Privacy

From Internet Law Program 2011
Jump to navigation Jump to search
iLaw Wiki Navigation
Pillar Themes of iLaw
Open Systems/Access · Online Liberty and FOE
The Changing Internet: Cybersecurity · Intellectual Property
Digital Humanities · Cooperation · Privacy
Cross-sectional Themes of iLaw
The History of the Internet
The Global Internet · Interoperability
The Study of the Internet: New Methods for New Technologies
The Future of the Internet
Case Studies
Digital Libraries, Archives, and Rights Registries
Exploring the Arab Spring · Minds for Sale
User Innovation · Mutual Aid
Misc
Program Schedule · Program Logistics
Evening Events · Student Projects · Participation
Old iLaw Videos · Mid-Point Check-in

Overview

Wednesday, 4:00-5:30pm
Format: Lecture, featuring guest respondents
Leads: Phil Malone, with Herbert Burkert and John Palfrey
Participants: Urs Gasser, Charlie Nesson, and others

This pillar topic, led by Phil Malone and featuring Herbert Burkert and John Palfrey, will cover a mixture of privacy history, theory, black letter law, regulatory developments and current controversies. Herbert Burkert will offer a multinational perspective of privacy law and policy, outlining the emergence of data protection law in Europe. Against this backdrop, recent global privacy developments, comparative EU vs. US approaches and current online controversies – including behavioral targeting, persistent cookies and Do Not Track legislation; the right to be forgotten/ le droit à l’oubli; location privacy; facial recognition; contextual privacy; Google’s Street View service, and Google’s Buzz rollout – will be explored to gain a deeper understanding of the current the state of privacy law and norms and possible ways forward. Participants Urs Gasser, and Charlie Nesson will add their perspectives on these issues throughout this session.

Required Readings

Overview

Behavioral Targeting/Do Not Track

Facial Recognition

Right to Be Forgotten

Location Privacy

Google Street View

Google Buzz

Recommended Readings

Privacy and Technological Points of Control

Privacy and Reputation

Related Case Examples

Student Responses

Summary and Key Thematic Areas

During this session Professor (Doktor) Burkert first provided a history of data protection, an idea which the Germans “stole” from the U.S. and codified in the 1970 Hesse Data Protection Act. It was a recognition that, somehow, data handling by machines makes people uncomfortable. This led to furious debate on the question tool -- do different contexts/entities handling the data (through machines) lead to different levels of user comfort? This debate turned to a comparison between the different perceptions and motivations of public and private parties in data collection and processing. Are governments more likely to use data for control, compared to a user experience motivation in the private sector? Or are the dangers of the private sector’s handling of such data equally problematic? This recalls JZ’s refrain that users are willingly marching toward a non-generative/controlled environment for the sake of convenience and enhanced user experience. One other interesting concept from Burkert’s presentation was the European Info Act’s emphasis on proportionality in evaluating whether or not data should be released: the need has to justify release of personal information.

Then Professor Malone provided an overview of the US approach to privacy, based on a notice and consent regime (aside from specific sectoral laws like HIPAA and FERPA) that is “transactional” and less nuanced than the European approach. He noted that the American approach, while effective in other areas, has serious deficiencies when it comes to adequately protecting or informing users of data-reliant services. He noted that terms of service very rarely draw scrutiny from the FTC, except when services fail to live up to their stated privacy policy (as with Google Buzz). Debate then ensued on the question tool about what kind of “notice and consent” regime would satisfy both consumer need for privacy and desire for a smooth interaction with a website interface. For example, how would consumers respond to piecemeal, instantaneous privacy notices (as opposed to a page wall of info), where the user would have to opt in each time information is collected. Would it disrupt the interaction too much to be viable? Professor Malone then also contrasted the reluctance of Europeans (in particular, Germans) to accept invasions on privacy with the American (more) liberal attitude toward it. For example, many people in Germany had chosen to opt out for having their homes displayed on Google’s street view, choosing instead to have them blurred. Professor Malone also proposed for us to look at public to private as a “continuum” rather than as binary modes. Lastly he provided a different kind of framework for looking at privacy: as contextual (which is how youngsters today view it) rather than absolute.

One poignant tweet interestingly weaved between Prof. Dr. Burkert’s lecture and Professor Malone’s, from KendraSerra, “Conflict between "right to be forgotten" and "right to speak" evident in European/American privacy views. #ilaw2011”, foreshadowing the many divergent views on privacy and Internet that cross geographic boundaries will surely encounter as it continues to evolve.


Key Areas of Debate

  • Zittrain: Who are “European countries kidding” -- are hyper-strict privacy regimes are unrealistic?
  • Why are people more comfortable with private companies like Google handling data than government? Possible theories are: differing levels of visibility in privacy encroachment (high for government, low for private companies), social adjustment, perception that private companies can enhance user experience with more data whereas government has malicious intent, levels of (potential) harm
  • Conflicting privacy regimes tending to reinforce existing values
  • Why Germany (or the EU generally) and the US have diverged in acceptance of levels of data privacy


Further Questions (for Future of Internet Discussion)

  1. As the Internet and technologies increasingly blur physical boundaries, how should we address national differences in privacy law?
  2. For Prof. Burkert: How do economics and concerns about the market inform the conversation about privacy? Do cost-based concerns about data protection regulation get much traction (as they do in the US).
  3. What (if any) is the relationship between the strong, protection-of-personality privacy law that has arisen in Germany and the more limited use of e-commerce and social media in Germany than in the US? More generally, how and why have attitudes toward privacy developed differently in Germany and the US?
  4. Given the economic implications of privacy regulation for e-commerce, how should regulators and policymakers be thinking about the policy process around privacy?