12. DATA PRIVACY
In a world where literally everything you do can leave a digital fingerprint, nothing strikes a visceral chord among web users more than the issue of privacy. There is very little that one can do in complete anonymity when it comes to surfing the web. It is only a question of how willing various data collectors are in maintaining the privacy of users. The potential for abuse is enormous. It should be no surprise then, that when a company acts in a questionable manner with respect to the privacy rights of users, the freewheeling libertarian-minded web community strikes back with furious condemnation.
We all want sensitive personal and financial data to be secure from theft and misuse. But the issue of privacy is more than security alone. There are complex questions of who controls the data about us (individually and collectively) and how it is used. What rights do users have to preserve their privacy? What are the rights of data owners who exploit information about web users without their permission? How should permission be obtained? And indeed, who can (or should) claim ownership over the data collected? Is it the merchant, or advertiser, or service provider, or consumer who should be in control?
To be sure, legitimate businesses that collect data on the web are mindful of the privacy concerns of users. Responsible web operations post privacy statements that outline the usage of data collected about visitors to their sites. Industry groups have made a point of promoting the use of such statements. Current public policy is polarized on the issue. Some argue that industry can regulate itself against privacy abuses. But others doubt this, and contend that government intervention is needed to protect the rights of consumers and enforce protection rules. The U.S. Federal Trade Commission offers guidelines for handling consumer information (see below).
Managing data privacy is further complicated by the global nature of the Web. Different countries take different approaches to protecting consumer privacy. The European Union's Directive on Data Privacy enacted in 1998 is a case in point. The law prohibits the transfer of personal data to non-European Union nations that do not meet its guidelines for privacy protection. The Directive provides for the creation of government data protection agencies that will oversee the registration, and in some cases the approval, of databases containing personal information.
There are 30 or so federal statutes and over 100 state statutes governing information privacy in the U.S. The approach has been piecemeal in protecting privacy. It blends government oversight with industry self-regulation, and varies from sector to sector. Because of this, companies doing business over the Web with consumers residing in the E.U. can find themselves in non-compliance with the local requirements for privacy protection. To help companies comply with the E.U. regulations the Department of Commerce has developed a set of rules under which U.S. businesses should operate, called the safe harbor principles.
A particularly troublesome aspect of privacy abuse concerns children. No matter how well intentioned companies may be, most feel that special precautions must be taken when advertising is directed at children. But in a world where authenticating who is at the other end of a web connection is never an absolute certainty, how do we best preserve the privacy rights of children? The Federal Trade Commission has constructed the Children's Online Privacy Protection Rule in an attempt to curb potential abuses.
Things to read:
Guide to Online Privacy
Center for Demoracy and Technology | 10.21.2009
Engaging Privacy and Information Technology in a Digital Age: Executive Summary
National Research Council | 05.30.2007
The New Vulnerability: Data Security and Personal Information
Daniel Solove | 08.31.2004
FACTA, the Fair and Accurate Credit Transactions Act
Privacy Rights Clearinghouse | 08.00.2004
The Lack of Clarity in Financial Privacy Policies
Annie Antón, et al. | 08.01.2004
The Privacy Problem
Fred H. Cate | 03.21.2003
Most People Are Privacy Pragmatists: A Harris Poll
Humphrey Taylor | 03.19.2003
Privacy Online: A Report on the Internet Practices and Policies of Commercial Web Sites
William F. Adkinson, Jr., Jeffrey A. Eisenach, and Thomas M. Lenard | 03.25.2002
Privacy Online: Fair Information Practices in the Electronic Marketplace (Read pp. 1-38)
U.S. Federal Trade Commission | 05.22.2000
Things to watch:
Myths about Privacy
Robert Ellis Smith | 05.23.2001
A Taxonomy of Privacy
The Impact of Data Restrictions On Consumer Distance Shopping
Michael A. Turner
The Adverse Impact of Opt-In Privacy Rules
Michel E. Staten and Fred H. Cate
DRM and Privacy
The Death of Privacy?
A. Michael Froomkin
Information Privacy/Information Property
Online Profiling: Report and Recommendations to Congress
U.S. Federal Trade Commission
Privacy in Cyberspace
The Cookie Concept
Beyond Concern: Understanding Net Users' Attitudes About Online Privacy
Lorrie Faith Cranor, Joseph Reagle, and Mark S. Ackerman
The Architecture of Privacy
Surfer Beware III: Privacy Policies without Privacy Protection
Electronic Privacy Information Center
Multi-National Consumer Privacy Survey
IBM Global Services
Guidelines for Online Privacy Policies
Online Privacy Alliance
W3C Platform for Privacy Preferences
Mary Culnan and Sandra Milberg
Top 12 Ways to Protect Your Online Privacy
Electronic Frontier Foundation
A Survey of Consumer Privacy Attitudes and Behaviors
On the airwaves:
The Privacy Train Has Left the Station
Katherine Mangu-Ward | 01.22.2007
Conversations About Privacy: Is Anything Actually Private?
Steve Inskeep and Renee Montagne | 03.08.2006
Look it up:
Places to visit: