Social Distortion: Privacy, Consent, and Social Networks

transcript

Social Distortion:Privacy, Consent, and Social NetworksH. Brian HollandVisiting Associate Professor of LawDickinson School of Law at Penn State University

Not talking about covert surveillance

Not talking about the government

but rather

Voluntary disclosure of personal information

to private institutions

1. The current market for personal informationThe privacy paradoxDistortions in the market

2. Social network sites: Market distortions on steroids

Changes to the information-exchange agreement

Social phenomena driving disclosure

3. Why most proposed legal solutions will not work

4. What will work

The Paradox of the Privacy “Market”

We say one thing.I want my privacy.

We do something else.Here’s my data. Take what you want.

(just give me my stuff)

Examples

The claim

43% of online users claim that they are likely to read the privacy policy

of an ecommerce sitebefore buying anything

The reality

26% actually consulted the privacy policy

Even more odd,essentially no difference between

privacy fundamentalists, pragmatists, or the unconcerned

The claim

71% want to control who can access their personal information

The reality

~ 75% have supplied

first namelast name

emailstreet address

~ 50% have supplied

phone numberbirthday

credit card information

(to e-commerce sites)

Why the paradoxbetween professed attitude

and actual behavior?

Blame it on the market

and the law of the market

Starting point

The current market for

transferring personal information

(1) revelation (mere disclosure)

(2) consent – express or implied

Any regulation?

some targeted limits on:

extremely invasive collection and use(privacy torts)

certain kinds of data(e.g. health records)

certain subjects of data(e.g. kids)

But most data can be collected or given away very cheaply.

So, why do we consent so easily?

3 points

Lack of legal control over data

No property rights in personal data

Lack of bargaining power

Inability to control downstream rights

The decline of consent contracting

Contracts as standardized commodities

Contracts as part of the product

Market distortions(behavioral economics)

Incomplete or asymmetric information

Bounded rationality

Systemic psychological deviations from rationality

Creates artificially low prices

for personal information

consent is cheap

Personal information as a commodity.

Social Network Sites

Market distortions

on steroids.

A social-tools model of production

An effective tool of coordination

A plausible promise(the basic “why” to join or contribute)

An acceptable bargain with users

But is it a bad bargain for users?

Capturing users’ personal information

Privacy 1.0 – Centralized data collection, storage and aggregation

Privacy 2.0 – Peers as both sensors and producers

Owning user’s personal information(storage, use, transfer)

Why consent to a bad bargain?

What do users get?

New and powerful market distortions

Two integrated points

Social network sites are …

(1) Altering the basic structure of the information exchange agreement

(2) Benefiting from certain social phenomena that are driving us to join the network and

to disclose a lot of personal information

The structure of the

information-exchange agreement

consent recedes into the background

First point

The classic e-commerce model

Personal information associated with delivery of current goods or services and the provision of future goods or services

Merchandise

Services

Database

The g-mail model

Initial negotiation and transaction

(looks like the ecommerce model)

A little bit of personal

information

In exchange for services

The g-mail model

Lots of personal information

Subsequent negotiations and transactions for the exchange of personal information

between contacts

The g-mail model

Lots of personal information

Lots o

f perso

nal in

Not holding?Not passing on?

Gmail recedes into the background, almost as a third-

party beneficiary of these subsequent transactions (info exchange) between contacts

The Social Network Site model

information

Lots of personal

information

Lots o

f perso

nal in

information

Lots of personal

information

Lots o

f perso

nal in

Lots and lots and lots and lots of personal information

In exchange for ???

information

Lots of personal

information

Lots o

f perso

nal in

In exchange for ???

Database

Certain social phenomena

Driving us to join the network

Driving us to disclose a lot of personal information

Second point

Social phenomena

(a) The evolution of social organizationtoward social networks and networked individualism

(b) Online identity performanceassertions of digital identity

processes of identity formation

Glocalized Relationships

NetworkedIndividualismBounded

Groups

(a) The evolution of social organization(from little boxes to social networks)

neighborhoods householdsworkplaces

Networked individualismRelationship unhinged from location

Person-to-person connectivity(replacing place-to-place)

Facilitating larger, more fragmented networks

Using technology to manage intimacy

in larger, more fragmented social networks

The email example

Asynchronous

Flexible

Control

Contact with multiple people

Social network sites

Flexible, asynchronous communication

Leveraging our need to build and maintain relationships

Need for community

Need to remain connected

Need to retain and createcommon experience

Need to engagepeer opinion and build reputation

Personal informationis at the heart of relationship

This is how we

create intimacy

Not basic identifiers or contact information

Truly personal information

Expressions of Self

Preferences

Graphic representations

Affiliations

Acts and activities

Sexuality

Identity

(b) Online identity performance

Assertions of digital identity(all users)

Process of identity formation

(younger users)

Assertions of digital identity

(all users)

Traditional identity cluesare not available

compensate

Other clues

More information

More communication time

Using networks to triangulate and authenticate(to overcome ease of manipulation)

Process of identity formation

(younger users)

Using digital space to …

Work out identity and status

Make sense of cultural clues and societal norms

Negotiate public life

Part of this is

taking risks

Putting yourself out there

Pushing boundaries

Gauging reactions

What is acceptable and what is not?

Just as with intimate relationships

Personal information

is at the heart of

identity performance

Acts of articulation

Images

Developing a virtual presence or identity.

and social networks get it all

information

Lots of personal

information

Lots o

f perso

nal in

In exchange for ???

Database

Terms of Service and Privacy Policies

* highlights *

And users consent to all of this …

So, what’s my point?

It’s not just immature and irresponsible kids

Just say “no”

Would you want your grandmother

to read it!

Would you post it in Times Square?

There are real, concrete reasons for posting so much personal information.

They won’t simply “grow out of it”

Proposed legal solutions?

1. Targeting market distortionsincreased salience

propertization

2. Altering the terms of consentcontract reform / limitations on consent

opt-in vs. opt-out

3. Expanding rights and regulationconsumer fraud regulations

tort liability

Why they won’t work

propertization

opt-in vs. opt-out

tort liability

Ineffective at altering the decision to provide consent

propertization

opt-in vs. opt-out

tort liability

Focus on the wrong problem: misuse rather than consent

“If a person consents to most of these activities,

there is no privacy violation.”

Daniel J. SoloveA Taxonomy of Privacy

propertization

opt-in vs. opt-out

tort liability

Interference with autonomy &Negative impact on

functionality

What will work?

Regulate privacy

Preserve the benefits of new social spaces(functionality)

Is it really a problem?

How much of a problem is it?

What do users really want?

Emerging social norms of

“network” privacy

Regulating data-flow between networks

Architecture/DesignUser-controlled partitions

TechnologyTagging data

Contextual data

LawRestrictions on downstream use and transfer

Restrictions on network-crossing

Data portability

Regulating data-use within networks

The market is more likely to workThe “Beacon” example

Strengthened by portability

Social norms will develop

Thank you.