Daedalus, Vol. 140, No. 4, pp. 32-48, Fall 2011
This paper urges new strategies to protect privacy online that incorporates the Internet’s diverse non-commercial uses.
Policymakers should extend already familiar social values to analogous practices on the Net, and should develop norms based on the appropriate flow of information for the diverse aspects of life online.
The Internet has disrupted flows of personal information between individuals, businesses, and government, offering new and expanded opportunities for data collection, storage, and analysis on the part of large institutions. However, individual users are not always aware of what data is collected about them, how that data is being used, and what control, if any, they have over their personal information online – this disjunction could be termed the “transparency paradox.”
Informed consent, the current dominant paradigm for online privacy, is flawed because it presumes that users, confronted with a web application, enter into a voluntary contract that acknowledges the application’s privacy policies and a user’s willingness to submit to them.
In reality, individual users rarely if ever have all the information they need to make an informed choice, nor are privacy agreements necessarily transparent.
Because the Internet is used for a plethora of different activities connected to social life off-line, its “radical heterogeneity” precludes either a one-size-fits-all solution or a contractual commercial model for privacy.
Greater effort should be made to extend the norms of contextual information flows found in various sectors of off-line life to Internet activities, such as respecting a users’ expressed desire to entirely delete data. Regulators such as the Federal Trade Commission should extend their enforcement of norms more completely into the online commercial sphere to ensure that flows of information based on ownership do not unduly predominate.
For truly novel online contexts, regulators and technologists should begin with a commitment to core democratic values such as freedom or privacy, and construct online norms consistent with these values, reinforcing “moral imperatives” as opposed to technological ones.