 4:00-5:30pm'''<br/>
''Format'': Lecture, featuring guest respondents<br/>
''Format'': Lecture, featuring guest respondents<br/>
''Lead'': [http://cyber.law.harvard.edu/people/jpalfrey John Palfrey], featuring [http://www.law.harvard.edu/faculty/directory/index.html?id=964 Herbert Burkert]<br/>
''Leads'': [http://cyber.law.harvard.edu/people/pmalone Phil Malone], with [http://www.law.harvard.edu/faculty/directory/index.html?id=964 Herbert Burkert] and [http://cyber.law.harvard.edu/people/jpalfrey John Palfrey]<br/>
''Participants'': [http://cyber.law.harvard.edu/people/ugasser Urs Gasser], [http://cyber.law.harvard.edu/people/pmalone Phil Malone], [http://cyber.law.harvard.edu/people/cnesson Charlie Nesson], and others
''Participants'': [http://cyber.law.harvard.edu/people/ugasser Urs Gasser], [http://cyber.law.harvard.edu/people/cnesson Charlie Nesson], and others


This pillar topic, led by John Palfrey and featuring Herbert Burkert, will cover a mixture of privacy history, theory, black letter law, and current controversies. Herbert Burkert will offer a multinational perspective of privacy law and policy, outlining the emergence of data protection law in Europe. Against this backdrop, recent US privacy online controversies –including Facebook’s "Beacon" program and Google’s roll out of "Buzz" – will be explored to gain a deeper understanding of the current the state of privacy law and norms and possible ways forward. Participants Urs Gasser, Phil Malone, and Charlie Nesson will add their perspectives on these
This pillar topic, led by Phil Malone and featuring Herbert Burkert and John Palfrey, will cover a mixture of privacy history, theory, black letter law, regulatory developments and current controversies. Herbert Burkert will offer a multinational perspective of privacy law and policy, outlining the emergence of data protection law in Europe. Against this backdrop, recent global privacy developments, comparative EU vs. US approaches and current online controversies – including behavioral targeting, persistent cookies and Do Not Track legislation; the right to be forgotten/ le droit à l’oubli; location privacy; facial recognition; contextual privacy; Google’s Street View service, and Google’s Buzz rollout – will be explored to gain a deeper understanding of the current the state of privacy law and norms and possible ways forward. Participants Urs Gasser, and Charlie Nesson will add their perspectives on these issues throughout this session.
issues throughout this session.


==Required Readings==
==Required Readings==


===Hyperpublic Media===
===Overview===
*[http://www.hyperpublic.org/category/blog/ Hyperpublic Blog]
* Hyperpublic Symposium 2011:  [http://www.hyperpublic.org/2011/06/10/urs-gassers-opening-remarks/ Urs Gasser’s Opening Remarks], June 10, 2011.
*[http://www.youtube.com/watch?v=q79szTlxuPI&feature=player_embedded Hyperpublic Symposium 2011: Introduction] (video)
*[http://www.youtube.com/watch?v=HmSr3nt8VBM&feature=player_embedded John Palfrey on Legal Design for Delineating Public and Private] (video)


===Privacy and Technological Points of Control===
* [http://www.economist.com/node/16377097 "Legal Confusion on Internet Privacy: The Clash of Data Civilisations,"] The Economist, June 17, 2010.
* Jonathan Zittrain, [http://papers.ssrn.com/sol3/papers.cfm?abstract_id=388860 "Internet Points of Control"]
 
* Peter Fleischer, [http://peterfleischer.blogspot.com/2010/09/10-paths-and-theyre-all-hard.html “10 Paths and They’re All Hard,]” September 5, 2010.
 
* Thierer, “[http://www.forbes.com/2011/04/02/privacy-tax-social-networking-advertising-opinions-contributors-adam-thierer_print.html Birth of the Privacy Tax,]” April 2, 2011.
 
===Behavioral Targeting/Do Not Track===
* [http://m.wired.com/epicenter/2011/07/undeletable-cookie/ “Researchers Expose Cunning Online Tracking Service That Can’t Be Dodged,]” Wired epicenter blog, July 29, 2011.
 
* Julia Angwin, [http://online.wsj.com/article/SB10001424052748703940904575395073512989404.html “The Web’s New Gold Mine: Your Secrets,”] Wall Street Journal Onlike (part of the “What They Know” series), July 30, 2010.
 
* FTC Commissioner, Thomas Rosch, [http://www.ftc.gov/speeches/rosch/110822aspeninfospeech.pdf “Information and Privacy: in search of a data-driven policy,”] August 22, 2011.
 
* Kim Hyung-eun, [http://joongangdaily.joins.com/article/view.asp?aid=2931289 "Facebook agrees to increase privacy protection"] Korea JoongAng Daily, January 21, 2011.
 
* Eric Mack, [http://news.cnet.com/8301-1023_3-20094866-93/facebooks-like-button-illegal-in-german-state/ "Facebook's 'Like' button illegal in German state,"] CNET News, August 19, 2011.
 
===Facial Recognition===
 
* David Thompson, [http://volokh.com/2010/06/11/the-future-of-privacy-facial-recognition-public-facts-and-300-million-little-brothers/ "The Future of Privacy: Facial Recognition, Public Facts, and 300 Million Little Brothers,"] Volokh Conspiracy blog,  June 11, 2010.
 
* Dominic Basulto, [http://bigthink.com/ideas/39603 “Does Facial Recognition Technology Mean the End of Privacy,”] big think blog, August 5, 2011.
 
* Helen Pidd, [http://www.guardian.co.uk/technology/2011/aug/03/facebook-facial-recognition-privacy-germany “Facebook facial recognition software violates privacy laws, says Germany,”] guardian.co.uk, August 3, 2011.
 
===Right to Be Forgotten===
* Suzanne Daley, [http://www.nytimes.com/2011/08/10/world/europe/10spain.html?_r=2&hp=&pagewanted=all# “On Its Own, Europe Backs Web Privacy Fights,”] New York Times, August 8, 2011.
 
* Peter Fleischer, [http://peterfleischer.blogspot.com/2011/03/foggy-thinking-about-right-to-oblivion.html “Foggy Thinking About the Right to Oblivion,”] Peter Fleischer: Privacy? Blog, March 9, 2011.
 
* Adam Thierer, [http://www.forbes.com/sites/adamthierer/2011/04/17/erasing-our-past-on-the-internet/ “Erasing Our Past on the Internet,”] Forbes, April 17, 2011.
 
* Natasha Singer, [http://www.nytimes.com/2011/08/21/business/in-personal-data-a-fight-for-the-right-to-be-forgotten.html "Just Give Me the Right to Be Forgotten,"] New York Times, August 20, 2011.
 
===Location Privacy===
* Jacqui Cheng, [http://www.wired.com/epicenter/2011/06/franken-location-loopholes/ “Franken’s Location-Privacy Bill Would Close Mobile-Tracking ‘Loopholes’,”] Wired epicenter blog, June 17, 2011.
 
* [http://www.businessweek.com/news/2011-08-17/apple-sued-by-south-korean-iphone-users-over-location-data.html "Apple Sued by South Korean iPhone Users Over Location Data"], Business Week, August 17, 2011.
 
* European Commission, [http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2011/wp185_en.pdf "Opinion 13/2011 on Geolocation services on smart mobile devices,"] May 16, 2011.
 
===Google Street View===
* Prasad Krishna, [http://www.cis-india.org/internet-governance/blog/privacy/street-view-of-private-and-public "A Street View of Private and the Public,"] Centre for Internet & Society India blog, June 4, 2011.
 
* Matt McGee, [http://searchengineland.com/google-street-view-germany-blurry-houses-included-54632 “Google Street View Debuts In Germany, Blurry Houses Included,”] Search Engine Land blog, November 1, 2010.
 
* Matt McGee, [http://searchengineland.com/google-has-stopped-street-view-photography-germany-72368 “Google Has Stopped Street View Photography In Germany,”] Search Engine Land blog, April 10, 2011.


===Privacy and Reputation===
===Google Buzz===
* Miguel Helft, [http://www.nytimes.com/2010/02/13/technology/internet/13google.html "Critics Say Google Invades Privacy With New Service,"] New York Times, February 12, 2010. 


* Jonathan Zittrain, [http://futureoftheinternet.org/static/ZittrainTheFutureoftheInternet.pdf "Strategies for a Generative Future,"] ''The Future of the Internet And How to Stop It'', (New Haven: Yale University Press) 2008.
* Sarah Kessler, [http://mashable.com/2011/03/30/google-buzz-ftc-settlement/ "Google Settles With FTC Over Buzz Privacy Issues,"] Mashable, March 30, 2011.
* Daniel J. Solove, [http://docs.law.gwu.edu/facweb/dsolove/Future-of-Reputation/text/futureofreputation-ch8.pdf "Conclusion: The Future of Reputation,"] ''The Future of Reputation: Gossip, Rumor, and Privacy on the Internet'', (New Haven: Yale University Press) 2007.
*[http://s.wsj.net/public/resources/documents/WSJ_law-080228_25-1.pdf Motion in the AutoAdmit Case]


==Recommended Readings==
==Recommended Readings==


===Privacy and Technological Points of Control===
===Privacy and Technological Points of Control===
* John Borland, [http://news.cnet.com/Supreme-Court-rules-against-file-swapping/2100-1030_3-5764135.html “Supreme Court rules against file swapping”], June 2005
* John Borland, [http://news.cnet.com/Supreme-Court-rules-against-file-swapping/2100-1030_3-5764135.html “Supreme Court rules against file swapping”], CNET, June 2005
* Dan Goodin [http://www.theregister.co.uk/2010/12/07/internet_explorer_do_not_track/ “Microsoft unveils 'do not track' option for IE9”], December 7 2010
* Dan Goodin [http://www.theregister.co.uk/2010/12/07/internet_explorer_do_not_track/ “Microsoft unveils 'do not track' option for IE9”], theregister.co.uk, December 7 2010


===Privacy and Reputation===
===Privacy and Reputation===
* Craig Newmark, [http://www.cnewmark.com/2010/04/trust-and-reputation-systems-redistributing-power-and-influence.html "Trust and reputation systems: redistributing power and influence], April 6, 2010
* Craig Newmark, [http://www.cnewmark.com/2010/04/trust-and-reputation-systems-redistributing-power-and-influence.html "Trust and reputation systems: redistributing power and influence"], craigconnects blog, April 6, 2010
* Evlyn Rusli, [http://techcrunch.com/2010/10/19/unvarnished-honestly-kazanjy-funding/ "Unvarnished Becomes Honestly.com, Raises $1.2 Million And Opens The Floodgates"], October 19, 2010
* Evlyn Rusli, [http://techcrunch.com/2010/10/19/unvarnished-honestly-kazanjy-funding/ "Unvarnished Becomes Honestly.com, Raises $1.2 Million And Opens The Floodgates"], TechCrunch, October 19, 2010
*[http://en.wikipedia.org/wiki/John_Seigenthaler_Sr._Wikipedia_biography_controversy Wikipedia Entry on the Seigenthaler Incident]
* [http://en.wikipedia.org/wiki/John_Seigenthaler_Sr._Wikipedia_biography_controversy Wikipedia Entry on the Seigenthaler Incident]


==Related Case Examples==
==Related Case Examples==
Line 42: Line 83:
*[[Facebook Beacon]]
*[[Facebook Beacon]]


==Student Reflections==
'''Summary and Key Thematic Areas'''
During this session Professor (Doktor) Burkert first provided a history of data protection, an idea which the Germans “stole” from the U.S. and codified in the 1970 Hesse Data Protection Act.  It was a recognition that, somehow, data handling by machines makes people uncomfortable.  This led to furious debate on the question tool -- do different contexts/entities handling the data (through machines) lead to different levels of user comfort?  This debate turned to a comparison between the different perceptions and motivations of public and private parties in data collection and processing. Are governments more likely to use data for control, compared to a user experience motivation in the private sector? Or are the dangers of the private sector’s handling of such data equally problematic? This recalls JZ’s refrain that users are willingly marching toward a non-generative/controlled environment for the sake of convenience and enhanced user experience.  One other interesting concept from Burkert’s presentation was the European Info Act’s emphasis on proportionality in evaluating whether or not data should be released: the need has to justify release of personal information.
Then Professor Malone provided an overview of the US approach to privacy, based on a notice and consent regime (aside from specific sectoral laws like HIPAA and FERPA) that is “transactional” and less nuanced than the European approach.  He noted that the American approach, while effective in other areas, has serious deficiencies when it comes to adequately protecting or informing users of data-reliant services.  He noted that terms of service very rarely draw scrutiny from the FTC, except when services fail to live up to their stated privacy policy (as with Google Buzz).  Debate then ensued on the question tool about what kind of “notice and consent” regime would satisfy both consumer need for privacy and desire for a smooth interaction with a website interface.  For example, how would consumers respond to piecemeal, instantaneous privacy notices (as opposed to a page wall of info), where the user would have to opt in each time information is collected.  Would it disrupt the interaction too much to be viable?  Professor Malone then also contrasted the reluctance of Europeans (in particular, Germans) to accept invasions on privacy with the American (more) liberal attitude toward it.  For example, many people in Germany had chosen to opt out for having their homes displayed on Google’s street view, choosing instead to have them blurred.  Professor Malone also proposed for us to look at public to private as a “continuum” rather than as binary modes.  Lastly he provided a different kind of framework for looking at privacy:  as contextual (which is how youngsters today view it) rather than absolute. 
One poignant tweet interestingly weaved between Prof. Dr. Burkert’s lecture and Professor Malone’s, from KendraSerra, “Conflict between "right to be forgotten" and "right to speak" evident in European/American privacy views. #ilaw2011”, foreshadowing the many divergent views on privacy and Internet that cross geographic boundaries will surely encounter as it continues to evolve.
'''Key Areas of Debate'''
* Zittrain: Who are “European countries kidding” -- are hyper-strict privacy regimes are unrealistic?
* Why are people more comfortable with private companies like Google handling data than government?  Possible theories are:  differing levels of visibility in privacy encroachment (high for government, low for private companies), social adjustment, perception that private companies can enhance user experience with more data whereas government has malicious intent, levels of (potential) harm
* Conflicting privacy regimes tending to reinforce existing values
* Why Germany (or the EU generally) and the US have diverged in acceptance of levels of data privacy
'''Further Questions (for Future of Internet Discussion)'''
#As the Internet and technologies increasingly blur physical boundaries, how should we address national differences in privacy law?
#For Prof. Burkert:  How do economics and concerns about the market inform the conversation about privacy? Do cost-based concerns about data protection regulation get much traction (as they do in the US).
#What (if any) is the relationship between the strong, protection-of-personality privacy law that has arisen in Germany and the more limited use of e-commerce and social media in Germany than in the US?  More generally, how and why have attitudes toward privacy developed differently in Germany and the US?
#Given the economic implications of privacy regulation for e-commerce, how should regulators and policymakers be thinking about the policy process around privacy?


[[Category:Pillars of iLaw]]
[[Category:Pillars of iLaw]]

Latest revision as of 08:36, 9 September 2011

iLaw Wiki Navigation
Pillar Themes of iLaw
Open Systems/Access · Online Liberty and FOE
The Changing Internet: Cybersecurity · Intellectual Property
Digital Humanities · Cooperation · Privacy
Cross-sectional Themes of iLaw
The History of the Internet
The Global Internet · Interoperability
The Study of the Internet: New Methods for New Technologies
The Future of the Internet
Case Studies
Digital Libraries, Archives, and Rights Registries
Exploring the Arab Spring · Minds for Sale
User Innovation · Mutual Aid
Misc
Program Schedule · Program Logistics
Evening Events · Student Projects · Participation
Old iLaw Videos · Mid-Point Check-in

Overview

Wednesday, 4:00-5:30pm
Format: Lecture, featuring guest respondents
Leads: Phil Malone, with Herbert Burkert and John Palfrey
Participants: Urs Gasser, Charlie Nesson, and others

This pillar topic, led by Phil Malone and featuring Herbert Burkert and John Palfrey, will cover a mixture of privacy history, theory, black letter law, regulatory developments and current controversies. Herbert Burkert will offer a multinational perspective of privacy law and policy, outlining the emergence of data protection law in Europe. Against this backdrop, recent global privacy developments, comparative EU vs. US approaches and current online controversies – including behavioral targeting, persistent cookies and Do Not Track legislation; the right to be forgotten/ le droit à l’oubli; location privacy; facial recognition; contextual privacy; Google’s Street View service, and Google’s Buzz rollout – will be explored to gain a deeper understanding of the current the state of privacy law and norms and possible ways forward. Participants Urs Gasser, and Charlie Nesson will add their perspectives on these issues throughout this session.

Required Readings

Overview

Behavioral Targeting/Do Not Track

Facial Recognition

Right to Be Forgotten

Location Privacy

Google Street View

Google Buzz

Recommended Readings

Privacy and Technological Points of Control

Privacy and Reputation

Related Case Examples

Student Reflections

Summary and Key Thematic Areas

During this session Professor (Doktor) Burkert first provided a history of data protection, an idea which the Germans “stole” from the U.S. and codified in the 1970 Hesse Data Protection Act. It was a recognition that, somehow, data handling by machines makes people uncomfortable. This led to furious debate on the question tool -- do different contexts/entities handling the data (through machines) lead to different levels of user comfort? This debate turned to a comparison between the different perceptions and motivations of public and private parties in data collection and processing. Are governments more likely to use data for control, compared to a user experience motivation in the private sector? Or are the dangers of the private sector’s handling of such data equally problematic? This recalls JZ’s refrain that users are willingly marching toward a non-generative/controlled environment for the sake of convenience and enhanced user experience. One other interesting concept from Burkert’s presentation was the European Info Act’s emphasis on proportionality in evaluating whether or not data should be released: the need has to justify release of personal information.

Then Professor Malone provided an overview of the US approach to privacy, based on a notice and consent regime (aside from specific sectoral laws like HIPAA and FERPA) that is “transactional” and less nuanced than the European approach. He noted that the American approach, while effective in other areas, has serious deficiencies when it comes to adequately protecting or informing users of data-reliant services. He noted that terms of service very rarely draw scrutiny from the FTC, except when services fail to live up to their stated privacy policy (as with Google Buzz). Debate then ensued on the question tool about what kind of “notice and consent” regime would satisfy both consumer need for privacy and desire for a smooth interaction with a website interface. For example, how would consumers respond to piecemeal, instantaneous privacy notices (as opposed to a page wall of info), where the user would have to opt in each time information is collected. Would it disrupt the interaction too much to be viable? Professor Malone then also contrasted the reluctance of Europeans (in particular, Germans) to accept invasions on privacy with the American (more) liberal attitude toward it. For example, many people in Germany had chosen to opt out for having their homes displayed on Google’s street view, choosing instead to have them blurred. Professor Malone also proposed for us to look at public to private as a “continuum” rather than as binary modes. Lastly he provided a different kind of framework for looking at privacy: as contextual (which is how youngsters today view it) rather than absolute.

One poignant tweet interestingly weaved between Prof. Dr. Burkert’s lecture and Professor Malone’s, from KendraSerra, “Conflict between "right to be forgotten" and "right to speak" evident in European/American privacy views. #ilaw2011”, foreshadowing the many divergent views on privacy and Internet that cross geographic boundaries will surely encounter as it continues to evolve.


Key Areas of Debate

  • Zittrain: Who are “European countries kidding” -- are hyper-strict privacy regimes are unrealistic?
  • Why are people more comfortable with private companies like Google handling data than government? Possible theories are: differing levels of visibility in privacy encroachment (high for government, low for private companies), social adjustment, perception that private companies can enhance user experience with more data whereas government has malicious intent, levels of (potential) harm
  • Conflicting privacy regimes tending to reinforce existing values
  • Why Germany (or the EU generally) and the US have diverged in acceptance of levels of data privacy


Further Questions (for Future of Internet Discussion)

  1. As the Internet and technologies increasingly blur physical boundaries, how should we address national differences in privacy law?
  2. For Prof. Burkert: How do economics and concerns about the market inform the conversation about privacy? Do cost-based concerns about data protection regulation get much traction (as they do in the US).
  3. What (if any) is the relationship between the strong, protection-of-personality privacy law that has arisen in Germany and the more limited use of e-commerce and social media in Germany than in the US? More generally, how and why have attitudes toward privacy developed differently in Germany and the US?
  4. Given the economic implications of privacy regulation for e-commerce, how should regulators and policymakers be thinking about the policy process around privacy?