Homo economicus reliably makes an appearance in regulatory debates concerning information privacy. Under the still-dominant U.S. “notice and choice” approach to consumer information privacy, the rational consumer is expected to negotiate for privacy protection by reading privacy policies and selecting services consistent with her preferences. A longstanding model for predicting these preferences is Professor Alan Westin's well-known segmentation of consumers into “privacy pragmatists,” “privacy fundamentalists,” and “privacy unconcerned.” To be tenable as a protection for consumer interest, “notice and choice” requires homo economicus to be broadly reliable as a model. Consumers behaving according to the model will know what they want and how to get it in the marketplace, limiting regulatory approaches to information privacy. While notice and choice is undergoing strong theoretical, empirical, and political critique, U.S. Internet privacy law largely reflects these assumptions. This Article contributes to the ongoing debate about notice and choice in two main ways. First, we consider the legacy Westin's privacy segmentation model itself, which as greatly influenced the development of the notice-and-choice regime. Second, we report on original survey research, collected over four years, exploring Americans’ knowledge, preferences, and attitudes about a wide variety of data practices in online and mobile markets. Using these methods, we engage in considered textual analysis, empirical testing, and critique of Westin’s segmentation model. Our work both calls into question longstanding assumptions used by Westin and lends new insight into consumers’ privacy knowledge and preferences. A close textual look at factual and theoretical assumptions embedded in the segmentation model shows foundational flaws. With testing, we find that the segmentation model lacks validity in important dimensions. In analyzing data from nationwide, telephonic surveys of Internet and mobile phone users, we find an apparent knowledge gap among consumers concerning business practices and legal protections for privacy, calling into question Westin’s conclusion that a majority of consumers act pragmatically. We further find that those categorized as “privacy pragmatists” act differently from Westin’s model when directly presented with the value exchange — and thus the privacy tradeoff — offered with these services. These findings reframe the privacy pragmatist and call her influential status in U.S. research, industry practice, and policy into serious question. Under the new view, she cannot be seen as “pragmatic” at all, but rather as a consumer making choices in the marketplace with substantial deficits in her understanding of business practices. This likewise calls into question policy decisions based on the segmentation model and its assumptions. We conclude that updated research and a policy approach that addresses both rationality and knowledge gaps are key.
{"title":"Alan Westin's Privacy Homo Economicus","authors":"C. Hoofnagle, Jennifer M. Urban","doi":"10.31235/osf.io/ta2z3","DOIUrl":"https://doi.org/10.31235/osf.io/ta2z3","url":null,"abstract":"Homo economicus reliably makes an appearance in regulatory debates concerning information privacy. Under the still-dominant U.S. “notice and choice” approach to consumer information privacy, the rational consumer is expected to negotiate for privacy protection by reading privacy policies and selecting services consistent with her preferences. A longstanding model for predicting these preferences is Professor Alan Westin's well-known segmentation of consumers into “privacy pragmatists,” “privacy fundamentalists,” and “privacy unconcerned.” To be tenable as a protection for consumer interest, “notice and choice” requires homo economicus to be broadly reliable as a model. Consumers behaving according to the model will know what they want and how to get it in the marketplace, limiting regulatory approaches to information privacy. While notice and choice is undergoing strong theoretical, empirical, and political critique, U.S. Internet privacy law largely reflects these assumptions. This Article contributes to the ongoing debate about notice and choice in two main ways. First, we consider the legacy Westin's privacy segmentation model itself, which as greatly influenced the development of the notice-and-choice regime. Second, we report on original survey research, collected over four years, exploring Americans’ knowledge, preferences, and attitudes about a wide variety of data practices in online and mobile markets. Using these methods, we engage in considered textual analysis, empirical testing, and critique of Westin’s segmentation model. Our work both calls into question longstanding assumptions used by Westin and lends new insight into consumers’ privacy knowledge and preferences. A close textual look at factual and theoretical assumptions embedded in the segmentation model shows foundational flaws. With testing, we find that the segmentation model lacks validity in important dimensions. In analyzing data from nationwide, telephonic surveys of Internet and mobile phone users, we find an apparent knowledge gap among consumers concerning business practices and legal protections for privacy, calling into question Westin’s conclusion that a majority of consumers act pragmatically. We further find that those categorized as “privacy pragmatists” act differently from Westin’s model when directly presented with the value exchange — and thus the privacy tradeoff — offered with these services. These findings reframe the privacy pragmatist and call her influential status in U.S. research, industry practice, and policy into serious question. Under the new view, she cannot be seen as “pragmatic” at all, but rather as a consumer making choices in the marketplace with substantial deficits in her understanding of business practices. This likewise calls into question policy decisions based on the segmentation model and its assumptions. We conclude that updated research and a policy approach that addresses both rationality and knowledge gaps are key.","PeriodicalId":179517,"journal":{"name":"Information Privacy Law eJournal","volume":"12 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-05-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124065881","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In the past several election cycles, presidential campaigns and other well-funded races for major political offices have become data-driven operations. Presidential campaign organizations and the two main parties (and their data consultants) assemble and maintain extraordinarily detailed political dossiers on every American voter. These databases contain hundreds of millions of individual records, each of which has hundreds to thousands of data points. Because this data is computerized, candidates benefit from cheap and nearly unlimited storage, very fast processing, and the ability to engage in data mining of interesting voter patterns. The hallmark of data-driven political campaigns is voter microtargeting, which political actors rely on to achieve better results in registering, mobilizing and persuading voters and getting out the vote on or before Election Day. Voter microtargeting is the targeting of voters in a highly individualized manner based on statistical correlations between their observable patterns of offline and online behavior and the likelihood of their supporting a candidate and casting a ballot for him or her. In other words, modern political campaigns rely on the analysis of large data sets in search of useful and unanticipated insights, an activity that is often summed up with the phrase “big data.” Despite the importance of big data in U.S. elections, the privacy implications of data-driven campaigning have not been thoroughly explored much less regulated. Indeed, political dossiers may be the largest unregulated assemblage of personal data in contemporary American life. This Article seeks to remedy this oversight. It proceeds in three parts. Part I offers the first comprehensive analysis of the main sources of voter data and the absence of legal protection for this data and related data processing activities. Part II considers the privacy interests of individuals in both their consumer and Internet-based activities and their participation in the political process, organizing the analysis under the broad rubrics of information privacy and political privacy. That is, it asks two interrelated questions: first, whether the relentless profiling and microtargeting of American voters invades their privacy (and if so what harm it causes) and, second, to what extent do these activities undermine the integrity of the election system. It also examines three reasons why political actors minimize privacy concerns: a penchant for secrecy that clashes with the core precept of transparent data practices; a tendency to rationalize away the problem by treating all voter data as if it were voluntarily provided or safely de-identified (and hence outside the scope of privacy law) while (falsely) claiming to follow the highest commercial privacy standards; and, a mistaken embrace of commercial tracking and monitoring techniques as if their use has no impact on the democratic process. Part III presents a moderate proposal for addressing the harms
在过去的几个选举周期中,总统竞选和其他资金充足的主要政治职位竞选已经成为数据驱动的行动。总统竞选组织和两大主要政党(以及他们的数据顾问)收集并维护每一位美国选民极其详细的政治档案。这些数据库包含数亿条单独的记录,每条记录都有数百到数千个数据点。由于这些数据是计算机化的,因此候选人可以从廉价且几乎无限的存储、非常快的处理以及对有趣的选民模式进行数据挖掘的能力中受益。数据驱动的政治运动的特点是选民微目标,政治行为者依靠微目标在选举日当天或之前登记、动员和说服选民以及动员选民投票方面取得更好的结果。选民微目标(Voter microtargeting)是以高度个性化的方式针对选民,其依据是选民可观察到的离线和在线行为模式与他们支持某位候选人并为其投票的可能性之间的统计相关性。换句话说,现代政治活动依赖于对大数据集的分析,以寻找有用的和意想不到的见解,这种活动通常用“大数据”这个词来概括。尽管大数据在美国选举中很重要,但数据驱动的竞选活动对隐私的影响尚未得到彻底探讨,监管更少。事实上,政治档案可能是当代美国生活中最大的不受监管的个人数据集合。本文试图弥补这一疏忽。本文分为三个部分。第一部分首次全面分析了选民数据的主要来源以及对这些数据和相关数据处理活动缺乏法律保护的情况。第二部分考虑了个人在其消费和基于互联网的活动以及他们参与政治过程中的隐私利益,在信息隐私和政治隐私的广泛规则下组织分析。也就是说,它提出了两个相互关联的问题:第一,对美国选民进行无情的定性和微观定位是否侵犯了他们的隐私(如果是的话,它会造成什么伤害);第二,这些活动在多大程度上破坏了选举制度的完整性。它还研究了政治行为者将隐私问题最小化的三个原因:对保密的偏好与透明数据实践的核心原则相冲突;通过将所有选民数据视为自愿提供或安全去识别(因此不在隐私法的范围内)来合理化问题的倾向,同时(错误地)声称遵循最高的商业隐私标准;而且,错误地接受商业跟踪和监控技术,好像它们的使用对民主进程没有影响一样。第三部分提出了一个温和的建议,以解决第二部分中确定的危害,包括:(1)强制性披露和免责制度,要求政治行为者对其竞选数据做法更加透明;(2)对商业数据经纪人的新的联邦隐私限制和补充的“不跟踪”机制,使个人(也恰好是选民)能够决定商业公司是否以及在多大程度上可以跟踪或瞄准他们的在线活动。文章最后问道,即使是这个温和的提议,是否也与宪法第一修正案保障的政治言论权相冲突。它有两个论点。首先,最高法院可能会支持强制性的隐私披露和免责声明,这些原则是在主要的竞选资金案件中发展和重申的,这些案件比其他形式的监管更重视透明度。第二,法院将继续根据长期存在的第一修正案原则将商业隐私法规视为符合宪法的,尽管它们可能给政治行为者带来任何附带负担,尽管法院最近在索雷尔诉艾美思健康案(Sorrell v. IMS Health)一案中做出了很容易区分的决定。
{"title":"Voter Privacy in the Age of Big Data","authors":"I. Rubinstein","doi":"10.2139/SSRN.2447956","DOIUrl":"https://doi.org/10.2139/SSRN.2447956","url":null,"abstract":"In the past several election cycles, presidential campaigns and other well-funded races for major political offices have become data-driven operations. Presidential campaign organizations and the two main parties (and their data consultants) assemble and maintain extraordinarily detailed political dossiers on every American voter. These databases contain hundreds of millions of individual records, each of which has hundreds to thousands of data points. Because this data is computerized, candidates benefit from cheap and nearly unlimited storage, very fast processing, and the ability to engage in data mining of interesting voter patterns. The hallmark of data-driven political campaigns is voter microtargeting, which political actors rely on to achieve better results in registering, mobilizing and persuading voters and getting out the vote on or before Election Day. Voter microtargeting is the targeting of voters in a highly individualized manner based on statistical correlations between their observable patterns of offline and online behavior and the likelihood of their supporting a candidate and casting a ballot for him or her. In other words, modern political campaigns rely on the analysis of large data sets in search of useful and unanticipated insights, an activity that is often summed up with the phrase “big data.” Despite the importance of big data in U.S. elections, the privacy implications of data-driven campaigning have not been thoroughly explored much less regulated. Indeed, political dossiers may be the largest unregulated assemblage of personal data in contemporary American life. This Article seeks to remedy this oversight. It proceeds in three parts. Part I offers the first comprehensive analysis of the main sources of voter data and the absence of legal protection for this data and related data processing activities. Part II considers the privacy interests of individuals in both their consumer and Internet-based activities and their participation in the political process, organizing the analysis under the broad rubrics of information privacy and political privacy. That is, it asks two interrelated questions: first, whether the relentless profiling and microtargeting of American voters invades their privacy (and if so what harm it causes) and, second, to what extent do these activities undermine the integrity of the election system. It also examines three reasons why political actors minimize privacy concerns: a penchant for secrecy that clashes with the core precept of transparent data practices; a tendency to rationalize away the problem by treating all voter data as if it were voluntarily provided or safely de-identified (and hence outside the scope of privacy law) while (falsely) claiming to follow the highest commercial privacy standards; and, a mistaken embrace of commercial tracking and monitoring techniques as if their use has no impact on the democratic process. Part III presents a moderate proposal for addressing the harms ","PeriodicalId":179517,"journal":{"name":"Information Privacy Law eJournal","volume":"32 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-04-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114257753","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Illegal digital file consumption is widely believed to influence sales of cultural goods. Online piracy is now regulated and prohibited in some countries, especially in France, where HADOPI is a legal authority in charge of Peer-‐to-‐Peer (P2P) protocol monitoring. We claim that prohibitions on digital markets share some characteristics of other criminal activities such as those of the drug market. Prohibition of a good or service can lead to the emergence of a black market embedded in a social network. Based on an original and representative 2012 French survey, we show that such a social and offline organisation is observed. Indeed, offline swapping is now the largest way to exchange digital files. We show that offline swapping is embedded in a hierarchical social network where different behaviours are observed. On one hand, there are wholesalers of digital files who provide more than they receive from this offline network and maintain online downloading activity through P2P technology. On the other hand, there are also the “simple” consumers who consume only from offline swapping and never provide files to others. They never use monitored P2P technology because HADOPI acts as a deterrent. Our econometric analysis suggest that this “fear” of HADOPI plays a significant role in structuring this offline swapping network, as the position in the swapping network is driven by the feeling of being threatened by HADOPI.
{"title":"Digital Files Dealers and Prohibition in the Context of the French 3 Strikes (HADOPI) Law","authors":"Sylvain Dejean, R. Suire","doi":"10.2139/SSRN.2422933","DOIUrl":"https://doi.org/10.2139/SSRN.2422933","url":null,"abstract":"Illegal digital file consumption is widely believed to influence sales of cultural goods. Online piracy is now regulated and prohibited in some countries, especially in France, where HADOPI is a legal authority in charge of Peer-‐to-‐Peer (P2P) protocol monitoring. We claim that prohibitions on digital markets share some characteristics of other criminal activities such as those of the drug market. Prohibition of a good or service can lead to the emergence of a black market embedded in a social network. Based on an original and representative 2012 French survey, we show that such a social and offline organisation is observed. Indeed, offline swapping is now the largest way to exchange digital files. We show that offline swapping is embedded in a hierarchical social network where different behaviours are observed. On one hand, there are wholesalers of digital files who provide more than they receive from this offline network and maintain online downloading activity through P2P technology. On the other hand, there are also the “simple” consumers who consume only from offline swapping and never provide files to others. They never use monitored P2P technology because HADOPI acts as a deterrent. Our econometric analysis suggest that this “fear” of HADOPI plays a significant role in structuring this offline swapping network, as the position in the swapping network is driven by the feeling of being threatened by HADOPI.","PeriodicalId":179517,"journal":{"name":"Information Privacy Law eJournal","volume":"29 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-04-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116512858","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
J. Reidenberg, N. C. Russell, Alexander J. Callen, S. Qasir, Thomas B. Norton
In the last fifteen years, the Federal Trade Commission and the White House have promoted notice and choice as the preferred mechanism for protecting consumers’ privacy online. But law and policy scholars doubt the efficacy of this mechanism. Research shows that consumers rarely read website privacy policies, that such policies are often too complex for users to understand, and that website policy statements do not match consumers’ privacy expectations. Efforts to ameliorate theses issues through technological tools, such as privacy filters and do-not-track codes, have been unsuccessful. Further, these tools do not address whether notice and choice theory aligns with the actual privacy harms that consumers experience. This alignment remains unexplored. This article, thus, proposes to examine the relationship between the notice and choice theory and users’ actual privacy concerns. The article takes a novel approach that examines privacy litigation and FTC enforcement actions. This focus on the wrongs litigated in the real world reveals the most important harms that consumers experience and provides a better understanding of the efficacy of the notice and choice framework.The data set compiled to support the research for the article consists of all federal class action complaints alleging online privacy violations filed during the last ten years and the Federal Trade Commission complaints and settlements addressing online privacy. The article next addresses the roles that jurisdiction and competence play in framing claims and identifies a typology of the wrongful acts experienced by consumers. The research shows that four types of claims appear in both private litigation and public enforcement with respect to personal information: (1) unauthorized disclosure, (2) surreptitious collection, (3) failure to secure, and (4) undue retention. The article then applies this typology to map “zones of effectiveness” for the notice and choice regime. The article identifies which wrongs a proper notice and choice regime can and cannot address. The research demonstrates that while some wrongful practices might be avoided by the inclusion of specific statements in a notice, others will be incurable through notice. The latter set of wrongs is, thus, outside the “zone of effectiveness” of a notice and choice regime. Lastly, the article concludes with a discussion of whether and how the harms that consumers experience match the outcomes of litigation and FTC settlement orders.This research is supported by the National Science Foundation grant 1330214 “TWC SBE: Option: Frontier: Collaborative: Towards Effective Web Privacy Notice and Choice: A Multi-Disciplinary Prospective.”
{"title":"Privacy Harms and the Effectiveness of the Notice and Choice Framework","authors":"J. Reidenberg, N. C. Russell, Alexander J. Callen, S. Qasir, Thomas B. Norton","doi":"10.2139/SSRN.2418247","DOIUrl":"https://doi.org/10.2139/SSRN.2418247","url":null,"abstract":"In the last fifteen years, the Federal Trade Commission and the White House have promoted notice and choice as the preferred mechanism for protecting consumers’ privacy online. But law and policy scholars doubt the efficacy of this mechanism. Research shows that consumers rarely read website privacy policies, that such policies are often too complex for users to understand, and that website policy statements do not match consumers’ privacy expectations. Efforts to ameliorate theses issues through technological tools, such as privacy filters and do-not-track codes, have been unsuccessful. Further, these tools do not address whether notice and choice theory aligns with the actual privacy harms that consumers experience. This alignment remains unexplored. This article, thus, proposes to examine the relationship between the notice and choice theory and users’ actual privacy concerns. The article takes a novel approach that examines privacy litigation and FTC enforcement actions. This focus on the wrongs litigated in the real world reveals the most important harms that consumers experience and provides a better understanding of the efficacy of the notice and choice framework.The data set compiled to support the research for the article consists of all federal class action complaints alleging online privacy violations filed during the last ten years and the Federal Trade Commission complaints and settlements addressing online privacy. The article next addresses the roles that jurisdiction and competence play in framing claims and identifies a typology of the wrongful acts experienced by consumers. The research shows that four types of claims appear in both private litigation and public enforcement with respect to personal information: (1) unauthorized disclosure, (2) surreptitious collection, (3) failure to secure, and (4) undue retention. The article then applies this typology to map “zones of effectiveness” for the notice and choice regime. The article identifies which wrongs a proper notice and choice regime can and cannot address. The research demonstrates that while some wrongful practices might be avoided by the inclusion of specific statements in a notice, others will be incurable through notice. The latter set of wrongs is, thus, outside the “zone of effectiveness” of a notice and choice regime. Lastly, the article concludes with a discussion of whether and how the harms that consumers experience match the outcomes of litigation and FTC settlement orders.This research is supported by the National Science Foundation grant 1330214 “TWC SBE: Option: Frontier: Collaborative: Towards Effective Web Privacy Notice and Choice: A Multi-Disciplinary Prospective.”","PeriodicalId":179517,"journal":{"name":"Information Privacy Law eJournal","volume":"875 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-03-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114149326","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The recent years have witnessed a growing concern in the EU institutions for the ways in which openness and citizen participation are believed to distract efficient decision-making. Various examples of such attitudes can be easily identified, demonstrating how the EU institutions still fail to possess a deeper understanding of the role of transparency in legitimate governance. This paper discusses the ways in which the right of public access often turns into institutional politics with the institutions and the Member States in fact buttressing their own interests. This has serious consequences for the understanding of citizens’ rights to participate in democratic decision-making. These questions are examined in the areas of legislative matters and international relations. The problems identified are then placed in the context of wider administrative culture in the relevant EU institutions, reflected in their responses to the citizens’ concerns. The paper concludes with a few remarks on the wishes of the European Council to create greater legitimacy for the Economic and Monetary Union, and the role of openness in that discussion.
近年来,欧盟各机构越来越担心,开放和公民参与被认为会分散有效决策的注意力。这种态度的各种例子可以很容易地找到,表明欧盟机构仍未能对透明度在合法治理中的作用有更深入的理解。本文讨论了公共获取权往往演变为制度政治的方式,机构和成员国实际上是在支持自己的利益。这对理解公民参与民主决策的权利产生了严重后果。这些问题在立法事项和国际关系领域进行审查。然后将确定的问题置于相关欧盟机构更广泛的行政文化背景下,反映在他们对公民关切的回应中。文章最后对欧洲理事会(European Council)希望为经济与货币联盟(Economic and Monetary Union)创造更大合法性的愿望以及开放性在这一讨论中的作用发表了一些评论。
{"title":"Transparency, Participation and EU Institutional Practice: An Inquiry into the Limits of the ‘Widest Possible’","authors":"P. Leino","doi":"10.2139/SSRN.2416242","DOIUrl":"https://doi.org/10.2139/SSRN.2416242","url":null,"abstract":"The recent years have witnessed a growing concern in the EU institutions for the ways in which openness and citizen participation are believed to distract efficient decision-making. Various examples of such attitudes can be easily identified, demonstrating how the EU institutions still fail to possess a deeper understanding of the role of transparency in legitimate governance. This paper discusses the ways in which the right of public access often turns into institutional politics with the institutions and the Member States in fact buttressing their own interests. This has serious consequences for the understanding of citizens’ rights to participate in democratic decision-making. These questions are examined in the areas of legislative matters and international relations. The problems identified are then placed in the context of wider administrative culture in the relevant EU institutions, reflected in their responses to the citizens’ concerns. The paper concludes with a few remarks on the wishes of the European Council to create greater legitimacy for the Economic and Monetary Union, and the role of openness in that discussion.","PeriodicalId":179517,"journal":{"name":"Information Privacy Law eJournal","volume":"186 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-03-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123721649","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Social networking systems (SNS) are emerging as a cultural phenomenon in China and a Chinese SNS industry is rapidly developing. While greatly enriching their users' lives, these systems bring issues of private law data protection to the fore. The paper tests the data protection quality of RenRen (China's Facebook), by investigating how RenRen with its privacy arrangements of Chinese heritage would be understood in Europe anno 2013. The research method mainly consists in processing specific information on RenRen's compliance with EU data protection principles as well as observing privacy policies issued by RenRen. As presented in the conclusion section, the authors demonstrate that the differences between Chinese and EU private law data protection practices could well be converging as a result of the trend towards informational globalization, but that this trend is not yet sufficiently understood. As such this paper should be of interest to a broad readership including those interested in informational privacy, social networking and Chinese data protection law.
{"title":"Looking at China's Facebook (RenRen) through the Lens of European Data Protection Principles","authors":"Kunbei Zhang, A. Schmidt","doi":"10.2139/ssrn.2257907","DOIUrl":"https://doi.org/10.2139/ssrn.2257907","url":null,"abstract":"Social networking systems (SNS) are emerging as a cultural phenomenon in China and a Chinese SNS industry is rapidly developing. While greatly enriching their users' lives, these systems bring issues of private law data protection to the fore. The paper tests the data protection quality of RenRen (China's Facebook), by investigating how RenRen with its privacy arrangements of Chinese heritage would be understood in Europe anno 2013. The research method mainly consists in processing specific information on RenRen's compliance with EU data protection principles as well as observing privacy policies issued by RenRen. As presented in the conclusion section, the authors demonstrate that the differences between Chinese and EU private law data protection practices could well be converging as a result of the trend towards informational globalization, but that this trend is not yet sufficiently understood. As such this paper should be of interest to a broad readership including those interested in informational privacy, social networking and Chinese data protection law.","PeriodicalId":179517,"journal":{"name":"Information Privacy Law eJournal","volume":"65 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-04-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126508263","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2013-01-13DOI: 10.4337/9781849805025.00021
L. Edwards
The problems created by the rise of social networks for user privacy have become well known throughout the world since the early paper co-authored by Edwards with Ian Brown of Oxford on data self regulation (http://ssrn.com/abstract=1148732). Reconciling the desire to self-disclose information with the simultaneous desire that this information be protected remains a difficult task, exacerbated by the increasing service provider monetisation of users data via profiling and targeted marketing both when interacting on and off the network itself. Building on the earlier work, this chapter analyses how law, code and norms all currently offer some but insufficient solutions to the problems of online social network privacy when faced with the market drive to make profits. The issues for children and young people are given particular attention, drawing on the work of inter alia boyd, palfrey and Livingstone. Although the law may provide some protections through traditional European DP law remedies, current law suffers from the general illusory nature of consent in the online consumer standard term contract environment. Regulation of SNS terms of service using ideas drawn from EU unfair contracts law may offer some help, bu tbest privacy protection is likely to arise from serious regulation of code in the shape of the defaults for disclosure on the sites themselves. The paper also proposes a user-friendly start up routine where users will shape their privacy preferences in a meaningful fashion and surveys some future solutions posited in the draft EC Data Protection Regulation.
{"title":"Privacy, Law, Code and Social Networking Sites","authors":"L. Edwards","doi":"10.4337/9781849805025.00021","DOIUrl":"https://doi.org/10.4337/9781849805025.00021","url":null,"abstract":"The problems created by the rise of social networks for user privacy have become well known throughout the world since the early paper co-authored by Edwards with Ian Brown of Oxford on data self regulation (http://ssrn.com/abstract=1148732). Reconciling the desire to self-disclose information with the simultaneous desire that this information be protected remains a difficult task, exacerbated by the increasing service provider monetisation of users data via profiling and targeted marketing both when interacting on and off the network itself. Building on the earlier work, this chapter analyses how law, code and norms all currently offer some but insufficient solutions to the problems of online social network privacy when faced with the market drive to make profits. The issues for children and young people are given particular attention, drawing on the work of inter alia boyd, palfrey and Livingstone. Although the law may provide some protections through traditional European DP law remedies, current law suffers from the general illusory nature of consent in the online consumer standard term contract environment. Regulation of SNS terms of service using ideas drawn from EU unfair contracts law may offer some help, bu tbest privacy protection is likely to arise from serious regulation of code in the shape of the defaults for disclosure on the sites themselves. The paper also proposes a user-friendly start up routine where users will shape their privacy preferences in a meaningful fashion and surveys some future solutions posited in the draft EC Data Protection Regulation.","PeriodicalId":179517,"journal":{"name":"Information Privacy Law eJournal","volume":"45 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-01-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114838740","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
To obtain approval to market a drug, a manufacturer must disclose significant amounts of research data to the government agency that oversees the approval process. The data often include information that could help advance scientific progress, and are therefore of great value. But current laws in both the United States and Europe give secrecy great weight. This Article proposes an obligatory sealed-bid auction of the sensitive information based on the experience with similar auctions in mergers and acquisitions, to balance manufacturers' interest in secrecy and the public interest in disclosure.
{"title":"A New Prescription to Balance Secrecy and Disclosure in Drug-Approval Processes","authors":"Gerrit M. Beckhaus","doi":"10.36646/mjlr.46.1.new","DOIUrl":"https://doi.org/10.36646/mjlr.46.1.new","url":null,"abstract":"To obtain approval to market a drug, a manufacturer must disclose significant amounts of research data to the government agency that oversees the approval process. The data often include information that could help advance scientific progress, and are therefore of great value. But current laws in both the United States and Europe give secrecy great weight. This Article proposes an obligatory sealed-bid auction of the sensitive information based on the experience with similar auctions in mergers and acquisitions, to balance manufacturers' interest in secrecy and the public interest in disclosure.","PeriodicalId":179517,"journal":{"name":"Information Privacy Law eJournal","volume":"128 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-12-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133601733","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Online social networking services such as Facebook, Twitter and LinkedIn have proliferated in recent years. In this paper, we will focus on the impact of Facebook, which is the network with the most users worldwide (as of March 2011 Facebook had more than 640 million registered users). Facebook has multiple uses: it is potentially and concurrently a dating site, a friend locator, and a public relations tool. We examine both the positive and the negative repercussions of the Facebook phenomenon. We then look more closely at one of its main effects: the fact that it serves to efface the boundaries in the traditional public/private dichotomy. Supposedly Facebook protects its users through privacy settings. Yet users add personal details (like email addresses, cell phone numbers, and photos). If something goes wrong, questions arise as to the legal relationship that users have agreed to. Who has access to their personal information? What is the meaning of the Facebook disclaimer in its “Terms of Service” (the online equivalent of “fine print” in contracts of adhesion)? Perhaps only lawyers know that under Facebook’s ToS, users give up copyright control of any material posted. As a result, laypersons at best remain partially protected. Privacy issues and data protection concerns (esp. protecting users who cannot protect themselves, such as minors under 18 who regularly use the medium) clash with freedom of expression/freedom of speech/freedom of information. The legislator concerned with efficiently regulating the use of online social networks needs to accommodate these conflicts, devising wise and balanced solutions.
{"title":"Facebook, Privacy and the Challenges of Protecting Minors on Social Networking Sites","authors":"Aspasia Tsaoussi","doi":"10.2139/SSRN.1878035","DOIUrl":"https://doi.org/10.2139/SSRN.1878035","url":null,"abstract":"Online social networking services such as Facebook, Twitter and LinkedIn have proliferated in recent years. In this paper, we will focus on the impact of Facebook, which is the network with the most users worldwide (as of March 2011 Facebook had more than 640 million registered users). Facebook has multiple uses: it is potentially and concurrently a dating site, a friend locator, and a public relations tool. We examine both the positive and the negative repercussions of the Facebook phenomenon. We then look more closely at one of its main effects: the fact that it serves to efface the boundaries in the traditional public/private dichotomy. Supposedly Facebook protects its users through privacy settings. Yet users add personal details (like email addresses, cell phone numbers, and photos). If something goes wrong, questions arise as to the legal relationship that users have agreed to. Who has access to their personal information? What is the meaning of the Facebook disclaimer in its “Terms of Service” (the online equivalent of “fine print” in contracts of adhesion)? Perhaps only lawyers know that under Facebook’s ToS, users give up copyright control of any material posted. As a result, laypersons at best remain partially protected. Privacy issues and data protection concerns (esp. protecting users who cannot protect themselves, such as minors under 18 who regularly use the medium) clash with freedom of expression/freedom of speech/freedom of information. The legislator concerned with efficiently regulating the use of online social networks needs to accommodate these conflicts, devising wise and balanced solutions.","PeriodicalId":179517,"journal":{"name":"Information Privacy Law eJournal","volume":"79 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-04-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115134944","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Third party facilitated surveillance has become a routine tool for law enforcement agencies. There are likely hundreds of thousands of such requests per year. Unfortunately there are few detailed statistics documenting the use of many modern surveillance methods. As such, the true scale of law enforcement surveillance, although widespread, remains largely shielded from public view.Prior to the widespread adoption of the Internet and mobile phones, law enforcement agencies’ use of third party facilitated electronic surveillance was largely limited to real-time interception of communications content ("wiretapping") and non-content data (through the use of "pen register" and "trap and trace" orders). In order to increase its ability to perform effective oversight, Congress mandated that annual reports be created documenting the use of these surveillance powers. These reports are intended to enable policy makers as well as the general public to determine the extent to which such surveillance methods are used, and in the words of Senator Patrick Leahy, provide a "far more reliable basis than anecdotal evidence on which to assess law enforcement needs and make sensible policy in this area."The existing surveillance statistics might be sufficient if law enforcement agencies’ surveillance activities were limited to wiretaps and pen registers. However, over the last decade, law enforcement agencies have enthusiastically embraced many new sources of investigative and surveillance data for which there are no mandatory reporting requirements. As a result, most modern surveillance now takes place entirely off the books and the true scale of such activities, which vastly outnumber traditional wiretaps and pen registers, remains unknown. In this article, I examine the existing electronic surveillance reporting requirements and the reports that have been created as a result. Some of these have been released to public, but many have only come to light as a result of Freedom of Information Act requests or leaks by government insiders. I also also examine several law enforcement surveillance methods for which there are no existing legally mandated surveillance reports. Finally, I propose specific legislative reporting requirements in order to enable some reasonable degree of oversight and transparency over all forms of law enforcement electronic surveillance.
第三方监控已成为执法机构的常规工具。每年可能有数十万个这样的请求。不幸的是,很少有详细的统计数据记录许多现代监测方法的使用情况。因此,执法部门监控的真实规模尽管广泛存在,但在很大程度上仍不为公众所知。在广泛采用互联网和移动电话之前,执法机构对第三方电子监控的使用主要局限于实时截获通信内容(“窃听”)和非内容数据(通过使用“笔录”和“陷阱和追踪”命令)。为了增强其进行有效监督的能力,国会要求创建年度报告,记录这些监督权力的使用情况。这些报告旨在使政策制定者和公众能够确定此类监视方法的使用程度,用参议员帕特里克·莱希(Patrick Leahy)的话来说,这些报告提供了“比轶事证据可靠得多的基础,以评估执法需求,并在这一领域制定明智的政策”。如果执法机构的监视活动仅限于窃听和笔录,现有的监视统计数据可能就足够了。然而,在过去十年中,执法机构热情地接受了许多新的调查和监视数据来源,这些来源没有强制性的报告要求。其结果是,大多数现代监视活动现在完全是秘密进行的,此类活动的真实规模远远超过传统的窃听和笔录,目前仍不得而知。在本文中,我将研究现有的电子监视报告需求以及由此创建的报告。其中一些已经向公众发布,但许多是由于《信息自由法》(Freedom of Information Act)的要求或政府内部人士泄露才被曝光的。我还研究了几种没有现有法律规定的监视报告的执法监视方法。最后,我提出具体的立法报告要求,以便对所有形式的执法电子监视进行某种程度的合理监督和透明度。
{"title":"The Law Enforcement Surveillance Reporting Gap","authors":"Christopher Soghoian","doi":"10.2139/SSRN.1806628","DOIUrl":"https://doi.org/10.2139/SSRN.1806628","url":null,"abstract":"Third party facilitated surveillance has become a routine tool for law enforcement agencies. There are likely hundreds of thousands of such requests per year. Unfortunately there are few detailed statistics documenting the use of many modern surveillance methods. As such, the true scale of law enforcement surveillance, although widespread, remains largely shielded from public view.Prior to the widespread adoption of the Internet and mobile phones, law enforcement agencies’ use of third party facilitated electronic surveillance was largely limited to real-time interception of communications content (\"wiretapping\") and non-content data (through the use of \"pen register\" and \"trap and trace\" orders). In order to increase its ability to perform effective oversight, Congress mandated that annual reports be created documenting the use of these surveillance powers. These reports are intended to enable policy makers as well as the general public to determine the extent to which such surveillance methods are used, and in the words of Senator Patrick Leahy, provide a \"far more reliable basis than anecdotal evidence on which to assess law enforcement needs and make sensible policy in this area.\"The existing surveillance statistics might be sufficient if law enforcement agencies’ surveillance activities were limited to wiretaps and pen registers. However, over the last decade, law enforcement agencies have enthusiastically embraced many new sources of investigative and surveillance data for which there are no mandatory reporting requirements. As a result, most modern surveillance now takes place entirely off the books and the true scale of such activities, which vastly outnumber traditional wiretaps and pen registers, remains unknown. In this article, I examine the existing electronic surveillance reporting requirements and the reports that have been created as a result. Some of these have been released to public, but many have only come to light as a result of Freedom of Information Act requests or leaks by government insiders. I also also examine several law enforcement surveillance methods for which there are no existing legally mandated surveillance reports. Finally, I propose specific legislative reporting requirements in order to enable some reasonable degree of oversight and transparency over all forms of law enforcement electronic surveillance.","PeriodicalId":179517,"journal":{"name":"Information Privacy Law eJournal","volume":"51 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-04-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117050532","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: