Privacy and Consumers
Modified on November 26, 2012
There are a number of privacy issues related to how online companies collect, store, use and share personally identifiable information; and how consumers are informed about what is done with their information online. Companies that operate a business or advertise online often want to know more about the behavior and demographics of their customers in order to more efficiently target information. Consumers may have a variety of concerns about the information they reveal online, including: identity theft, child safety online, the protection of one’s reputation, or a wish to avoid aggressive marketing pitches. At some level, online privacy is a balance between the economic value of information – including its ability to provide a return to content creators so that the Internet continues to thrive – and the need to ensure that privacy is protected, so that fear of sharing information does not unduly limit the Internet as a place of creative and commercial exchange.
These issues often arise in discussions of privacy and consumers:
How consumers view and value different aspects of privacy –and whether there is a difference between what they say they value, and what they actually do in practice online.
How firms can set fair privacy policies and ensure consumers adequately understand their policies.
The call for Privacy By Design—the practice of embedding privacy protections into products and services at the design phase, rather than after an application is created.
Comparing privacy or “data protection” law in Europe and in the U.S. Unlike Europe, the U.S. has no comprehensive privacy law, so privacy online falls under a range of different, and overlapping, set of rules covering different types of information.
Online behavioral advertising (OBA), a process of profiling a user based on his or her online activities and using this profile, constructed over time; advertising networks show ads most likely to be of interest to each user, charging a premium price to do so.
Location-based tracking, especially regarding mobile devices, raises potential privacy dangers; and has opened up debates around tracking devices violating Fourth Amendment rights.
Facial-recognition technology and tools are capable of linking facial images to anonymous online data. The privacy implications of this work are significant; however, the biggest problem could be the inaccuracy of this and other data-mining techniques.
‘Do Not Track’ (DNT) proposes to give web users the option to limit tracking by advertisers online.
Big Data uses data mining techniques to identify patterns in large datasets. Inherent in the details of the data sets are potential security breaches and privacy violations of the individuals associated with the de-identified data (i.e., search queries, credit card purchases, phone numbers dialed).
The intersection between privacy and other goals such as security, competition, or free speech.
The costs and benefits of privacy regulation.
M. Ryan Calo of the University of Washington advises companies on issues of data security, privacy, and telecommunications.
Lorrie Faith Cranor of Carnegie Mellon University has played a key role in building the usable privacy and security research community.
Chris Hoofnagle of the Berkeley Center for Law and Technology writes about background checks, airport searches, and model privacy law.
"We want to provide a longitudinal and empirical basis for the description of privacy problems online. So as the FTC and Department of Commerce adopt approaches, we can say something about whether tracking is increasing or decreasing or shifting to other technologies.” Chris Hoofnagle quoted in the San Francisco Chronicle, “Web Privacy Census Shows Tracking Pervasive,” June 26, 2012
Deirdre Mulligan, Berkeley Center for Law and Technology, research agenda focuses on information privacy and security.
Ira Rubenstein of the Information Law Institute at New York University focuses his research on Internet privacy, electronic surveillance law, online identity, Internet security and software liability.
Paul M. Schwartz of the UC Berkeley School of Law is an expert on international privacy norms and surveillance
Dan J. Solove, George Washington University Law School, is an internationally-known expert in privacy law.
Peter Swire of the Moritz College of Law is an internationally recognized expert in the fields of privacy, computer security, and the law of cyberspace.
Joseph Turow of the University of Pennsylvania Law School writes about consumer’s views of privacy and advertising.
“We must move from the current marketing regime that uses information with abandon – where people’s data are being sliced and diced to create reputations for them that they don’t know about and might not agree with – to a regime that acts toward information with respect.” From testimony to the United States Senate, July 27, 2010
These sources are a good place to start in understanding privacy issues. Daniel Solove and Chris Hoofnagle support broad regulation of privacy in “A Model Regime of Privacy Protection.” Robert W. Hahn and Anne Layne-Farrar take a more skeptical view in “The Benefits and Costs of Online Privacy Legislation.” Peter Swire looks at privacy and competition policy in “Privacy and Antitrust.” In “Bridging the Gap Between Privacy and Design,” Deirdre Mulligan and Jennifer King call for embedding privacy protections into products and services at the design phase, known as Privacy By Design. Ira Rubinstein and Nathan Good also advocate Privacy By Design by offering the first comprehensive analysis of engineering and usability principles specifically relevant to privacy in “Privacy by Design: A Counterfactual Analysis of Google and Facebook Privacy Incidents.” In “Smart, Useful, Scary, Creepy: Perceptions of Online Behavioral Advertising,” Lorrie Faith Cranor, along with colleagues Blase Ur, Pedro G. Leon, Richard Shay, and Yang Wang, found that online users were unable to determine accurately what information is collected during Online Behavioral Advertising (OBA).
Do Not Track (DNT) has been hotly debated between privacy advocates and the advertising industry. The W3C Tracking Protection Working group has spent over a year developing a standard for DNT, but has yet to decide how to implement DNT mechanisms. Meanwhile, the advertising industry is fighting back against DNT. The Association of National Advertisers wrote an open letter to Microsoft about the “grievous infraction” of making Do Not Track a default option on the Internet Explorer 10 browser. The advertising industry consortium, the Digital Advertising Alliance, says it supports DNT when it is an affirmative choice by the consumer and says that industry self-regulation already works well.
A September 2012 Government Accountability Office report, requested by Sen. Al Franken (D-Minn.), called for rules protecting mobile consumer privacy. The report found that consumers were largely unaware that some mobile app developers and wireless carriers were sharing or selling their data to third parties. While there are recommended guidelines for privacy policies, practices have not been consistently implemented.
In August 2012, the Federal Trade Commission (FTC) proposed amendments to the 1998 Children’s Online Privacy Protection Act (COPPA) that aims to protect children online. The FTC wants to modify the law to reflect changes in technology to cover mobile devices and expand the definition of personal information to include Internet protocol numbers. Others fear that these modifications could curtail the availability of web content aimed at children.
The FTC delivered its final report on protecting consumer privacy online in March 2012, which called for Congress to implement legislation providing “baseline privacy protection” to build off of industry self-regulatory efforts. In February 2012 the White House proposed a Consumer Privacy Bill of Rights.
In September 2012, Rep. Edward Markey introduced H.R. 6377: The Mobile Device Privacy Act
would require disclosure and consent regarding the monitoring of mobile device usage.
In July 2012, Rep. John Conyers introduced H.R. 6183, Cyber Privacy Fortification Act of 2012
to protect cyber privacy.
In February 2011, Rep. Bobby Rush reintroduced the Best Practices Act
, H.R. 611, to foster transparency about the commercial use of personal information. The bill was referred to the Subcommittee on Commerce, Manufacturing, and Trade.
In February 2011, H.R. 654, the Do Not Track Me Online Act
was introduced by Rep. Jackie Speier to direct the Federal Trade Commission to prescribe regulations regarding the collection and use of information obtained by Internet tracking activities.
In April of 2011, S. 799, the Commercial Privacy Bill of Rights Act of 2011 was introduced by Sen. John Kerry to establish a regulatory framework for the comprehensive protection of personal data for individuals.
To see a calendar of events of relevance to TAP academic work, please see the TAP Events page
For media inquiries on a range of TAP topics, or for assistance facilitating interviews between reporters and academics, contact TAP@techpolicy.com.