Last week on his personal blog, Peter Fleischer, Global Privacy Counsel for Google, posted an interesting essay entitled “We Need a Better, Simpler Narrative of US Privacy Laws.” Fleischer says that Europe has done a better job marketing its privacy regime to the world than the United States and argues that “The US has to figure out how to explain its privacy laws on the global stage” since “Europe is convincing many countries around the world to implement privacy laws that follow the European model.” He notes that “in the last year alone, a dozen countries in Latin America and Asia have adopted euro-style privacy laws [while] not a single country, anywhere, has followed the US model.” Fleischer argues that this has ramifications for long-term trade policy and global Internet regulation more generally.
I found this essay very interesting because I deal with some of these issues in my latest law review article, “The Pursuit of Privacy in a World Where Information Control is Failing” (Harvard Journal of Law & Public Policy, vol. 36, no. 2, Spring 2013). In the article, I suggest that the U.S. does have a unique privacy regime and it is one that is very similar in character to the regime that governs online child safety issues. Whether we are talking about online safety or digital privacy, the defining characteristics of the U.S. regime are that it is bottom-up, evolutionary, education-based, empowerment-focused, and resiliency-centered. It focuses on responding to safety and privacy harms after exhausting other alternatives, including market responses and the evolution of societal norms.
The EU regime, by contrast, is more top-down in character and takes a more static, inflexible view of privacy rights. It tries to impose a one-size-fits-all model on a diverse citizenry and it attempts to do so through heavy-handed data directives and ongoing “agency threats.” It is a regime that makes more sweeping pronouncements about rights and harms and generally recommends a “precautionary principle” approach to technological change in which digital innovation is more “permissioned.”
Put simply, the U.S. regime is
reactive in character while the E.U. regime is more preemptive. The U.S. system focuses on responding to safety and privacy problems using a more diverse toolbox of solutions, some of which are governmental in character while others are based on evolving social and market norms and responses. To be clear, law does enter the picture here in the U.S., but it does so in a very different way than it does in the E.U. Continue reading →
I’m excited to announce the release of my latest law review article, “The Pursuit of Privacy in a World Where Information Control is Failing,” which appears in the next edition (vol. 36) of the Harvard Journal of Law & Public Policy. This is the first of two complimentary law review articles that I will be releasing this year dealing with privacy policy. The second, which will be published later this summer by the George Mason University Law Review, is entitled, “A Framework for Benefit-Cost Analysis in Digital Privacy Debates.” (FYI: Both articles focus on privacy claims made against private actors — namely, efforts to limit private data collection — and not on privacy rights against governments.)
The new
Harvard Journal article is divided into three major sections. Part I focuses on some of normative challenges we face when discussing privacy and argues that there may never be a widely accepted, coherent legal standard for privacy rights or harms here in the United States. It also explores the tensions between expanded privacy regulation and online free speech. Part II turns to the many enforcement challenges that are often ignored when privacy policies are being proposed or formulated and argues that legislative and regulatory efforts aimed at protecting privacy must now be seen as an increasingly intractable information control problem. Most of the problems policymakers and average individuals face when it comes to controlling the flow of private information online are similar to the challenges they face when trying to control the free flow of digitalized bits in other information policy contexts, such as online safety, cybersecurity, and digital copyright.
If the effectiveness of law and regulation is limited by the normative considerations discussed in Part I and the practical enforcement complications discussed in Part II, what alternatives remain to assist privacy-sensitive individuals? I address that question in Part III of the paper and argue that the approach America has adopted to deal with concerns about objectionable online speech and child safety offers a path forward on the privacy front as well. Continue reading →
In the wake of the election, Matt Hindman, author of The Myth of Digital Democracy, analyzes the effect of the internet on electoral politics.
According to Hindman, the internet had a large—but indirect—effect on the 2012 elections. Particularly important was microtargeting to identify supporters and get out the vote, says Hindman. Data and measurements—two things that the GOP was once ahead in, but which they have ceded to the Democrats in the past 8 years—played a key role in determining the winner of the presidential election, according to Hindman.
Hindman also takes a critical look at the blogosphere, comparing it to the traditional media that some argue it is superseding, and he delineates the respective roles played by Facebook and Twitter within the electoral framework.
Download
Related Links
The Federal Trade Commission (FTC) has just released its final privacy framework proposal, “Protecting Consumer Privacy in an Era of Rapid Change.” The agency released a draft report with the same title back in late 2010 and then asked for comments. [Here were my comments to the agency.] The FTC’s final report comes just a month after the Obama Administration released its 50-page privacy framework, Consumer Data Privacy in a Networked World, which included a privacy “bill of rights.” That report was primarily driven by the Department of Commerce. [I penned a Forbes column about that report the day it was released.] The new FTC report is fairly consistent with the earlier Commerce Department report. Here are some of the key themes or recommendations from the final FTC report:
- rooted in a set of baseline privacy principles with a strong push for “privacy by design,” more consumer choice, and better transparency.
- along with Dept of Commerce, the agency will work with industry to develop privacy codes of conduct and then give them teeth with possibility of FTC enforcement.
- pushes for industry to pursue voluntary “Do Not Track” mechanism, which to the agency apparently means “do not collect” any info.
- calls on Congress to pass data security legislation and legislation “to provide greater transparency for, and control over, the practices of information brokers.” Also, “to further increase transparency, the Commission calls on data brokers that compile data for marketing purposes to explore creating a centralized website where data brokers could (1) identify themselves to consumers and describe how they collect and use consumer data and (2) detail the access rights and other choices they provide with respect to the consumer data they maintain.”
- the agency will host a workshop later this year to discuss privacy withing “large platform providers.” The report notes: “To the extent that large platforms, such as Internet Service Providers, operating systems, browsers, and social media, seek to comprehensively track consumers’ online activities, it raises heightened privacy concerns.”
- the agency is also stepping up oversight on mobile privacy issues.
- the agency says it “generally supports the exploration of efforts to develop additional mechanisms, such as the ‘eraser button’ for social media,” but stops short of saying it should be mandated at this time.
Some of my initial random thoughts about the FTC report: Continue reading →
According to the BBC, the European Commission is apparently set to adopt formal rules guaranteeing a so-called “right to be forgotten” online. As part of the Commission’s overhaul of the 1995 Data Protection Directive, this new regulation will mandate that, “people will be able to ask for data about them to be deleted and firms will have to comply unless there are ‘legitimate’ grounds to retain it,” the BBC reports.
I’ve written about “right to be forgotten” and “online eraser button” proposals before in my
Forbes essay, “Erasing Our Past On The Internet,” a Mercatus white paper on “Kids, Privacy, Free Speech & the Internet: Finding the Right Balance.” and in this essay here on the TLF on “The Conflict Between a “Right to Be Forgotten” & Speech / Press Freedoms.” While I can appreciate the privacy and reputational concerns that lead to calls for such information controls, the reality is that a mandatory “right to be forgotten” is a recipe for massive Internet censorship. As I noted in those earlier essays, such notions conflict violently with speech rights and press freedoms. Enshrining into law such expansive privacy norms places stricter limits on others’ rights to speak freely, or to collect and analyze information about others. Continue reading →
Jane Yakowitz of Brooklyn Law School recently posted an interesting 63-page paper on SSRN entitled, “Tragedy of the Data Commons.” For those following the current privacy debates, it is must reading since it points out a simple truism: increased data privacy regulation could result in the diminution of many beneficial information flows.
Cutting against the grain of modern privacy scholarship, Yakowitz argues that “The stakes for data privacy have reached a new high water mark, but the consequences are not what they seem. We are at great risk not of privacy threats, but of information obstruction.” (p. 58) Her concern is that “if taken to the extreme, data privacy can also make discourse anemic and shallow by removing from it relevant and readily attainable facts.” (p. 63) In particular, she worries that “The bulk of privacy scholarship has had the deleterious effect of exacerbating public distrust in research data.”
Yakowitz is right to be concerned. Access to data and broad data sets that include anonymized profiles of individuals is profound importantly for countless sectors and professions: journalism, medicine, economics, law, criminology, political science, environmental sciences, and many, many others. Yakowitz does a brilliant job documenting the many “fruits of the data commons” by showing how “the benefits flowing from the data commons are indirect but bountiful.” (p. 5) This isn’t about those sectors making money. It’s more about how researchers in those fields use information to improve the world around us. In essence, more data = more knowledge. If we want to study and better understand the world around us, researchers need access to broad (and continuously refreshed) data sets. Overly restrictive privacy regulations or forms of liability could slow that flow, diminish or weaken research capabilities and output, and leave society less well off because of the resulting ignorance we face. Continue reading →
A headline in the USA Today earlier this week screamed, “Hello, Big Brother: Digital Sensors Are Watching Us.” It opens with an all too typical techno-panic tone, replete with tales of impending doom:
Odds are you will be monitored today — many times over. Surveillance cameras at airports, subways, banks and other public venues are not the only devices tracking you. Inexpensive, ever-watchful digital sensors are now ubiquitous.
They are in laptop webcams, video-game motion sensors, smartphone cameras, utility meters, passports and employee ID cards. Step out your front door and you could be captured in a high-resolution photograph taken from the air or street by Google or Microsoft, as they update their respective mapping services. Drive down a city thoroughfare, cross a toll bridge, or park at certain shopping malls and your license plate will be recorded and time-stamped.
Several developments have converged to push the monitoring of human activity far beyond what George Orwell imagined. Low-cost digital cameras, motion sensors and biometric readers are proliferating just as the cost of storing digital data is decreasing. The result: the explosion of sensor data collection and storage.
Oh my God! Dust off you copies of the
Unabomber Manifesto and run for your shack in the hills!
No, wait, don’t. Let’s instead step back, take a deep breath and think about this. As the article goes on to note, there will certainly be many benefits to our increasing “sensor society.” Advertising and retail activity will become more personalized and offer consumers more customized good and services. I wrote about that here at greater length in my essay on “Smart-Sign Technology: Retail Marketing Gets Sophisticated, But Will Regulation Kill It First?” More importantly, ubiquitous digital sensors and data collection/storage will also increase our knowledge of the world around us exponentially and do wonders for scientific, environmental, and medical research.
But that won’t soothe the fears of those who fear the loss of their privacy and the rise of a surveillance society in which our every move is watched or tracked. So, let’s talk about what those of you who feel that way want to do about it.
Continue reading →
Rep. Darrell Issa (R-CA) has a terrific op-ed piece on Internet-age government transparency in the Washington Times today:
If agencies used consistent data formats for their financial information, their financial reports could be electronically reconciled. It would be possible to trace funds from Congressional appropriations through agencies’ budgets to final use. The same data could flow automatically into USASpending.gov, without the errors and inconsistencies that make it unreliable today.
The idea is simple, if not easy to implement. Put government data in uniform formats, accessible to the public, and let public oversight work its will. Whether you prioritize good government, small government, or both, expect improvement.
Yesterday, the Federal Trade Commission (FTC) hosted an all-day workshop on “Protecting Kids’ Privacy Online,” which looked into the Children’s Online Privacy Protection Act of 1998 (COPPA) and challenges posed to its enforcement by new technological developments. The FTC staff did a nice job bringing together and moderating 5 panels worth of participants, all of whom had plenty of interesting things to say about the future of COPPA. But I was more struck by what was not said yesterday. Namely, there was:
- ZERO explanation of the supposed harms of advertising, marketing, and data collection. Advertising-bashing is an old sport here in Washington, so I guess I should not have been surprised to hear several panelists yesterday engaging in teeth-gnashing and hand-wringing about advertising, marketing, and the data collection methods that make it possible. But this grousing just went on and on without any explanation by the critics of the supposed harms that would result from it.
- ZERO appreciation of the benefits of advertising, marketing, and data collection. Not once yesterday — NOT ONCE — did anyone pause to ask what it is that makes all these wonderful online sites, services and content free (or dirt cheap) to consumers. Everyone at this show was guilty of the “manna fallacy” (that all this stuff just falls magically to Earth from the Net Gods above). Well, back here in the real world, something has to pay for all those goodies, and that something is advertising and marketing, which are facilitated by data collection! Or would you like to pay $19.95 a month for each of those currently free sites and services? Yeah, I didn’t think so.
Continue reading →
Today, Berin Szoka and I both testified at the first of three Federal Trade Commission workshops on “Exploring Privacy.” Today’s all-day event featured five panel discussions, and remarks by FTC Chairman Jon Leibowitz, Commissioner Pamela Jones Harbour, and David C. Vladeck, Director of the FTC’s Bureau of Consumer Protection. Our TLF co-blogging colleague Jim Harper also testified on the first panel of the day on “Benefits and Risks of Collecting, Using, and Retaining Consumer Data.” I was on the second panel of the day on “Consumer Expectations and Disclosures.” And Berin was on the third panel on “Online Behavioral Advertising.” The fourth panel was on “Information Brokers” and the fifth panel was on “Exploring Existing Regulatory Frameworks.” On my panel, we discussed the usefulness of privacy polls and surveys. I attempted to make a few simple points when asked for my opinions:
- While privacy polls and surveys may offer us some interesting insights into how some in the public think about advertising and privacy in the abstract, ultimately, they are no substitute for real-world experiments in which people make real choices, in real time, often with real money, and face many real trade-offs. [See this paper.]
- Moreover, such polls and surveys fail to account for the fact that consumers are empowered with real privacy controls so they can make the privacy choices that are right for them, rather than a one-size-fits-all choice imposed by someone else. [See this ongoing series and this paper.]
- (1) & (2) are especially the case since privacy is a highly subjective condition. [See this paper by Jim Harper.]
- It remains unclear what the harms are that we are trying to protect consumers against. [See this paper and this blog post.]
- Because of (1), (2), (3), and (4) we need to understand that rational ignorance may often be at work here. Many consumers likely won’t feel the need to read privacy policies or take steps to “protect their privacy” online.
Continue reading →
The Technology Liberation Front is the tech policy blog dedicated to keeping politicians' hands off the 'net and everything else related to technology.