In the last month or so, we have seen a number of events that constitute bright flashes in the continued emergence of a new way of dealing with privacy. We have also seen the launch of a new initiative that anticipates a future in which individuals might be able to govern how their personal data is used. Despite its incompleteness, the Respect Network is worthy not just of our attention, but also of its sign up fee. Think of it as a $25 action towards an optimistic future of privacy.
Back in May, the European Court of Justice issued a controversial interpretation of law holding that individuals have a right to request that search providers exclude certain results about them if they are outdated or no longer relevant. The particular case involved an individual who sought to suppress a search result dating to the late 1990s, arguing that while the issue had been solved, the fact that it kept appearing at the top of searches continued to harm his reputation. The decision generated great consternation, some of it not unreasonable. And indeed, we have already started to see what could be viewed as unintended consequences -- the apparent use (?) by wealthy and powerful individuals (or someone representing them?) to suppress negative results about them. We might conclude from this that current EU laws are a blunt instrument when it comes to privacy protection in the digital age... and that what's needed is a step back, a deep breath, a new philosophy of privacy, and new legislation and practices.
Another flash came in mid-June in the referral (Schrems v Data Protection Commissioner) to the European Court of Justice by an Irish judge of the question whether the United States deserves to be considered a "Safe Harbor" for private data of European citizens. Put simply, the Judge believed there was enough evidence in the public domain that privacy safeguards in the United States are insufficient to meet the standard required by the European "right to privacy." Passing that ball to the ECJ probably ensures a header into goal.
In late June, with impeccable timing, the United States Supreme Court issued its unanimous Riley v California judgement. The issue centered on whether law enforcement could search smart phones when they arrested an individual, in the same way that they were allowed to search the person for weapons and evidence. In essence, the answer was "No... Get a warrant, first." In its explanation, the Court noted that the quantity and range of information on smart phones typically exceeds what could be found in a search of an individual's home. Though the decision anchors on -- and seems like a pretty clear interpretation of -- the 4th Amendment, Justice Alito ends his commentary with the following call to legislators:
"...Because of the role that these devices have come to play in contemporary life,searching their contents implicates very sensitive privacy interests that this Court is poorly positioned to understand and evaluate. Many forms of modern technology are making it easier and easier for both government and private entities to amass a wealth of information about the lives of ordinary Americans, and at the same time, many ordinary Americans are choosing to make public much information that was seldom revealed to outsiders just a few decades ago.
In light of these developments, it would be very unfortunate if privacy protection in the 21st century were left primarily to the federal courts using the blunt instrument of the Fourth Amendment. Legislatures, elected by the people, are in a better position than we are to assess and respond to the changes that have already occurred and those that almost certainly will take place in the future."
Alito appreciates the -- irony? anomaly? emerging tension? incompatibility? -- of constraining the state's law enforcement agents to protect a fundamental human right while the commercial sector, for the sake of profit, remains virtually unfettered in performing its own manipulation and searches of the trove of data individuals deposit in a confusing array of virtual places, helped by the little spies (cookies) that websites deposit on our personal devices. (If that sounds like an extreme assessment, see this piece about Target, and this one about the data brokerage business.)
As if to help us understand this better, because we so easily forget what happened in the past... Earlier this week, we were treated to the publication of an article by Facebook data scientists, demonstrating the social network firm's ability to manipulate user moods by designing algorithms that control what appears in a user's news feed. As Simon Wardley points out, it is difficult to imagine that the over 600,000 users selected for this experiment would have understood they were giving Facebook the right to manipulate their emotional states when they clicked their consent to the service's privacy terms of service. Setting aside the interesting outcome of the study -- which probably goes a long way to explain how US television networks have contributed to the polarization of politics currently debilitating the nation -- the potential for easy and casual abuse of this power is staggering, and the risk is high. What Facebook has done demonstrates a disrespect for its users, arguably analogous to its originating college boy humour that published pictures of women with invitations to match their faces to those of animals. By so disrespecting its users, it has also handed to the plaintiffs in the Irish Schrems v Data Protection Commissioner referral to the European Court of Justice a perfect example of the abuses of personal information that underscore their argument.
Is there a light at the end of is tunnel? Perhaps. The Respect Network https://www.respectnetwork.com/ -- launched in mid-June -- provides another flash, envisioning a new infrastructure for privacy, and beginning to provide some of the technology needed to enable new practices for the handling of personal information in ways that respect the dignity and agency of the individual user. In essence, the Respect Network enables individuals to purchase -- yes, purchase... It doesn't pretend to be free, like the plethora or services that cost nothing, but extract a high price in other, sometimes opaque and shifting ways -- a unique address for personal data services, and a promise that you can move your data between personal data providers as desired. This is an important, first step toward enabling individuals to control and manage their personal data. Important elements of a comprehensive solution to individual privacy remain to be instantiated -- Adrian Seccombe shared some thoughts on this -- and ultimately even require an overhaul of the way in which our laws articulate the rules necessary for individuals to enjoy the right to privacy, and what it entails, in a digital age. Nevertheless, I encourage my friends and network to place their $25 vote with the crazies who believe that we can use technology to usher in a new age of privacy, and respect for individuals. There are enough of us in this network to create an insurgency around privacy, educate our peers about why this matters, and establish a new order.
Links in this piece:
http://curia.europa.eu/jcms/upload/docs/application/pdf/2014-05/cp140070en.pdf
http://www.bbc.com/news/business-28130581
http://www.washingtonpost.com/blogs/monkey-cage/wp/2014/06/20/the-case-that-might-cripple-facebook/
http://www.supremecourt.gov/opinions/13pdf/13-132_8l9c.pdf
http://www.forbes.com/sites/kashmirhill/2012/02/16/how-target-figured-out-a-teen-girl-was-pregnant-before-her-father-did/
http://www.washingtonpost.com/business/technology/brokers-use-billions-of-data-points-to-profile-americans/2014/05/27/b4207b96-e5b2-11e3-a86b-362fd5443d19_story.html
http://www.pnas.org/content/111/24/8788.full.pdf
http://www.europe-v-facebook.org/hcj.pdf
Links in this piece:
http://curia.europa.eu/jcms/upload/docs/application/pdf/2014-05/cp140070en.pdf
http://www.bbc.com/news/business-28130581
http://www.washingtonpost.com/blogs/monkey-cage/wp/2014/06/20/the-case-that-might-cripple-facebook/
http://www.supremecourt.gov/opinions/13pdf/13-132_8l9c.pdf
http://www.forbes.com/sites/kashmirhill/2012/02/16/how-target-figured-out-a-teen-girl-was-pregnant-before-her-father-did/
http://www.washingtonpost.com/business/technology/brokers-use-billions-of-data-points-to-profile-americans/2014/05/27/b4207b96-e5b2-11e3-a86b-362fd5443d19_story.html
http://www.pnas.org/content/111/24/8788.full.pdf
http://www.europe-v-facebook.org/hcj.pdf
No comments:
Post a Comment