privacy by design (ecrea preconference 12)

Trapped in My Mobility: Privacy by Design or Another Catchphrase for Privacy Lock-in

Mihaela Popescu Lemi Baruh

Privacy By Design?

• Two legal frameworks– FTC Privacy Framework (March 2012)– EU Proposed Reforms to Data Protection

Directive of 1995• Privacy by Design (Ann Cavoukian)– Incorporation of privacy concerns to

every stage of digital product development

– Compete on the basis of privacy.– Simplify consumer choice (give the

ability to the consumer to limit the original party to the transaction from sharing data with a thir commercial company)

Premise

• Exclusive focus on privacy as data control• Alternatives?

Captive audience

• Justice Douglas, 1952: Situation when audiences have no choice but to listen to a message forced upon them.• Captive audiences are

audiences without funtional opt-out mechanisms to aviod situations of coercive communication.

Captive audience (cont)

• Power differential between communicators and audiences: –messages “thrust upon” observers –“a verbal assault”–“inflame the sensibilities”– speakers “force [their] message”–attention is “bludgeoned”

Captive audience (cont)

• “particular situations where people are particularly subject to unjust and intolerable harassment and coercion” (Balkin, 1999)• Coercive situation• Incurred costs for exit

Captive audienceaudiences

w/o functional opt-out mechanisms

to avoid situations of coercive

communication

Functional opt-outmechanisms

used under agreed-upon expectations of

privacy without significant costs

1. Contextual marketing as coercive

communication?

“Marketing to a segment of one”

• FTC: Individual autonomy=data autonomy– Informed consent over data collection

• Corporate rhetoric: Desired communication=better customization

Contextual marketing

• Location + personal history + social filters + life event triggers–“The old buying model [asked about

customers] 'When did I buy last? What did I buy? And how much did I buy?'…Now, it's about, 'Where am I at the moment? What is it that I'm purchasing right now? And with whom am I conversing at that moment?'” (Gary S. Laben, KBM Group)

Privacy of choice

• Is contextual marketing coercive communication?• “autonomy trap” (Zarsky

2004); Threat to autonomy of choice.• Imagine for example a Bride

to be waiting in line at the Filene's Basement

2. Signalling privacy expectations?

Signaling mechanisms

• Social conventions• Legal tradition: social

expectations of privacy are place-dependent• Place as a nexus for signaling

mechanisms

Place as signal

• Mobile technologies: Public vs. private; virtual vs. material; online vs. offline• The widening of the gap

between what is "naturally private" and what is "normatively private"

3. Cost of exit strategies?

Privacy as a market product

• FTC: “standardize the format and the terminology used in privacy statements so that consumers can compare the data practices of different companies and exercise choices based on privacy concerns, thereby encouraging companies to compete on privacy.”

Switching costs

• Lock-ins (Shapiro & Varian, 1999):– Financial– Legal– Technological– Time investment…– Social investiment (Sal Humphrey from the morning section)

• Customization: durable lock-ins, high switching costs

Disincentives for privacy

• Lock-ins=“sticky” relationships between users and mobile platforms• Lock-ins are disincentives for

better privacy (Bonneau & Preibusch, 2010, 2011)

Impact of FTC market logic

• No attempt to break privacy lock-ins• Outcome: incentives for

horizontally integrated companies to standardize privacy policies across all their services

Impact of market logic (cont)

• Increased opt-out costs• Onus on consumers to

identify comparable services with friendlier privacy policies

Summary of Privacy by Design

• Limited view of user choice• Limited user control over

communication boundaries• Increases user opt-out costs

Principles

• Restore user control over communicative interaction rather than data

• Define “privacy modes” for mobile devices

• Design recognizable signals• Enforce “privacy modes” -

Integrate information about data practices with choice.