Updated: ...| Home | About | Forum | Help | Search..
border border
MANAGING THE DIGITAL ENTERPRISEMICHAEL RAPPA

<12>DATA PRIVACY

border

space
space

Things to watch:

__/ 05-23-2001 \__
Myths about Privacy
Robert Ellis Smith

space

Hungry minds:

Resolving Conflicting
International Data
Privacy Rules in
Cyberspace

Joel R. Reidenberg

A Taxonomy of Privacy
Daniel Solove

The Impact of Data
Restrictions On
Consumer Distance
Shopping

Michael A. Turner

The Adverse Impact of
Opt-In Privacy Rules

Michel E. Staten
Fred H. Cate

DRM and Privacy
Julie Cohen

The Death of Privacy?
A. Michael Froomkin

Information Privacy/
Information Property

Jessica Litman

Online Profiling
FTC

Privacy in Cyberspace
Arthur Miller

The Cookie Concept
Mayer-Schönberger

The Architecture
of Privacy

Lawrence Lessig

W3C Platform for
Privacy Preferences
P3P Project

space

Places to visit:

Computers, Freedom
& Privacy

Electronic Froniter
Foundation

Electronic Privacy
Information Center

Free Credit Reports

FTC Privacy Page

Privacy Foundation

Privacy International

Safe Harbor

The Privacy Place

Truste

space

Previous topic:

Security

space
Internet Privacy
space
In a world where literally everything you do can leave a digital fingerprint, nothing strikes a visceral chord among web users more than the issue of privacy. There is very little that one can do in complete anonymity when it comes to surfing the web. It is only a question of how willing various data collectors are in maintaining the privacy of users. The potential for abuse is enormous.

We all want sensitive personal and financial data to be secure from theft and misuse. But the issue of privacy is more than security alone. There are complex questions of who controls the data about us (individually and collectively) and how it is used. What rights do users have to preserve their privacy? Article 12, Universal Declaration of Human RightsWhat are the rights of data owners who exploit information about web users without their permission? How should permission be obtained? And indeed, who can (or should) claim ownership over the data collected? Is it the merchant, or advertiser, or service provider, or consumer who should be in control?

To be sure, legitimate businesses that collect data on the web are mindful of the privacy concerns of users. Responsible web operations post privacy statements that outline the usage of data collected about visitors to their sites. Industry groups have made a point of promoting the use of such statements. Current public policy is polarized on the issue. Some argue that industry can regulate itself against privacy abuses. But others doubt this, and contend that government intervention is needed to protect the rights of consumers and enforce protection rules. The U.S. Federal Trade Commission offers guidelines for handling consumer information (see below).

Managing data privacy is further complicated by the global nature of the Web. Different countries take different approaches to protecting consumer privacy. The European Union's Directive on Data Privacy enacted in 1998 is a case in point. Westin quoteThe law prohibits the transfer of personal data to non-European Union nations that do not meet its guidelines for privacy protection. The Directive provides for the creation of government data protection agencies that will oversee the registration, and in some cases the approval, of databases containing personal information.

There are 30 or so federal statutes and over 100 state statutes governing information privacy in the U.S. The approach has been piecemeal in protecting privacy. It blends government oversight with industry self-regulation, and varies from sector to sector. Because of this, companies doing business over the Web with consumers residing in the E.U. can find themselves in non-compliance with the local requirements for privacy protection. To help companies comply with the E.U. regulations the Department of Commerce has developed a set of rules under which U.S. businesses should operate, called the safe harbor principles.

A particularly troublesome aspect of privacy abuse concerns children. No matter how well intentioned companies may be, most feel that special precautions must be taken when advertising is directed at children. But in a world where authenticating who is at the other end of a web connection is never an absolute certainty, how do we best preserve the privacy rights of children? The Federal Trade Commission has constructed the Children's Online Privacy Protection Rule in an attempt to curb potential abuses.

FTC CONSUMER FAIR INFORMATION PRACTICES
Notice/
Awareness
Give consumers notice of an entity's information practices before any personal information is collected from them, including:
  • identification of the entity collecting the data;
  • identification of the uses to which the data will be put;
  • identification of any potential recipients of the data;
  • the nature of the data collected and the means by which it is collected if not obvious;
  • whether the provision of the requested data is voluntary or required, and the consequences of a refusal to provide the requested information;
  • the steps taken by the data collector to ensure the confidentiality, integrity and quality of the data.
Choice/
Consent
Give consumers options as to how any personal information collected from them may be used, including secondary uses of information -- i.e., uses beyond those necessary to complete the contemplated transaction. Such secondary uses can be internal, such as placing the consumer on the collecting company's mailing list in order to market additional products or promotions, or external, such as the transfer of information to third parties.
Access/
Participation
Give consumers the ability both to access data about themselves -- i.e., to view the data in an entity's files -- and to contest that data's accuracy and completeness. Access must encompass timely and inexpensive access to data, a simple means for contesting inaccurate or incomplete data, a mechanism by which the data collector can verify the information, and the means by which corrections and/or consumer objections can be added to the data file and sent to all data recipients.
Integrity/
Security
Ensure that consumer data be accurate and secure. To assure data integrity, collectors must take reasonable steps, such as using only reputable sources of data and cross-referencing data against multiple sources, providing consumer access to data, and destroying untimely data or converting it to anonymous form. Security involves both managerial and technical measures to protect against loss and the unauthorized access, destruction, use, or disclosure of the data.
Enforcement/
Redress

Provide a mechanism to enforce fair information practices. Among the alternative enforcement approaches are industry self-regulation; legislation that would create private remedies for consumers; and/or regulatory schemes enforceable through civil and criminal sanctions.

Source: U.S. Federal Trade Commission, Privacy Online: A Report to Congress, June 1998.
space
space
space

Hear the podcast:

Podcast by Professor Michael Rappa

Audio | Transcript

space

Things to read:

Learning Objectives

__/ 10-21-2009 \__
Guide to Online Privacy
Center for Demoracy
and Technology

__/ 05-30-2007 \__
Engaging Privacy and
Information Technology
in a Digital Age:
Executive Summary

National Research
Council

__/ 08-31-2004 \__
The New Vulnerability:
Data Security and
Personal Information

Daniel Solove

__/ 08-00-2004 \__
FACTA, the Fair and
Accurate Credit
Transactions Act

Privacy Rights
Clearinghouse

__/ 08-01-2003 \__
The Lack of Clarity in
Financial Privacy
Policies

Annie Antón
Julia Earp, et al.

__/ 03-21-2003 \__
The Privacy Problem
Fred H. Cate

__/ 03-19-2003 \__
Most People Are
Privacy Pragmatists

Humphrey Taylor

__/ 03-25-2002 \__
Privacy Online
W.F. Adkinson, Jr., et al.

__/ 05-22-2000 \__
Fair Information
Practices in the
Electronic Marketplace

U.S. Federal Trade
Commission

space

Case study:

DoubleClick

space

On the airwaves:

__/ 06-18-2007 \__
Privacy Advocates Wary
of Google Tactics

Declan McCullagh
Frank Pasquale
Nicole Wong

__/ 01-22-2007 \__
The Privacy Train Has
Left the Station

Katherine Mangu-Ward

__/ 03-08-2006 \__
Conversations About
Privacy: Is Anything
Actually Private?

Steve Inskeep
Renee Montagne

space

Next topic:

Intellectual Property

border
border
border
© 2010 Michael Rappa

About | Terms of Use | Contact

Institute for Advanced Analytics