Privacy
Overview
Wednesday, 4:00-5:30pm
Format: Lecture, featuring guest respondents
Leads: Phil Malone, with Herbert Burkert and John Palfrey
Participants: Urs Gasser, Charlie Nesson, and others
This pillar topic, led by Phil Malone and featuring Herbert Burkert and John Palfrey, will cover a mixture of privacy history, theory, black letter law, regulatory developments and current controversies. Herbert Burkert will offer a multinational perspective of privacy law and policy, outlining the emergence of data protection law in Europe. Against this backdrop, recent global privacy developments, comparative EU vs. US approaches and current online controversies – including behavioral targeting, persistent cookies and Do Not Track legislation; the right to be forgotten/ le droit à l’oubli; location privacy; facial recognition; contextual privacy; Google’s Street View service, and Google’s Buzz rollout – will be explored to gain a deeper understanding of the current the state of privacy law and norms and possible ways forward. Participants Urs Gasser, and Charlie Nesson will add their perspectives on these issues throughout this session.
Required Readings
Overview
- Hyperpublic Symposium 2011: Urs Gasser’s Opening Remarks, June 10, 2011.
- "Legal Confusion on Internet Privacy: The Clash of Data Civilisations," The Economist, June 17, 2010.
- Peter Fleischer, “10 Paths and They’re All Hard,” September 5, 2010.
- Thierer, “Birth of the Privacy Tax,” April 2, 2011.
Behavioral Targeting/Do Not Track
- “Researchers Expose Cunning Online Tracking Service That Can’t Be Dodged,” Wired epicenter blog, July 29, 2011.
- Julia Angwin, “The Web’s New Gold Mine: Your Secrets,” Wall Street Journal Onlike (part of the “What They Know” series), July 30, 2010.
- FTC Commissioner, Thomas Rosch, “Information and Privacy: in search of a data-driven policy,” August 22, 2011.
- Kim Hyung-eun, "Facebook agrees to increase privacy protection" Korea JoongAng Daily, January 21, 2011.
- Eric Mack, "Facebook's 'Like' button illegal in German state," CNET News, August 19, 2011.
Facial Recognition
- David Thompson, "The Future of Privacy: Facial Recognition, Public Facts, and 300 Million Little Brothers," Volokh Conspiracy blog, June 11, 2010.
- Dominic Basulto, “Does Facial Recognition Technology Mean the End of Privacy,” big think blog, August 5, 2011.
- Helen Pidd, “Facebook facial recognition software violates privacy laws, says Germany,” guardian.co.uk, August 3, 2011.
Right to Be Forgotten
- Suzanne Daley, “On Its Own, Europe Backs Web Privacy Fights,” New York Times, August 8, 2011.
- Peter Fleischer, “Foggy Thinking About the Right to Oblivion,” Peter Fleischer: Privacy? Blog, March 9, 2011.
- Adam Thierer, “Erasing Our Past on the Internet,” Forbes, April 17, 2011.
- Natasha Singer, "Just Give Me the Right to Be Forgotten," New York Times, August 20, 2011.
Location Privacy
- Jacqui Cheng, “Franken’s Location-Privacy Bill Would Close Mobile-Tracking ‘Loopholes’,” Wired epicenter blog, June 17, 2011.
- "Apple Sued by South Korean iPhone Users Over Location Data", Business Week, August 17, 2011.
- European Commission, "Opinion 13/2011 on Geolocation services on smart mobile devices," May 16, 2011.
Google Street View
- Prasad Krishna, "A Street View of Private and the Public," Centre for Internet & Society India blog, June 4, 2011.
- Matt McGee, “Google Street View Debuts In Germany, Blurry Houses Included,” Search Engine Land blog, November 1, 2010.
- Matt McGee, “Google Has Stopped Street View Photography In Germany,” Search Engine Land blog, April 10, 2011.
Google Buzz
- Miguel Helft, "Critics Say Google Invades Privacy With New Service," New York Times, February 12, 2010.
- Sarah Kessler, "Google Settles With FTC Over Buzz Privacy Issues," Mashable, March 30, 2011.
Recommended Readings
Privacy and Technological Points of Control
- John Borland, “Supreme Court rules against file swapping”, CNET, June 2005
- Dan Goodin “Microsoft unveils 'do not track' option for IE9”, theregister.co.uk, December 7 2010
Privacy and Reputation
- Craig Newmark, "Trust and reputation systems: redistributing power and influence", craigconnects blog, April 6, 2010
- Evlyn Rusli, "Unvarnished Becomes Honestly.com, Raises $1.2 Million And Opens The Floodgates", TechCrunch, October 19, 2010
- Wikipedia Entry on the Seigenthaler Incident
Related Case Examples
Student Responses
Summary and Key Thematic Areas
During this session Professor (Doktor) Burkert first provided a history of data protection, an idea which the Germans “stole” from the U.S. and codified in the 1970 Hesse Data Protection Act. It was a recognition that, somehow, data handling by machines makes people uncomfortable. This led to furious debate on the question tool -- do different contexts/entities handling the data (through machines) lead to different levels of user comfort? This debate turned to a comparison between the different perceptions and motivations of public and private parties in data collection and processing. Are governments more likely to use data for control, compared to a user experience motivation in the private sector? Or are the dangers of the private sector’s handling of such data equally problematic? This recalls JZ’s refrain that users are willingly marching toward a non-generative/controlled environment for the sake of convenience and enhanced user experience. One other interesting concept from Burkert’s presentation was the European Info Act’s emphasis on proportionality in evaluating whether or not data should be released: the need has to justify release of personal information.
Then Professor Malone provided an overview of the US approach to privacy, based on a notice and consent regime (aside from specific sectoral laws like HIPAA and FERPA) that is “transactional” and less nuanced than the European approach. He noted that the American approach, while effective in other areas, has serious deficiencies when it comes to adequately protecting or informing users of data-reliant services. He noted that terms of service very rarely draw scrutiny from the FTC, except when services fail to live up to their stated privacy policy (as with Google Buzz). Debate then ensued on the question tool about what kind of “notice and consent” regime would satisfy both consumer need for privacy and desire for a smooth interaction with a website interface. For example, how would consumers respond to piecemeal, instantaneous privacy notices (as opposed to a page wall of info), where the user would have to opt in each time information is collected. Would it disrupt the interaction too much to be viable? Professor Malone then also contrasted the reluctance of Europeans (in particular, Germans) to accept invasions on privacy with the American (more) liberal attitude toward it. For example, many people in Germany had chosen to opt out for having their homes displayed on Google’s street view, choosing instead to have them blurred. Professor Malone also proposed for us to look at public to private as a “continuum” rather than as binary modes. Lastly he provided a different kind of framework for looking at privacy: as contextual (which is how youngsters today view it) rather than absolute.
One poignant tweet interestingly weaved between Prof. Dr. Burkert’s lecture and Professor Malone’s, from KendraSerra, “Conflict between "right to be forgotten" and "right to speak" evident in European/American privacy views. #ilaw2011”, foreshadowing the many divergent views on privacy and Internet that cross geographic boundaries will surely encounter as it continues to evolve.
Key Areas of Debate
- Zittrain: Who are “European countries kidding” -- are hyper-strict privacy regimes are unrealistic?
- Why are people more comfortable with private companies like Google handling data than government? Possible theories are: differing levels of visibility in privacy encroachment (high for government, low for private companies), social adjustment, perception that private companies can enhance user experience with more data whereas government has malicious intent, levels of (potential) harm
- Conflicting privacy regimes tending to reinforce existing values
- Why Germany (or the EU generally) and the US have diverged in acceptance of levels of data privacy
Further Questions (for Future of Internet Discussion)
- As the Internet and technologies increasingly blur physical boundaries, how should we address national differences in privacy law?
- For Prof. Burkert: How do economics and concerns about the market inform the conversation about privacy? Do cost-based concerns about data protection regulation get much traction (as they do in the US).
- What (if any) is the relationship between the strong, protection-of-personality privacy law that has arisen in Germany and the more limited use of e-commerce and social media in Germany than in the US? More generally, how and why have attitudes toward privacy developed differently in Germany and the US?
- Given the economic implications of privacy regulation for e-commerce, how should regulators and policymakers be thinking about the policy process around privacy?