Informational Privacy, Privacy Law, Consent, and Norms Richard Warner

Why Privacy and Security? What is the connection between privacy and security? Online security is essentially a matter of preventing unauthorized access to information while ensuring authorized access. What how should we distinguished between authorized and unauthorized access?

Privacy and Security To answer, we need to know what should be private. Consider health information. What information should be secured against unauthorized access, and how secure should it be?

Three Types of Privacy Spatial rights define a physical zone of control over intrusions by others. Decisional rights protect an individual’s freedom of choice. Informational rights demarcate an ability to determine what others know about us and what they do with that knowledge.

Informational Privacy Informational privacy is a matter of control. It is “the claim of individuals, groups, or institutions to determine for themselves when, how, and to what extent information about them is communicated to others”[1] and for what purpose others use that information.[1]  Alan Westin, Privacy and Freedom 7 (1967).

Loss of Control The degree of control we once enjoyed has vanished. Advances in information processing technology now give others considerable power to determine when personal information is collected, how it is used, and to who distributed.

Direct Marketing Example “One can reasonably expect to purchase a listing of five thousand women who are both public employees and wear sexy underwear; or business owners who espouse far-right political causes; or registered Republicans who are purchasers of pornography—or... of pornography with S-M themes.... The guest list information from a hotel frequented by lesbians... [and lists of] women who buy wigs; callers to a romance telephone service; impotent middle-aged men; gamblers; buyers of hair removal products; male buyers of fashion underwear; believers in the feminist political movement, anti-gay movement, and prayer in the public schools.”

Direct Marketing Direct mail marketing now “returns $10 in sales for every $1 in costs—a ratio double that for a television advertisement.” Direct marketing now accounts for just over half of all advertising expenditures.

Categories It is convenient to divide activities affecting informational privacy in to three categories: Activities affecting informational privacy CollectionProcessingDistribution

Privacy in the Past In the recent past, our ability to process information was relatively limited. Consequently, what each of us thought ought to be private could, through our own efforts, be kept private to a considerable extent. Consequently, privacy law focused primarily on distribution and, to some extent, on collection.

The Common Law Torts The common law privacy torts reflect this background. Only one tort is concerned with collection:  Intrusion into seclusion. The other three distribution:  Public disclosure of private facts,  False light,  Misappropriation of a name or likeness. Misappropriation protects one’s financial interest in one’s name or likeness, so the first two really concern the disclosure of information.

Unreasonable Intrusion Into Seclusion Intentional intrusion on the seclusion of another Highly offensive to a reasonable person Remsburg v. Docusearch  Do I have an expectation of privacy in my Work address? Social security number? Where do I have a reasonable expectation of privacy?  Subjective expectation required?

Appropriation Of Likeness Or Name Interfere with the “interest of the individual in the exclusive use of his own identity, in so far as it is represented by his name or likeness.” See Restatement (Second) of Torts § 652C, Comment a (1977) Absence of permission Topheavy Studios v. Jane Doe Financial advantage No significant newsworthiness  Restatement (Second) Torts §652(C)

Unreasonable Publicity Of Private Facts Publicity of private facts about an individual Which is highly offensive to a reasonable person, and No newsworthiness.  Social value  Voluntary or involuntary public figure?  Involuntary: substantial nexus between published matters and public interest in those matters

Public placing in false light Use of a name or identifying information, Which would lead a reasonable person to believe falsely that the individual has been engaged in criminal or morally reprehensible conduct.

Daniel Solove “Theorists have proclaimed the value of privacy to be protecting intimacy, friendship, individuality, human relationships, autonomy, freedom, self-development, creativity, independence, imagination, counterculture, eccentricity, creativity, thought, democracy, reputation, and psychological well-being.”

Privacy Harms Horror stories  Increased risk of bad outcomes Solove, Bartow Cumulative information overload Changes in the balance of power  May be commercial or non-commercial Concentration of power leads to abuse Social inequities Chilling effect  Fermat’s Last Theorem example (Andrew Wiles)  Impact on the development of the self.

Two Claims Technology has enabled ever-increasing mass surveillance—constant surveillance of almost everyone over a wide range of activities. The goal is discrimination. Governmental: to determine eligibility; entitlement; law-abidingness. Private: to profit: credit worthiness; insurance; direct marketing; price discrimination.

James Rule on Information Processing “A distinctive and sociologically crucial quality: they not only collect and record details of personal information; they are also organized to provide bases for action toward the people concerned. Systematically harvested personal information, in other words, furnishes bases for institutions to determine what treatment to mete out to each individual.”

Dwyer v. American Express American Express analyzed the purchases of its cardholders to divide them into “six tiers based on spending habits and then rent this information to... merchants... [D]efendants analyze where they shop and how much they spend, and also consider behavioral characteristics and spending histories. Defendants... create a list of cardholders who would most likely shop in a particular store and rent that list to the merchant.”

Collection Distribution Intrusion on seclusion Public disclosure of private. facts Misappropriation False light Disclosure of sensitive information Trespass Processing Contract

Consent Requirements Why not require businesses to present consumers with relevant information in an understandable fashion and secure an affirmative act of agreement to proceeding with the transaction? I assume that consumers will obtain this information primarily by reading privacy policies and contracts governing sales of goods or the provision of services, where the latter includes terms of use agreements governing the use of web sites. I will call these collectively, privacy notices.

Unread Privacy Notices “Judging by behavior in the marketplace, most consumers have better things to do with their time than read privacy notices... [P]rocessing privacy notices is a cost that most consumers apparently do not believe is worth incurring. The perceived benefits are simply too low.”  J. Howard Beales, III & Timothy J. Muris, Choice or Consequences: Protecting Privacy in Commercial Information, 75 U. of Chi. L. Rev. 109 – 110 (2008).

Informed Consent Is Impossible Even if they did read and understand privacy notices, consumers would not obtain all the information necessary to give informed consent. The data aggregation problem.

The Approach Would Have Bad Results Suppose consumers could obtain and understand all the relevant information. The resulting overall pattern of consent would determine a tradeoff between privacy and competing concerns. Is there any reason to think that the tradeoff will result in the socially optimal balance between informational privacy and competing concerns?

No Socially Optimal Outcome There would be if:  (1) the giving or withhold of consent signaled consumers’ preferences with regard to consent to sellers;  (2) sellers responded to these signals by altering their offerings to reflect these values;  (3) buyers responded by preferring products and services consistent with their preference about consent to those not consistent;  (4) this feedback mechanism yielded the socially optimal allocation of information.

Non-Optimal Results But even if (1) – (3) are true, there is no reason to think (4) is. The telephone book example.

Informational Norms Informational norms are social norms that constrain the collection, use, and distribution of personal information. Informational norms explain why, for example, you expect your pharmacist to inquire about drugs you are taking (to prevent harmful drug interactions), but not whether you are happy in your marriage. Such norm-governed exchanges not only implement acceptable tradeoffs between informational privacy and competing goals, they also ensure consumers give free and informed consent to those tradeoffs.