Beacons and Data Privacy Law

By TAP Staff Blogger

Posted on August 16, 2010


Online privacy continues to be a key debate amongst policy makers. In recent weeks, news articles have focused on online beacons, or tracking tools; and companies that package data from individual’s online activities into user profiles which are then sold to companies seeking customers. The New York Times leveraged the expertise of Professor Paul Ohm, University of Colorado, in a 2-part article, Answers to Questions About Internet Privacy. Additionally, on July 27th, the U.S. Senate Committee on Commerce, Science, and Transportation held a hearing on consumer online privacy. The focus was on technologies used to collect and use consumer information. TAP scholar, Joseph Turow, Professor of Communication at the University of Pennsylvania's Annenberg School for Communication, was one of the witnesses to testify.

Understanding how information about our online activities and personally identifiable information is captured, tracked, and utilized will no doubt always be important and always need to evolve. Earlier in the year, TAP published a post by Guest Blogger Aaron Burstein, a Research Fellow with the UC Berkeley School of Information, on the basics of data privacy law. In his post, Burstein explains that statutes in U.S. law typically aren't written to guarantee privacy; instead, data privacy statutes limit the flow of private information. More specifically, these statutes address three main points of information flow: collection (the kinds and extent of information that an authorized party may collect about you); use (setting limits on how a company (or other party) can use private information it has collected); and disclosure (when and how data may be shared).

TAP academics have researched and written extensively on privacy issues. Below are key articles that explore the use of cookies and other tracking mechanisms, as well as proposed actions to insure protection of consumer privacy.

In Cookies and Web Browser Design: Toward Realizing Informed Consent Online, Edward Felten and his colleagues explain that cookies can be used to create profiles of users online without the users’ knowledge or consent; and propose web browsers should be changed to give users more control of how information is used about them online. Professor Felten went on to examine how web browsers can be designed to help users control their privacy online and teach them about “cookies.” In Informed Consent in the Mozilla Browser: Implementing Value-Sensitive Design, Professor Felten and Batya Friedman make the point that users should know and agree if information about them is being recorded and used as they surf the web (“informed consent.”).

Looking at the privacy-protecting power of anonymization, Professor Paul Ohm shows us in Broken Promises of Privacy: Responding to the Surprising Failure of Anonymization that computer scientists can often 'reidentify' or 'deanonymize' individuals hidden in anonymized data with astonishing ease. By understanding this research, Ohm brings to light that we have much less privacy than we have assumed.

Finally, Professors Chris Hoofnagle and Daniel J. Solove outline a new set of ground rules for privacy in A Model Regime of Privacy Protection. In this paper, they show that new laws are needed to control how private firms and the government get and use information about ordinary people.

For more articles about online privacy, type a key phrase (e.g., consumer privacy, cookies, online privacy) in TAP’s search box, or scan the article and academics listed on our privacy and security issues page.