Professional Documents
Culture Documents
REPORT
REPORT
Privacy is arguably the most complex ethical issue raised by e-commerce, as well as the changing technology of human
communications brought on by the Internet and mobile devices. It may be the most delicate and vexing issue of our digital
age, one that will continue to evolve through this century
WHAT IS PRIVACY?
Privacy
The moral right of individuals to be left alone, free from surveillance or interference from other individuals or organizations,
including the state
Without the privacy required to think, write, plan, and associate independently and without fear, social and political
freedom, particularly freedom of expression, is weakened, and perhaps destroyed. You cannot have a democratic society
without privacy
Information Privacy
A subset of privacy that rests on four central premises, including the moral rights to control use of information collected
and to know whether information is being collected, the right to personal information due process, and the right to have
personal information stored in a secure manner
1. rights to control use of information collected - Individuals should be able to edit, delete, and shape the use of their
online personal information by governments and business firms; “right to be forgotten” (Rosen, 2012).
2. to know whether information is being collected - principle of “informed consent” that people are
rational actors who are informed, and who will make their own choices in the marketplace, including the decision
whether to give their information in return for some benefit
3. to personal information due process - The process of collecting, sharing, and disseminating personal information
must be “fair” and transparent to everyone.
Systems of personal information—whether public or private—must be publicly known (no secret systems), operate
according to a published set of rules (terms of use policies) describing how governments and firms will use personal
information, and define ways in which people can edit, correct, and shape their personal information in a system of
records.
4. the right to have personal information stored in a secure manner - Personal record systems must have
procedures in place to protect personal information from intrusion, hacking, and unauthorized uses.
It is important to note that while privacy and security are not the same, they are linked. Without security of personal
information, there obviously cannot be privacy.
personally identifiable information (PII) - Any data that can be used to identify, locate, or contact an individual
anonymous information - Demographic and behavioral information that doesn’t include any personal identifiers
KEY ISSUES IN ONLINE PRIVACY OF CONSUMERS
A recent Pew Research Center survey found that nearly 80% of Americans are concerned about their online privacy.
Most Americans believe they've lost control over their personal online information.
A majority of Americans don't trust private companies or the government to protect their data.
Over 50% have avoided using products or services due to privacy concerns.
86% of American internet users have taken steps to hide or remove their online information.
MARKETING: PROFILING, BEHAVIORAL TARGETING, AND RETARGETING
Billions of people around the world go online on an average day. Marketers would like to know who these people are, what
they are interested in, where they are, what they are doing, and what they buy. The more precise and complete the
information, the more valuable it is as a predictive and marketing tool. Armed with this information, marketers can make
their ad campaigns more efficient by targeting specific ads at specific groups or individuals, and they can even adjust the
ads for specific groups
Profiling - the creation of data images (a collection of data records used to create behavioral profiles of
consumers) that characterize online individual and group behavior.
Anonymous profiles - identify people as belonging to highly specific and targeted groups, for example, 20-to-
30-year-old males, with college degrees and incomes greater than $30,000 a year, and interested in
high-fashion clothing (based on recent search engine use).
Personal profiles - add a personal e-mail address, postal address, and/or phone number to behavioral
data. Increasingly, online firms are linking their online profiles to personal offline consumer data collected by
database firms tracking credit card purchases, as well as established retail and catalog firms.
Behavioral targeting is the use of personal profile information to determine which ads a consumer will see
online.
Retargeting is the practice of showing consumers the same ad on many different websites they visit.
For instance, if you use Google to search for a new kitchen clock, ads for kitchen clocks will follow you to Yahoo,
Facebook, and thousands of other sites you browse.
Dimensions To Traditional Offline Marketing Techniques often occurs without users' consent or understanding
precise tracking of online browsing behavior (book lists, preferences, and content viewed)
adjust what users see on their screens (prices)
create and update high-resolution data images.
Regulators in both the United States and Europe raised concerns about companies integrating personal
information from various services into a single user profile without adequately informing users.
o Google's 2016 privacy policy changes allowed it to combine third-party browsing data with individual
search and email data, creating what some called a "super profile."
Privacy groups expressed concerns about the sharing of personal information when connected to smart devices
invading consumer privacy.
Online advertising firms argue that profiling and targeted ads benefit both consumers and businesses by
showing relevant ads and reducing wasted advertising expenses. However, research indicates that most
Americans do not accept the trade-off between privacy loss and these benefits.
Critics argue that profiling erodes online anonymity and privacy, making users hesitant to explore sensitive
topics or controversial issues.
The economic benefits of profiling are debated as it enables price discrimination based on factors like zip code,
gender, and ethnicity.
Apple's Face ID, which uses 3-D facial scans, has also raised privacy concerns, as some sensors must always be
active, potentially collecting data without user awareness. Privacy advocates worry that this technology may become
the new norm, despite concerns about its "creepiness" and responsible use by advertisers.
In summary, online advertising and profiling offer benefits to both businesses and consumers, but they also raise
significant privacy and ethical concerns, especially as technologies like facial recognition become more prevalent. The
balance between personalization and privacy remains a key issue in the digital age.
Social Networks
o pose a unique challenge for the maintenance of personal privacy because they encourage people to reveal
details about their personal lives (passions, loves, favorites, photos, videos, and personal interests). In return,
users get access to a free social network service.
o have greatly enlarged the depth, scope, and richness of information collected by private corporations.
Some social networkers openly share personal details with everyone on the social network.
This might suggest that they relinquish their rights to personal privacy.
However, many social network participants still value their personal privacy.
Facebook exemplifies a company that has challenged privacy boundaries, resulting in public relations issues and
government concerns.
The conflicts around social network privacy suggest that users indeed expect control over how their information is
utilized.
Users who contribute content maintain a strong sense of ownership over their contributions.
When information is posted to everyone, it should be considered as "public performances," similar to artists sharing
their work, and does not support a credible claim to privacy.
Mobile and location-based privacy concerns are rising in importance with the growing use of mobile platforms.
Mobile devices and associated apps store personal information, which can be shared with third parties, often
without user awareness.
Facebook used the Onavo app in 2017 to track user mobile phone usage, including tracking competitors like
Snapchat.
Smartphone cross-device tracking relies on cell tower connections and user identification through phone logins.
Cross-device graphs are created to track user behavior across various devices, including IoT devices.
Persistent location tracking can occur even when location tracking apps are not active.
Apps often send location data to servers, including wireless service providers, and sell this data to advertisers.
Users have the option to restrict location sharing with apps but must rely on app privacy policies.
Some apps, like Google Maps, require location services to be turned on for operation, with most apps defaulting
to permit location reporting.
CONSUMER PRIVACY REGULATION AND ENFORCEMENT: THE U.S. FEDERAL TRADE COMMISSION (FTC)
principles where FTC bases its privacy assessments on, which include the concept of informed consent.
Informed consent models include
opt-in (requiring affirmative action to allow data collection)
opt-out (defaulting to data collection unless consumers take action to prevent it).
In the United States, most e-commerce companies use the opt-out model for informed consent,
often placing the selection box in inconspicuous locations on web pages.
Not all users may grasp the privacy implications of using a site.
Some privacy policies incorporate exceptions that weaken their initial statements regarding data protection.
Privacy policies may employ complex language, rendering them unclear and difficult to read.
A Pew Research Center survey uncovered that a significant portion of users consents to privacy policies without
reading them.
Limited focus has been given to assessing the robustness of privacy policies for individual companies, comparing
them to others, or tracking policy changes over time.
Researchers have devised a measure of privacy policies based on 10 privacy policy principles.
These principles are rooted in FTC and Fair Information Practices doctrines.
The dimensions are gauged on a four-point scale ranging from 0 to 4, indicating the level of compliance.
The 10 privacy policy principles can be employed to assess and compare privacy policies of different companies.
They allow for tracking policy changes over time and comparing policies across firms.
Researchers applied these principles to evaluate Facebook's privacy policies over a ten-year span (2005 to
2015).
Initially, Facebook's privacy policies improved but then consistently declined in compliance with these principles.
Decline areas included information gathering, user information sharing, data profiling, privacy settings, and policy
clarity.
Over the years, Facebook's privacy policy length substantially increased, making it less user-friendly.
GDPR primarily targets tech giants like Facebook, Google, and Twitter.
These companies collect extensive personal data for ad targeting.
Criticized for privacy breaches, data misuse, and monopolistic practices.
Google and Facebook dominate European markets.
Challenges and Ambiguities:
INDUSTRY SELF-REGULATION
Federal and state government regulations are insufficient due to rapid technology advancements.
U.S. online industry has historically resisted privacy legislation, claiming self-regulation is more effective.
Industry's approach includes online privacy seals from organizations like BBB, TrustArc, and WebTrust.
Critics argue that seal programs have limited impact and fail to safeguard privacy effectively.
TrustArc and Privacy Feedback Button:
NAI, an industry association, focuses on developing privacy policies for advertising networks.
Aims to provide consumers with opt-out options and redress mechanisms.
Offers a global opt-out feature on Networkadvertising.org to prevent cookie placement by advertising agencies.
Provides a link for consumers to file complaints.
AdChoices Program:
Public backlash on social media and investigations by regulatory agencies can pressure firms to change their
behavior.
Companies like Facebook and Google offer tools for users to set privacy preferences and restrict information use.
These tools are underutilized due to their complexity and visibility issues.
Impact of Industry Self-Regulation:
Industry self-regulation has not alleviated American privacy concerns during online transactions.
Offers notice about privacy policies but often lacks transparency on data use.
Rarely provides meaningful control or correction options for consumers.
Lacks enforceable promises on data security and enforcement mechanisms.
TECHNOLOGICAL SOLUTIONS
cross-site tracking - uses various types of cookies to track users across the Web
cross-device tracking - uses cell phone login and other user-supplied data, combined with cross-site tracking data, to
develop a comprehensive picture of user behavior across all devices
device fingerprinting - collects unique information from a user’s browser or smartphone that can be combined with other
data files to identify specific devices and users
Intelligent Tracking Prevention (ITP) - Apple machine-based learning tool that monitors tracking cookies and eliminates
those not desired by the user
differential privacy software - inhibits the ability of advertisers to merge anonymized consumer data files with other
tracking files
privacy default browsers - identify tracking cookies as they are loaded onto browsers and eliminate them from the
browser
Privacy threats include cross-site tracking and cross-device tracking, as well as device fingerprinting.
Cookies are commonly used for tracking but face increasing user blocking.
Device fingerprinting is becoming more popular as it doesn't rely on cookies.
IP trackers log IP addresses, potentially identifying users.
Common Tools for Reducing Online Tracking:
Ad Blockers: Block intrusive ads but may not address cross-site tracking.
Cookie Blocking in Browsers: Users can block cookies, but advertisers find workarounds.
Do Not Track (DNT) Settings: Browser-based request to not install tracking cookies, often ignored.
Private Sessions: Clear local history but allow tracking cookies to continue operating.
Apple's Intelligent Tracking Prevention (ITP):
1. Privacy Concerns: The passage highlights the concerns of online consumers about the
collection of their data by government agencies and law enforcement authorities. Many
individuals feel that they have little control over the data collected about them and are worried
about how the government uses this information.
2. Edward Snowden's Revelations: The passage mentions Edward Snowden, a security
contractor for the U.S. National Security Agency (NSA), who exposed extensive NSA
surveillance programs, including the collection of cell phone metadata and monitoring of
internet services. These revelations had far-reaching consequences and led to concerns about
privacy.
3. Balancing Security and Liberty: The passage emphasizes the challenge of balancing security
and personal liberty in the digital age. While security measures are necessary, they also raise
questions about individual privacy.
4. Legal Framework: Various laws, such as the USA PATRIOT Act, the Communications Assistance
for Law Enforcement Act (CALEA), and the Cyber Security Enhancement Act, have expanded the
government's ability to monitor electronic communications. Surveillance requests typically
require approval from the Foreign Intelligence Surveillance Act Court (FISA Court).
5. Technology Companies' Response: Technology companies like Apple and Google have
introduced encryption and security measures to protect user data. This has raised concerns
from law enforcement agencies, who fear that criminals and terrorists may use these
technologies to evade surveillance.
6. Supreme Court Decisions: The passage mentions significant U.S. Supreme Court decisions
related to privacy, including the need for warrants to search cell phones (Riley v. California) and
the protection of mobile phone location data under the Fourth Amendment (Carpenter v.
United States).
7. Data Brokers: Government agencies are major users of commercial data brokers who collect
extensive information about consumers from various sources. This information can be linked to
online behavior data to create comprehensive profiles of individuals.
8. Dossier Society: The passage discusses the concept of a "dossier society," where public and
private sector information about individuals is increasingly linked, potentially leading to the
erosion of traditional privacy.
This passage highlights the ongoing debate about online privacy, the role of government surveillance,
and the measures taken by technology companie
.3