From Internet Law Program 2011
Jump to navigation Jump to search

Summary and Key Thematic Areas

During this session Professor (Doktor) Burkert first provided a history of data protection, an idea which the Germans “stole” from the U.S. and codified in the 1970 Hesse Data Protection Act. It was a recognition that, somehow, data handling by machines makes people uncomfortable. This led to furious debate on the question tool -- do different contexts/entities handling the data (through machines) lead to different levels of user comfort? This debate turned to a comparison between the different perceptions and motivations of public and private parties in data collection and processing. Are governments more likely to use data for control, compared to a user experience motivation in the private sector? Or are the dangers of the private sector’s handling of such data equally problematic? This recalls JZ’s refrain that users are willingly marching toward a non-generative/controlled environment for the sake of convenience and enhanced user experience. One other interesting concept from Burkert’s presentation was the European Info Act’s emphasis on proportionality in evaluating whether or not data should be released: the need has to justify release of personal information.

Then Professor Malone provided an overview of the US approach to privacy, based on a notice and consent regime (aside from specific sectoral laws like HIPAA and FERPA) that is “transactional” and less nuanced than the European approach. He noted that the American approach, while effective in other areas, has serious deficiencies when it comes to adequately protecting or informing users of data-reliant services. He noted that terms of service very rarely draw scrutiny from the FTC, except when services fail to live up to their stated privacy policy (as with Google Buzz). Debate then ensued on the question tool about what kind of “notice and consent” regime would satisfy both consumer need for privacy and desire for a smooth interaction with a website interface. For example, how would consumers respond to piecemeal, instantaneous privacy notices (as opposed to a page wall of info), where the user would have to opt in each time information is collected. Would it disrupt the interaction too much to be viable? Professor Malone then also contrasted the reluctance of Europeans (in particular, Germans) to accept invasions on privacy with the American (more) liberal attitude toward it. For example, many people in Germany had chosen to opt out for having their homes displayed on Google’s street view, choosing instead to have them blurred. Professor Malone also proposed for us to look at public to private as a “continuum” rather than as binary modes. Lastly he provided a different kind of framework for looking at privacy: as contextual (which is how youngsters today view it) rather than absolute.

One poignant tweet interestingly weaved between Prof. Dr. Burkert’s lecture and Professor Malone’s, from KendraSerra, “Conflict between "right to be forgotten" and "right to speak" evident in European/American privacy views. #ilaw2011”, foreshadowing the many divergent views on privacy and Internet that cross geographic boundaries will surely encounter as it continues to evolve.

Key Areas of Debate

- Zittrain: Who are “European countries kidding” -- are hyper-strict privacy regimes are unrealistic?

- Why are people more comfortable with private companies like Google handling data than government? Possible theories are: differing levels of visibility in privacy encroachment (high for government, low for private companies), social adjustment, perception that private companies can enhance user experience with more data whereas government has malicious intent, levels of (potential) harm

- Conflicting privacy regimes tending to reinforce existing values

- Why Germany (or the EU generally) and the US have diverged in acceptance of levels of data privacy

Further Questions (for Future of Internet Discussion)

- As the Internet and technologies increasingly blur physical boundaries, how should we address national differences in privacy law?

- For Prof. Burkert: How do economics and concerns about the market inform the conversation about privacy? Do cost-based concerns about data protection regulation get much traction (as they do in the US).

- What (if any) is the relationship between the strong, protection-of-personality privacy law that has arisen in Germany and the more limited use of e-commerce and social media in Germany than in the US? More generally, how and why have attitudes toward privacy developed differently in Germany and the US?

- Given the economic implications of privacy regulation for e-commerce, how should regulators and policymakers be thinking about the policy process around privacy?