Bridging the Gap between Privacy and Design

Privacy and Security and Internet

Article Snapshot


Jennifer King and Deirdre Mulligan


Journal of Constitutional Law, Vol. 14, No. 4, pp. 989-1034, 2012


Privacy issues can arise between users of a service rather than between the provider and the user, especially on social networking sites (SNSs). Privacy policies fail to address such problems. Firms should try to discover users’ privacy needs, which vary widely depending on circumstances.

Policy Relevance

The FTC should encourage firms to design privacy into their products and services.

Main Points

  • The dominant theory of privacy focusses on privacy policies designed by lawyers; but, increasingly, regulators ask developers to choose “Privacy by Design,” that is, to favor configurations, interfaces, and default settings that protect privacy.
  • Privacy policies address concerns that arise between Facebook and its users, but do not address privacy problems that arise between users.
    • In 2006, Facebook introduced the News Feed.
    • Users complained of being bombarded by their friends’ information.
  • Facebook users were upset because:
    • Privacy norms maintain boundaries between individuals that define relationships.
    • Flows of information inconsistent with expectations are seen as privacy violations.
    • Privacy protection requires fine-grained control over multiple objects and actors.
  • Companies should go beyond complying with laws that require privacy policies; people’s privacy preferences vary depending on context, and companies should discover these preferences.
  • Facebook, Google, and other firms employ Human Computer Interaction (“HCI”) researchers to design technologies consistent with users’ values, but disregard insights that conflict with other business goals.
  • New regulations could prompt corporations to invest in privacy by design.
    • In settling privacy complaints, the FTC asks firms to identify privacy risks in design and build privacy controls into their product.
    • The FTC rejects egregious surveillance hidden in a privacy policy’s fine print.
    • The FTC can establish new norms through conferences, hearings, and other “soft law” influence.


Get The Article

Find the full article online

Search for Full Article