Category: 96:6

Technologies that mediate social interaction can put our privacy and our safety at risk. Harassment, intimate partner violence and surveillance, data insecurity, and revenge porn are just a few of the harms that bedevil technosocial spaces and their users, particularly users from marginalized communities. This Article seeks to identify the building blocks of safe social spaces, or environments in which individuals can share personal information at low risk of privacy threats. Relying on analogies to offline social spaces—Alcoholics Anonymous meetings, teams of coworkers, and attorney-client relationships—this Article argues that if a social space is defined as an environment characterized by disclosure, then a safe social space is one in which disclosure norms are counterbalanced by equally as powerful norms of trust that are both endogenously designed in and backed exogenously by law. Case studies of online social networks and social robots are used to show how both the design and law governing technosocial spaces today not only do not support trust, but actively undermine user safety by eroding trust and limiting the law’s regulatory power. The Article concludes with both design and law reform proposals to better build and protect trust and safe social spaces.

Consent has enjoyed a prominent position in the American privacy system since at least 1970, though historically, consent emerged from traditional notions of tort and contract. Largely because consent has an almost deferential power as a proxy for consumer choice, organizations increasingly use consent as a de facto standard for demonstrating privacy commitments. The Department of Health and Human Services and the Federal Trade Commission have integrated the concept of consent into health care, research, and general commercial activities. However, this de facto standard, while useful in some contexts, does not sufficiently promote individual patient interests within leading health technologies, including the Internet of Health Things and Artificial Intelligence.

Despite consent’s prominence in United States law, this Article seeks to understand, more fully, consent’s role in modern health applications, then applies a philosophical-legal lens to clearly identify problems with consent in its current use. This Article identifies the principle issues with substituting consent for choice, the “consent myth,” a collection of five problems, then proposes principles for addressing these problems in contemporary health technologies.

Consent permeates both our law and our lives—particularly in the digital context. Consent is the foundation of the relationships we have with search engines, social networks, commercial web sites, and any one of the dozens of other digitally mediated businesses we interact with regularly. We are frequently asked to consent to terms of service, privacy notices, the use of cookies, and so many other commercial practices. Consent is important, but it’s possible to have too much of a good thing. As scholars have documented, while consent models permeate the digital consumer landscape, the practical conditions of these agreements fall far short of the gold standard of knowing and voluntary consent. Yet as scholars, advocates, and consumers, we lack a common vocabulary for talking about the different ways in which digital consents can be flawed.

This article offers four contributions to improve our understanding of consent in the digital world. First, we offer a conceptual vocabulary of “the pathologies of consent”—a framework for talking about different kinds of defects that consent models can suffer, including unwitting consent, coerced consent, and incapacitated consent. Second, we offer three conditions for when consent will be most valid in the digital context: when choice is infrequent, when the potential harms resulting from that choice are vivid and easy to imagine, and where we have the correct incentives choose consciously and seriously. The further we fall from these conditions, we argue, the more a particular consent will be pathological and thus suspect. Third, we argue that our theory of consent pathologies sheds light on the so-called “privacy paradox”—the notion that there is a gap between what consumers say about wanting privacy and what they actually do in practice. Understanding the “privacy paradox” in terms of consent pathologies shows how consumers are not hypocrites who say one thing but do another. On the contrary, the pathologies of consent reveal how consumers can be nudged and manipulated by powerful companies against their actual interests, and that this process is easier when consumer protection law falls far from the gold standard. In light of these findings, we offer a fourth contribution—the theory of consumer trust we have suggested in prior work and which we further elaborate here as an alternative to an over-reliance on increasingly pathological models of consent.

Despite numerous groups’ efforts to score, grade, label, and rate the privacy of websites, apps, and network-connected devices, these attempts at privacy indicators have, thus far, not been widely adopted. Privacy policies, however, remain long, complex, and impractical for consumers. Communicating in some short-hand form, synthesized privacy content is now crucial to empower internet users and provide them more meaningful notice, as well as nudge consumers and data processors toward more meaningful privacy. Indeed, on the basis of these needs, the National Institute of Standards and Technology and the Federal Trade Commission in the United States, as well as lawmakers and policymakers in the European Union, have advocated for the development of privacy indicator systems.

Efforts to develop privacy grades, scores, labels, icons, certifications, seals, and dashboards have wrestled with various deficiencies and obstacles for the wide-scale deployment as meaningful and trustworthy privacy indicators. This paper seeks to identify and explain these deficiencies and obstacles that have hampered past and current attempts. With these lessons, the article then offers criteria that will need to be established in law and policy for trustworthy indicators to be successfully deployed and adopted through technological tools. The lack of standardization prevents user-recognizability and dependability in the online marketplace, diminishes the ability to create automated tools for privacy, and reduces incentives for consumers and industry to invest in privacy indicators. Flawed methods in selection and weighting of privacy evaluation criteria and issues interpreting language that is often ambiguous and vague jeopardize success and reliability when baked into an indicator of privacy protectiveness or invasiveness. Likewise, indicators fall short when those organizations rating or certifying the privacy practices are not objective, trustworthy, and sustainable.

Nonetheless, trustworthy privacy rating systems that are meaningful, accurate, and adoptable can be developed to assure effective and enduring empowerment of consumers. This paper proposes a framework using examples from prior and current attempts to create privacy indicator systems in order to provide a valuable resource for present-day, real world policymaking.

First, privacy rating systems need an objective and quantifiable basis that is fair and accountable to the public. Unlike previous efforts through industry self-regulation, if lawmakers and regulators establish standardized evaluation criteria for privacy practices and provide standards for how these criteria should be weighted in scoring techniques, the rating system will have public accountability with an objective, quantifiable basis. If automated rating mechanisms convey to users accepted descriptions of data practices or generate scores from privacy statements based on recognized criteria and weightings rather than from deductive conclusions, then this reduces interpretive issues with any privacy technology tool. Second, rating indicators should align with legal principles of contract interpretation and the existing legal defaults for the interpretation of silence in privacy policy language. Third, a standardized system of icons, along with guidelines as to where these should be located, will reduce the education and learning curve now necessary to understand and benefit from many different, inconsistent privacy indicator labeling systems. And lastly, privacy rating evaluators must be impartial, honest, autonomous, and financially and operationally durable in order to be successful.

Currently, we frame individuals online as in a series of exchanges with specific firms, and privacy, accordingly, is governed to ensure trust within those relationships. However, the focus on the relationship between consumers and specific firms does not capture how the online environment behaves. The aggregation and secondary use of consumer data is performed by market actors behind the scenes without any relationship with consumers. Trusting a single firm is not enough; individuals must trust the online market in general. Such institutional trust has gone under-examined in regards to privacy online. Little has been done to measure how aggregating and using consumer data supports a larger online market and impacts institutional trust online.

This paper explores how privacy governance should also be framed as protecting a larger market to ensure consumers trust being online. In a series of studies, I empirically examine (a) how typical secondary uses are judged along a generalized (for the good of the market) versus reciprocal (for the good of the consumer) exchange and impact institutional and consumer trust, and (b) whether governance mechanisms (limitations on the use of data such as adequate notice, auditing, non-identifiable information, limited storage, etc.) increase consumer trust in companies. I find:

• Respondents find secondary uses of consumer data more appropriate if judged more within a generalized exchange (academic research) or within a reciprocal exchange (product search results) or both (credit security). However, most secondary uses of data are deemed privacy violations and decrease institutional trust online.
• Using privacy notices is the least effective governance mechanism of those included here whereas being subject to an audit was as effective as using anonymized data in improving consumer trust.
• Institutional trust online impacts a consumer’s willingness to engage with a specific online partner in a trust game experiment

The findings have implications for public policy and practice. Secondary uses of information online need not only be justified in a simple quid-pro-quo exchange with the consumer but could also be justified as appropriate for the online context within a generalized exchange. However, the majority of secondary uses currently popular cannot be justified as within either a general exchange or a reciprocal exchange and are judged inappropriate, violations of privacy, and decrease both interpersonal and institutional trust.

Second, if privacy violations hurt not only interpersonal consumer trust in a firm but also institutional trust online, then privacy would be governed similar to insider trading, fraud, or bribery—to protect the integrity of the market. Punishment for privacy violations would be set to ensure bad behavior is curtailed and institutional trust is maintained rather than to remediate a specific harm to an individual.

Privacy is a mysterious concept. The more apparent its significance in the real world becomes, the more obscure the core and the limitations of the concept become. In the digital age, it is urgent that the legal framework to protect privacy should be enhanced more than ever before. At the same time, the right-based model of privacy which has long been dominant in theory and practice is now challenged by many privacy law experts who propose a shift from the right-based model to the trust-based model, a transition from the consent-based regime to the expectation-based regime, or from the user’s right to control to the fiduciary duties of professionals. This Article addresses the current debate and contributes to the ongoing search for a new concept of privacy by looking back at privacy’s past. As a legal formula, privacy was introduced at the end of the nineteenth century. However, we can trace its cultural origin to ancient Greek thought and the idea of a distinction between the public and the private realms that was inherent in the design and political structure of the polis. Relying on Hannah Arendt’s works, this Article draws some critical implications from the ancient idea and its modern turn, focusing on both the privative traits and the non-privative traits of privacy. The argument is that the ancient Greek concept of privacy originally suggests a state of being deprived of relationships with others, and the implication is that privacy has been a relational concept since the beginnings of western political thought. This Article maintains that privacy law should seek its foundations in the nature of privacy as a component of the human condition, the existential fact that we all live with ambivalence between whether to disclose or conceal some aspect of our selves to others. This Article proposes that we shift away from thinking of privacy in relation to the demand to be “left alone” and think rather about the framing of regulative ideals for relation-building.

This Article contends that the Privacy Act of 1974, a law intended to engender trust in government records, can be implemented in a way that inverts its intent. Specifically, pursuant to the Privacy Act’s reporting requirements, in September 2017, the U.S. Department of Homeland Security (DHS) notified the public that record systems would be modified to encompass the collection of social media data. The notification justified the collection of social media data as a part of national security screening and immigration vetting procedures. However, the collection will encompass social media data on both citizens and noncitizens, and was not explicitly authorized by Congress. Social media surveillance programs by federal agencies are largely unregulated and the announcement of social media data collection pursuant to the reporting requirements of the Privacy Act deserves careful legal attention. Trust in the Privacy Act is at risk when the Act’s notice requirements announce social media data collection and analysis systems under the guise of modifying record collection and retention protocols. This Article concludes that the social media data collection program proposed by DHS in September 2017 requires express legislative authorization.

Direct-to-consumer genetic testing (DTC-GT) companies have proliferated and expanded in recent years. Using biospecimens directly submitted by consumers, these companies sequence and analyze the individual’s genetic information to provide a wide range of services including information on health and ancestry without the guidance of a healthcare provider. Given the sensitive nature of genetic information, however, there are growing privacy concerns regarding DTC-GT company data practices. We conduct a rigorous analysis, both descriptive and normative, of the privacy policies and associated privacy risks and harms of the DTC-GT services of two major companies, 23andMe and Ancestry, and evaluate to what extent consumers’ genetic privacy is protected by the policies and practices of these two companies. Despite the exceptional nature of genetic information, the laws and agency regulation surrounding genetic privacy and DTC-GT services are fragmented and insufficient. In this analysis, we propose three categories of privacy harms specific to DTC-GT—knowledge harms, autonomy and trust-based harms, and data misuse harms. Then, through the normative lens of exploitation, we argue that 23andMe and Ancestry’s data practices and privacy policies provide consumers with insufficient protection against these harms. Greater efforts from both the industry and legal system are necessary to protect DTC-GT consumers’ genetic privacy as we advance through the era of genomics and precision medicine.

Every generation has preferred modes of self-disclosure. Not long ago, lovers revealed their thoughts, desires, and secrets over the phone and in letters. Today, they exchange personal histories and nude photos via text and online chats. Yet no matter the era’s chosen mode of communication, the success of intimate relationships depends upon sexual privacy. Intimacy can develop only if partners trust each other to treat their self-revelations with discretion and care.

Self-disclosure, however, is difficult after one’s nude photos have been posted online or one’s intimate encounters have been videotaped without permission. Individuals refrain from dating for fear that their intimate revelations will again be surveilled and exposed in unwanted ways. Sexual-privacy invasions thus undermine the possibility of intimate relationships.

Law should punish intimacy-destroying invasions of sexual privacy, and market efforts should be trained on their prevention and mitigation. Some private responses, however, require a healthy dose of skepticism as they over-promise and under-deliver for sexual privacy.