March 26, 2017

Privacy: A Personality, Not Property, Right

The European Court of Justice’s decision in Google v. Costeja González appears to compel search engines to remove links to certain impugned search results at the request of individual Europeans (and potentially others beyond Europe’s borders). What is more, Costeja may inadvertently and ironically have the effect of appointing American companies as private censors and arbiters of the European public interest.

Google and other private entities are therefore saddled incomprehensibly with the gargantuan task of determining how to “balance the need for transparency with the need to protect people’s identities,” and Costeja’s failure to provide adequate interpretive guidelines further leads to ad hoc approaches by these companies. In addition, transparency and accountability are notoriously difficult to cultivate when balancing delicate constitutional values, such as freedom of expression and privacy. Indeed, even the constitutional courts and policy makers who typically perform this balancing struggle with it—think of the controversy associated with so-called “judicial activism.” The difficulty skyrockets when the balancers are instead inexperienced and reticent corporate actors, who presumably lack the requisite public legitimacy for such matters, especially when dealing with foreign (non-U.S.) nationals.

The Costeja decision attempts to paper over the growing divergence between Anglo-American and continental approaches to privacy. Its poor results highlight internal normative contradictions within the continental tradition and illustrate the urgency of re-conceptualizing digital privacy in a more transystemically viable fashion. [Read more…]

Learning Privacy Expectations by Crowdsourcing Contextual Informational Norms

[This post reports on joint work with Schrasing Tong, Thomas Wies (NYU), Paula Kift (NYU), Helen Nissenbaum (NYU), Lakshminarayanan Subramanian (NYU), Prateek Mittal (Princeton) — Yan]

To appear in the proceedings of the Fourth AAAI Conference on Human Computation and Crowdsourcing (HCOMP 2016)

We would like to thank Joanna Huey for helpful comments and feedback.

Motivation

The advent of social apps, smart phones and ubiquitous computing has brought a great transformation to our day-to-day life. The incredible pace with which the new and disruptive services continue to emerge challenges our perception of privacy. To keep apace with this rapidly evolving cyber reality, we need to devise agile methods and frameworks for developing privacy-preserving systems that align with evolving user’s privacy expectations.

Previous efforts [1,2,3] have tackled this with the assumption that privacy norms are provided through existing sources such law, privacy regulations and legal precedents. They have focused on formally expressing privacy norms and devising a corresponding logic to enable automatic inconsistency checks and efficient enforcement of the logic.

However, because many of the existing regulations and privacy handbooks were enacted well before the Internet revolution took place, they often lag behind and do not adequately reflect the application of logic in modern systems. For example, the Family Rights and Privacy Act (FERPA) was enacted in 1974, long before Facebook, Google and many other online applications were used in an educational context. More recent legislation faces similar challenges as novel services introduce new ways to exchange information, and consequently shape new, unconsidered information flows that can change our collective perception of privacy.

Crowdsourcing Contextual Privacy Norms

Armed with the theory of Contextual Integrity (CI) in our work, we are exploring ways to uncover societal norms by leveraging the advances in crowdsourcing technology.  

In our recent paper, we present the methodology that we believe can be used to extract a societal notion of privacy expectations. The results can be used to fine tune the existing privacy guidelines as well as get a better perspective on the users’ expectations of privacy. [Read more…]

The AT&T Deal Is About the Data

Most of the mainstream media coverage of the proposed AT&T acquisition of Time Warner has missed an important risk. Much of the discussion has focused on the potential market power the combined entity would have to raise prices, limit choice or otherwise disadvantage consumers.

A primary motivation for the deal, however, as readers of Freedom to Tinker well understand, is the desire to access more and deeper data about consumer behavior. The motivation to combine companies is not monopolistic control, but rather a timely effort to become a player in the lucrative, $77 billion world of targeted digital advertising, now controlled by Google and Facebook.

Some media, especially those covering the FCC and FTC, have begun detailing the data privacy issues raised by the deal. Hopefully, mainstream media will soon follow suit.

Here are some links:

BNA: FCC Privacy Rules Could Hamper AT&T-Time Warner Data Mining

Inside Sources: Mega Mergers Like AT&T-Time Warner are Becoming a Problem for Privacy Regulation

Bloomberg: Privacy Rule Imperils Data Riches as AT&T Pursues Time Warner

Fortune: Media Companies Want U.S. to Force AT&T-Time Warner to Share Customer Data