Presentation is loading. Please wait.

Presentation is loading. Please wait.

A Consent-Based Approach Richard Warner

Published byAusten Lindsey Modified over 9 years ago

Similar presentations

Presentation on theme: "A Consent-Based Approach Richard Warner"— Presentation transcript:

1 A Consent-Based Approach Richard Warner rwarner@kentlaw.edu

2 The Consent Requirement  An attractive to regulate privacy is to impose a “consent requirement”: pass a statute that requires that businesses obtain our consent before they collect certain types of information about us.  The more types of information businesses cannot collect without consent, the greater the privacy protection.  I will bypass the question of what types of information should be included.

3 The Consent Requirement  The consent requirement leaves the decision about when to disclose information in the hands of individual consumers.  If businesses desire information consumers are reluctant to disclose, businesses can offer discounts on purchases or other forms of compensation.  The interactions among consumers and businesses determines the tradeoff between privacy and efficiency.

4 The Consent Requirement  The consent requirement appears at one to solve stroke the privacy problem technology creates.  The problem is that technology greatly reduces our ability to control what others know about us.  The consent requirement appears to return to us by law the control technology has stolen; it ensures a zone of privacy which others may not invade without our explicit, prior consent.

5 The Critical Question  The critical question about the consent requirement is whether it can actually succeed in adequately protecting privacy.  To answer, we need to identify the threats that reduce our ability to control what others know about us.

6 Lack of Consent  Businesses deny us control over what others know about us when they collect information about us without our consent.  Lack of consent is common on the Web.  When you visit a web site, the visit typically triggers the deposit on your hard drive of programs–called “cookies”–that garner information and return it to advertisers.

7 Cookies and Consent  It is arguable that you give implied consent to the use of cookies. You can set your Internet browser to prevent their use. Many sites will refuse access to you if you block cookies. So the implied consent you give does not necessarily represent a truly meaningful choice among viable options.  Consent to cookies is often less than fully informed; many are unaware of just how much information the cookies collect and who receives that information.

8 Consent and Privacy Policies  Even when web sites do attempt to obtain consent to the collection and use of information, the “consent” they obtain is often defective.  Many web sites offer a privacy policy that informs users about what information the business collects and what it does with that information.  Unfortunately, policies are often written in a confusing and deceptive fashion to suggest that the business offers more privacy protection that it really does;

9 Clicking the Box  Consent is often solicited through the request to check a box if you agree to let the business collect information and use it in certain ways.  The box is often checked by default; this means you must notice the box and uncheck it to avoid giving “consent.”  In many cases, if you return to the page to correct erroneously entered information or for some other reason, the box is again checked by default, you must notice that and uncheck it again.

10 Data Aggregation  Even when a consumer has given free and informed consent to the disclosure of information, data aggregation may extend the effects of that disclosure in ways the consumer did not contemplate and to which he or she would not have given consent.

11 The Consent Requirement Solution  The consent requirement can require that web sites contain easily understandable, unambiguous privacy policies and can prohibit such practices as having check-boxes indicating consent checked by default.  The worry is whether privacy policies really produce adequately informed consent.

12 An Objection  A consumer “has real difficulty in assigning the proper value to personal information. It is difficult for the individual to adequately value specific pieces of information.... Because this value is linked to uncertain future uses, it is difficult, it not impossible, for an individual to adequately value her information.” Daniel J. Solove, Privacy and Power: Computer Databases and Metaphors for Information Privacy, 53 Stan. L. Rev. 1393 (2001).

13 The Objection  Improper valuation means that consumers will sometimes make decisions about disclosing information that are the opposite of those that they would make were they better informed.  To the extent that consumers mistakenly impart information that they would withhold were they better informed, they impair their privacy.  To the extent that they mistakenly withhold information that they would impart were they better informed, they impair market efficiency without any offsetting privacy gain.

14 Knowledge of Use  To take myself as an example, there are two cases in which I know enough to determine whether to disclose information even if I am uncertain as its potential uses.  First, there is information so extremely personal that I will keep it private no matter what; I do not need to know proposed uses of this information to decide not to disclose it.  Second, at the other extreme, there is information I will readily disclose no what use may be made of it (within broad limits; I will return to this qualification).

15 Knowledge of Use  Suppose, for example, I purchase a newspaper and a bottle of red wine at a grocery store which retains a record that I purchased those items at a particular price on a particular day.  I have no objection to them having that information; indeed, I want them to have it because they can use it to provide me products I want, run a more efficient store, and pass the efficiency savings on to me in the form of lower costs.

16 Knowledge of Use  I do not care what else they do with the information; as far as I am concerned, they can publish it on a billboard at the exit of the Lincoln tunnel into New York city.  There are limitations, of course; I would not want someone to compile a history of all of my purchases of wine during my lifetime and publish the information on a web site that asserted that my wine consumption was excessive.  I disclose information against a background assumption that the uses that will be made of the information will stay within certain limits; however, I can be confident that the assumption is true.

17 Intermediate Cases  In the intermediate cases between the two extremes, uncertainty about the use of information can be more of a concern. I may, for example, be reluctant to disclose my opinions and political allegiances to my local congressperson’s reelection campaign unless I am assured that the information will not be passed on to the party’s national committee  Uncertainty does not mean I cannot make a rational decision about whether to disclose information.  It just means I face a decision under uncertainty.  If I do not want to run the risk of an unwanted use of information, I simply do not disclose it.

18 Intermediate Cases  If businesses want me to disclose information that uncertainty makes me withhold, they simply have to eliminate the uncertainty by agreeing to limit their uses to those acceptable to me.  They can do, for example, through privacy policies.

19 Privacy Policies  Some will object that consumers do not take the time and trouble to read privacy policies, and hence that it is simply naive to think that detailed privacy policies are an effective method of communication.  We should distinguish two cases.  First, consumers do not read the privacy policy because they do not care sufficiently about the business will do with the information they disclose–my lack of concern about my newspaper and wine purchases illustrates the point.  Here the failure to read the privacy policy does not show that the consent requirement fails to protect privacy; it just shows that consumers do not pointlessly waste their time and effort.

20 Second Case  Second: consumers withhold information they would disclose if they read it and were reassured by the privacy protections offered.  If businesses want the information, they can present the relevant aspects of the privacy practices in a way makes it more likely that consumers will become aware of them.  If they fail to do so, then the cost of acquiring the information is not worth the cost of reaching out to the consumers.  Thus, information remains private unless businesses find it sufficiently important to them to invest in encouraging its disclosure.  Here the consent requirement works precisely as intended. The point is to allow consumers and businesses to strike a balance between privacy and efficiency.

21 Aggregation  In the case of aggregation, the consent requirement fails to strike an adequate balance between privacy and efficiency.  The essential difficulty is that data may be aggregated by a variety of third parties for a wide range of purposes over a number of years.  Thus, when consumers divulge individual bits of information, it is virtually impossible for them to predict the ways in that information will be aggregated and the uses to which the aggregated information will be put.

22 Two Results  First, concern for the unpredictable aggregation consequences will lead some consumers to withhold information that they would willing disclose if they could predict its uses in future data aggregation.  The result is that we forego the efficiency gain we would reap from disclosure without any offsetting privacy protection.  Putting information about aggregation in privacy policies is not the solution.  How is a business to cost-effectively obtain information about what any number of third party aggregators are likely to do with information over a period of several years?

23 Two Results  Second, some consumers will fail to realize or misjudge the aggregation risk and disclose information they would withhold were they better informed.  Here the efficiency gain from disclosure results from a failure properly to protect privacy.  We see an extreme case of this failure in the case of public records, when it is mandatory to divulge information to governmental agencies.  The use of the information by private parties is completely constrained by any consent requirement.

Download ppt "A Consent-Based Approach Richard Warner"

Similar presentations

Our school: typical Greek school traditional models of education in its daily instructive practice. Past few years: efforts to modernize these instructive.

Our school: typical Greek school traditional models of education in its daily instructive practice. Past few years: efforts to modernize these instructive.
Safety Planning. Safety Plan KNOW THE FAMILY D1: Extent of Maltreatment D2: Surrounding Circumstances D3: Child Functioning D4: Adult Functioning D5:

Safety Planning. Safety Plan KNOW THE FAMILY D1: Extent of Maltreatment D2: Surrounding Circumstances D3: Child Functioning D4: Adult Functioning D5:
Contracts, Norms, and Privacy Robert Sloan Richard Warner.

Contracts, Norms, and Privacy Robert Sloan Richard Warner.
PHYS 2020 Pseudocode. Real Programmers Program in Pencil!  You can save a lot of time if you approach programming in a methodical way.  1) Write a clear.

PHYS 2020 Pseudocode. Real Programmers Program in Pencil!  You can save a lot of time if you approach programming in a methodical way.  1) Write a clear.
Click Wrap Contracts Richard Warner.  Web sites typically contain an agreement defining the terms on which the web site may be used.  In many cases,

Click Wrap Contracts Richard Warner.  Web sites typically contain an agreement defining the terms on which the web site may be used.  In many cases,
Objections to the contractual theory Another objection to the theory points out that consumers can freely agree to purchase a product without certain qualities.

Objections to the contractual theory Another objection to the theory points out that consumers can freely agree to purchase a product without certain qualities.
Obtaining Informed Consent: 1. Elements Of Informed Consent 2. Essential Information For Prospective Participants 3. Obligation for investigators.

Obtaining Informed Consent: 1. Elements Of Informed Consent 2. Essential Information For Prospective Participants 3. Obligation for investigators.
Web Security A how to guide on Keeping your Website Safe. By: Robert Black.

Web Security A how to guide on Keeping your Website Safe. By: Robert Black.
Introduction To Privacy Law Richard Warner. Informational Privacy Our focus will be on informational privacy. Informational privacy consists in the ability.

Introduction To Privacy Law Richard Warner. Informational Privacy Our focus will be on informational privacy. Informational privacy consists in the ability.
EEC 688/788 Secure and Dependable Computing Lecture 2 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University

EEC 688/788 Secure and Dependable Computing Lecture 2 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
P3P: Platform for Privacy Preferences Charlin Lu Sensitive Information in a Wired World November 11, 2003.

P3P: Platform for Privacy Preferences Charlin Lu Sensitive Information in a Wired World November 11, 2003.
Teaching and Testing Pertemuan 13

Teaching and Testing Pertemuan 13
1 chapter: >> First Principles Krugman/Wells Economics

1 chapter: >> First Principles Krugman/Wells Economics
TESTING THE WATERS: USING COLLECTIVE REAL OPTIONS TO MANAGE THE SOCIAL DILEMMA OF STRATEGIC ALLIANCES Presented by Jong-kyung Park MATTHEW W. MCCARTER,

TESTING THE WATERS: USING COLLECTIVE REAL OPTIONS TO MANAGE THE SOCIAL DILEMMA OF STRATEGIC ALLIANCES Presented by Jong-kyung Park MATTHEW W. MCCARTER,
Taking Steps to Protect Privacy A presentation to Hamilton-area Physiotherapy Managers by Bob Spence Communications Co-ordinator Office of the Ontario.

Taking Steps to Protect Privacy A presentation to Hamilton-area Physiotherapy Managers by Bob Spence Communications Co-ordinator Office of the Ontario.
Copyright © 2012 Pearson Education, Inc. All rights reserved. Business Ethics Concepts & Cases Manuel G. Velasquez.

Copyright © 2012 Pearson Education, Inc. All rights reserved. Business Ethics Concepts & Cases Manuel G. Velasquez.
No, Thanks, I’ll Use a Spreadsheet

No, Thanks, I’ll Use a Spreadsheet
The Goals and Principles of Human Participant Protection Part 4: Vulnerable Populations.

The Goals and Principles of Human Participant Protection Part 4: Vulnerable Populations.
Medical Law and Ethics Lesson 4: Medical Ethics

Medical Law and Ethics Lesson 4: Medical Ethics
Chapter 2 – Economics.  Four different types of economic systems have evolved throughout history as cultures, societies, and nations have struggled with.

Chapter 2 – Economics.  Four different types of economic systems have evolved throughout history as cultures, societies, and nations have struggled with.

Similar presentations

Ads by Google