Skip to main content Accessibility help

We use cookies to distinguish you from other users and to provide you with a better experience on our websites. Close this message to accept cookies or find out how to manage your cookie settings.

Close cookie message
×
Hostname: page-component-848d4c4894-x24gv Total loading time: 0 Render date: 2024-06-08T05:10:01.165Z Has data issue: false hasContentIssue false

4 - Changing the Rules: General Principles for Data Use and Analysis

Published online by Cambridge University Press:  05 July 2014

By
Paul Ohm
Edited by
Julia Lane ,
Victoria Stodden ,
Stefan Bender  and
Helen Nissenbaum
Paul Ohm
Affiliation:
University of Colorado
Julia Lane
Affiliation:
American Institutes for Research, Washington DC
Victoria Stodden
Affiliation:
Columbia University, New York
Stefan Bender
Affiliation:
Institute for Employment Research of the German Federal Employment Agency
Helen Nissenbaum
Affiliation:
New York University
Get access

Summary

Introduction

How do information privacy laws regulate the use of big data techniques, if at all? Do these laws strike an appropriate balance between allowing the benefits of big data and protecting individual privacy? If not, how might we amend or extend laws to better strike this balance?

This chapter attempts to answer questions like these. It builds on Chapter 1 of this volume, by Strandburg, which focused primarily on legal rules governing the collection of data. This chapter will focus primarily on the law of the United States, although it will make comparisons to the laws of other jurisdictions, especially the European Union, which is well covered in Chapter 8 of this volume.

Most information privacy law focuses on collection or disclosure and not use. Once data has been legitimately obtained, few laws dictate what may be done with the information. The exceptions to this general pattern receive attention below; laws that govern use tend to focus on particular types of users, especially users that lawmakers have deemed owe obligations of confidentiality to data subjects. For example, law regulating the health and financial industries, industries that historically have evolved obligations of confidentiality, constrain not only collection and disclosure but also use.

This chapter argues that our current information privacy laws are failing to protect individuals from harm. The discussion focuses primarily on shortcomings in the law that relate to specific features of big data, although it also describes a few shortcomings that relate only tangentially to these features. All of these shortcomings expose some individuals to the risk of harm in certain circumstances. We need to develop ways to amend the laws to recalibrate the balance between analytics and risk of harm. Ultimately, the chapter proposes five general approaches for change.

Type
Chapter
Information
Privacy, Big Data, and the Public Good
Frameworks for Engagement
 , pp. 96 - 111
Publisher: Cambridge University Press
Print publication year: 2014

Access options

Get access to the full version of this content by using one of the access options below. (Log in options will check for institutional or personal access. Content may require purchase if you do not have access.)

References

Secretary’s Advisory Committee on Automated Personal Data Systems, Records, Computers and the Rights of Citizens (Washington, DC: U.S. Department of Health, Education and Welfare, 1973), 41–42Google Scholar
Organisation for Economic Co-operation and Development, OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data (September 23, 1980)
Federal Trade Commission, Privacy Online: Fair Information Practices in the Electronic Marketplace: A Federal Trade Commission Report to Congress, Washington, DC, May 2000
Cate, Fred, “The Failure of the Fair Information Practice Principles,” in Consumer Protection in the Age of the Information Economy, ed. Winn, Jane K. (Surrey, UK: Ashgate, 2006), 356Google Scholar
Schwartz, Paul M., “Preemption and Privacy,” Yale Law Journal 118 (2009): 902Google Scholar
Nissenbaum, Helen, Privacy in Context: Technology, Policy, and the Integrity of Social Life (Stanford, CA: Stanford University Press, 2009)Google Scholar
Keats Citron, Danielle, ‘Reservoirs of Danger: The Evolution of Public and Private Law at the Dawn of the Information Age,” California Law Review 80 (2007): 241Google Scholar
Citron, Danielle Keats, “Technological Due Process,” Washington University Law Review 85 (2008): 1249Google Scholar
Solove, Daniel J., “Privacy and Power: Computer Databases and Metaphors for Information Privacy,” Stanford Law Review 53 (2001): 1393CrossRefGoogle Scholar
Ohm, Paul, “Broken Promises of Privacy: Responding to the Surprising Failure of Anonymization,” UCLA Law Review 57 (2010): 1701Google Scholar
Stolfo, S. et al., eds., Insider Attack and Computer Security: Beyond the Hacker (New York: Springer, 2008)CrossRef
Schwartz, Paul M. and Treanor, William M., “The New Privacy,” Michigan Law Review 101 (2012): 2163–2181CrossRefGoogle Scholar
Cohen, Julie, Configuring the Networked Self: Law, Code, and the Play of Everyday Practice (New Haven, CT: Yale University Press, 2012)Google Scholar
Richards, Neil, “Intellectual Privacy,” Texas Law Review 87 (2008): 387Google Scholar
Schwartz, Paul, “Internet Privacy and the State,” Connecticut Law Review 32 (2000): 815Google Scholar
Regan, Priscilla M., Legislating Privacy: Technology, Social Values, and Public Policy (Chapel Hill, NC: University of North Carolina Press, 1995)Google Scholar
Lanier, Jaron, You Are Not a Gadget: A Manifesto (New York: Knopf, 2010), 193Google Scholar
Schwartz, Paul M. and Solove, Daniel J., “The PII Problem: Privacy and a New Concept of Personally Identifiable Information,” NYU Law Review 86 (2011): 1814Google Scholar
Calo, Ryan, “Consumer Subject Review Boards: A Thought Experiment,” 66 Stanford Law Review Online66 (2013): 97Google Scholar

Save book to Kindle

To save this book to your Kindle, first ensure coreplatform@cambridge.org is added to your Approved Personal Document E-mail List under your Personal Document Settings on the Manage Your Content and Devices page of your Amazon account. Then enter the ‘name’ part of your Kindle email address below. Find out more about saving to your Kindle.

Note you can select to save to either the @free.kindle.com or @kindle.com variations. ‘@free.kindle.com’ emails are free but can only be saved to your device when it is connected to wi-fi. ‘@kindle.com’ emails can be delivered even when you are not connected to wi-fi, but note that service fees apply.

Find out more about the Kindle Personal Document Service.

Available formats
×

Save book to Dropbox

To save content items to your account, please confirm that you agree to abide by our usage policies. If this is the first time you use this feature, you will be asked to authorise Cambridge Core to connect with your account. Find out more about saving content to Dropbox.

Available formats
×

Save book to Google Drive

To save content items to your account, please confirm that you agree to abide by our usage policies. If this is the first time you use this feature, you will be asked to authorise Cambridge Core to connect with your account. Find out more about saving content to Google Drive.

Available formats
×