PRIVACY AND INFORMATION RIGHTS

Privacy is arguably the most complex ethical issue raised by e-commerce, as well as the changing technology of human
communications brought on by the Internet and mobile devices. It may be the most delicate and vexing issue of our digital
age, one that will continue to evolve through this century

WHAT IS PRIVACY?

Privacy

The moral right of individuals to be left alone, free from surveillance or interference from other individuals or organizations,
including the state

Without the privacy required to think, write, plan, and associate independently and without fear, social and political
freedom, particularly freedom of expression, is weakened, and perhaps destroyed. You cannot have a democratic society
without privacy

Information Privacy

A subset of privacy that rests on four central premises, including the moral rights to control use of information collected
and to know whether information is being collected, the right to personal information due process, and the right to have
personal information stored in a secure manner

1. rights to control use of information collected - Individuals should be able to edit, delete, and shape the use of their
online personal information by governments and business firms; “right to be forgotten” (Rosen, 2012).
2. to know whether information is being collected - principle of “informed consent” that people are
rational actors who are informed, and who will make their own choices in the marketplace, including the decision
whether to give their information in return for some benefit
3. to personal information due process - The process of collecting, sharing, and disseminating personal information
must be “fair” and transparent to everyone.

Systems of personal information—whether public or private—must be publicly known (no secret systems), operate
according to a published set of rules (terms of use policies) describing how governments and firms will use personal
information, and define ways in which people can edit, correct, and shape their personal information in a system of
records.

4. the right to have personal information stored in a secure manner - Personal record systems must have
procedures in place to protect personal information from intrusion, hacking, and unauthorized uses.

It is important to note that while privacy and security are not the same, they are linked. Without security of personal
information, there obviously cannot be privacy.

PRIVACY IN THE PUBLIC SECTOR: PRIVACY RIGHTS OF CITIZENS

PRIVACY IN THE PUBLIC SECTOR: PRIVACY RIGHTS OF CONSUMERS

INFORMATION COLLECTED BY E-COMMERCE COMPANIES

 personally identifiable information (PII) - Any data that can be used to identify, locate, or contact an individual
 anonymous information - Demographic and behavioral information that doesn’t include any personal identifiers
KEY ISSUES IN ONLINE PRIVACY OF CONSUMERS

1. profiling (and the use of profiles to target ads);

2. social network privacy;
3. sharing of information by marketers;
4. mobile device privacy, and;
5. privacy issues associated with digital assistant devices (Amazon Echo)

 A recent Pew Research Center survey found that nearly 80% of Americans are concerned about their online privacy.
 Most Americans believe they've lost control over their personal online information.
 A majority of Americans don't trust private companies or the government to protect their data.
 Over 50% have avoided using products or services due to privacy concerns.
 86% of American internet users have taken steps to hide or remove their online information.
MARKETING: PROFILING, BEHAVIORAL TARGETING, AND RETARGETING

Billions of people around the world go online on an average day. Marketers would like to know who these people are, what
they are interested in, where they are, what they are doing, and what they buy. The more precise and complete the
information, the more valuable it is as a predictive and marketing tool. Armed with this information, marketers can make
their ad campaigns more efficient by targeting specific ads at specific groups or individuals, and they can even adjust the
ads for specific groups

Profiling - the creation of data images (a collection of data records used to create behavioral profiles of
consumers) that characterize online individual and group behavior.

Anonymous profiles - identify people as belonging to highly specific and targeted groups, for example, 20-to-
30-year-old males, with college degrees and incomes greater than $30,000 a year, and interested in
high-fashion clothing (based on recent search engine use).

Personal profiles - add a personal e-mail address, postal address, and/or phone number to behavioral
data. Increasingly, online firms are linking their online profiles to personal offline consumer data collected by
database firms tracking credit card purchases, as well as established retail and catalog firms.

Behavioral targeting is the use of personal profile information to determine which ads a consumer will see
online.

Retargeting is the practice of showing consumers the same ad on many different websites they visit.

For instance, if you use Google to search for a new kitchen clock, ads for kitchen clocks will follow you to Yahoo,
Facebook, and thousands of other sites you browse.

Dimensions To Traditional Offline Marketing Techniques often occurs without users' consent or understanding

 precise tracking of online browsing behavior (book lists, preferences, and content viewed)
 adjust what users see on their screens (prices)
 create and update high-resolution data images.

 Regulators in both the United States and Europe raised concerns about companies integrating personal
information from various services into a single user profile without adequately informing users.
o Google's 2016 privacy policy changes allowed it to combine third-party browsing data with individual
search and email data, creating what some called a "super profile."
 Privacy groups expressed concerns about the sharing of personal information when connected to smart devices
invading consumer privacy.
 Online advertising firms argue that profiling and targeted ads benefit both consumers and businesses by
showing relevant ads and reducing wasted advertising expenses. However, research indicates that most
Americans do not accept the trade-off between privacy loss and these benefits.
 Critics argue that profiling erodes online anonymity and privacy, making users hesitant to explore sensitive
topics or controversial issues.
 The economic benefits of profiling are debated as it enables price discrimination based on factors like zip code,
gender, and ethnicity.

Facial recognition technology

 adds a new dimension to profiling and behavioral targeting,

  commercial uses like Facebook and Google's automatic name tag suggestions in photos have raised legal
concerns.
 expected to grow substantially (Facebook and Apple)

Apple's Face ID, which uses 3-D facial scans, has also raised privacy concerns, as some sensors must always be
active, potentially collecting data without user awareness. Privacy advocates worry that this technology may become
the new norm, despite concerns about its "creepiness" and responsible use by advertisers.

In summary, online advertising and profiling offer benefits to both businesses and consumers, but they also raise
significant privacy and ethical concerns, especially as technologies like facial recognition become more prevalent. The
balance between personalization and privacy remains a key issue in the digital age.

SOCIAL NETWORKS: PRIVACY AND SELF REVELATION

Social Networks

o pose a unique challenge for the maintenance of personal privacy because they encourage people to reveal
details about their personal lives (passions, loves, favorites, photos, videos, and personal interests). In return,
users get access to a free social network service.
o have greatly enlarged the depth, scope, and richness of information collected by private corporations.

 Some social networkers openly share personal details with everyone on the social network.
 This might suggest that they relinquish their rights to personal privacy.
 However, many social network participants still value their personal privacy.
 Facebook exemplifies a company that has challenged privacy boundaries, resulting in public relations issues and
government concerns.
 The conflicts around social network privacy suggest that users indeed expect control over how their information is
utilized.
 Users who contribute content maintain a strong sense of ownership over their contributions.
 When information is posted to everyone, it should be considered as "public performances," similar to artists sharing
their work, and does not support a credible claim to privacy.

MOBILE DEVICES: PRIVACY ISSUES

 Mobile and location-based privacy concerns are rising in importance with the growing use of mobile platforms.

 Mobile devices and associated apps store personal information, which can be shared with third parties, often
without user awareness.

 Facebook used the Onavo app in 2017 to track user mobile phone usage, including tracking competitors like
Snapchat.

 Smartphone cross-device tracking relies on cell tower connections and user identification through phone logins.

 Cross-device graphs are created to track user behavior across various devices, including IoT devices.

 Persistent location tracking can occur even when location tracking apps are not active.

 Apps often send location data to servers, including wireless service providers, and sell this data to advertisers.

 Users have the option to restrict location sharing with apps but must rely on app privacy policies.

 Some apps, like Google Maps, require location services to be turned on for operation, with most apps defaulting
to permit location reporting.

CONSUMER PRIVACY REGULATION AND ENFORCEMENT: THE U.S. FEDERAL TRADE COMMISSION (FTC)

FTC (Federal Trade Commission)

 plays a significant role in online privacy in the United States.

 responsible for conducting research, recommending privacy legislation to Congress, and enforcing privacy
regulations.
 protects consumers from unfair or deceptive practices and promote competition.
 enforces existing laws by filing complaints, levying fines, and filing lawsuits against companies violating federal
trade laws.
 impose federal monitors or reporting systems to ensure compliance with its rulings.
 provides recommendations to Congress for new consumer privacy legislation.

Fair Information Practice (FIP)

 principles where FTC bases its privacy assessments on, which include the concept of informed consent.
 Informed consent models include
 opt-in (requiring affirmative action to allow data collection)
 opt-out (defaulting to data collection unless consumers take action to prevent it).
  In the United States, most e-commerce companies use the opt-out model for informed consent,
often placing the selection box in inconspicuous locations on web pages.

PRIVACY AND TERMS OF USE POLICIES

Concept of Notification and Consent in American Privacy Law:

 American privacy law is built on the principle of notification and consent.

 Users are expected to read Terms of Use or privacy policies to understand how a website utilizes their personal
information.
 They can choose to consent, opt out of data collection if available, or cease using the site.
 Many U.S. e-commerce companies historically favored publishing information use policies without highlighting
informed consent.
 Almost all websites contain Terms of Use policies that users can locate with careful examination.
 These policies are frequently extensive and intricate, making it challenging for users to fully comprehend them.

Challenges with Informed Consent:

 Not all users may grasp the privacy implications of using a site.
 Some privacy policies incorporate exceptions that weaken their initial statements regarding data protection.
 Privacy policies may employ complex language, rendering them unclear and difficult to read.
 A Pew Research Center survey uncovered that a significant portion of users consents to privacy policies without
reading them.

Measuring Privacy Policies:

 Limited focus has been given to assessing the robustness of privacy policies for individual companies, comparing
them to others, or tracking policy changes over time.
 Researchers have devised a measure of privacy policies based on 10 privacy policy principles.
 These principles are rooted in FTC and Fair Information Practices doctrines.
 The dimensions are gauged on a four-point scale ranging from 0 to 4, indicating the level of compliance.

Using Privacy Principles to Evaluate Policies:

 The 10 privacy policy principles can be employed to assess and compare privacy policies of different companies.
 They allow for tracking policy changes over time and comparing policies across firms.
 Researchers applied these principles to evaluate Facebook's privacy policies over a ten-year span (2005 to
2015).
 Initially, Facebook's privacy policies improved but then consistently declined in compliance with these principles.
 Decline areas included information gathering, user information sharing, data profiling, privacy settings, and policy
clarity.
 Over the years, Facebook's privacy policy length substantially increased, making it less user-friendly.

PRIVACY PROTECTION IN THE EU AND OTHER COUNTRIES

EU General Data Protection Regulation (GDPR):

 Implemented in May 2018 by the European Commission.

 Replaced the 1998 Data Protection Directive.
 Applies globally to organizations handling EU citizens' personal data.
 Focuses on enhancing individual rights and strengthening oversight.
 Aims to harmonize data protection standards across EU nations.
 Allows for enforcement worldwide.
Stronger Privacy Protection in Europe:

 Historically stronger privacy protection compared to the U.S.

 U.S. lacks a federal agency for enforcing privacy laws and relies on sector-specific regulations.
 In the EU, comprehensive data protection laws apply to all organizations.
 GDPR safeguards various forms of personally identifiable information (PII).
Key Provisions of GDPR (Table 8.10):
  Empowers individuals with rights to access, delete, and port personal data.
 Grants the right to sue organizations for PII misuse, including class actions.
 Strengthens organizational requirements such as appointing data protection officers and obtaining explicit
consent.
 Emphasizes data minimization, prompt breach reporting, and privacy by design.
 Imposes fines for PII abuse.
Global Reach and Privacy Shield Agreements:

 GDPR extends globally, affecting organizations dealing with EU citizens' data.

 Privacy shield agreements ensure compliance with GDPR standards for non-EU countries.
 The European Court of Justice invalidated the Privacy Shield in July 2020 due to concerns about U.S.
government surveillance.
Impact of GDPR on Tech Giants:

 GDPR primarily targets tech giants like Facebook, Google, and Twitter.
 These companies collect extensive personal data for ad targeting.
 Criticized for privacy breaches, data misuse, and monopolistic practices.
 Google and Facebook dominate European markets.
Challenges and Ambiguities:

 Despite preparation time, GDPR language contains ambiguities.

 Uncertainty exists regarding tracking individuals across the internet and collecting unrelated data.
 Over 80 nations worldwide have enacted privacy laws (Table 8.11).

INDUSTRY SELF-REGULATION

 Federal and state government regulations are insufficient due to rapid technology advancements.
 U.S. online industry has historically resisted privacy legislation, claiming self-regulation is more effective.
 Industry's approach includes online privacy seals from organizations like BBB, TrustArc, and WebTrust.
 Critics argue that seal programs have limited impact and fail to safeguard privacy effectively.
TrustArc and Privacy Feedback Button:

 TrustArc, formerly TRUSTe, offered online privacy seals.

 FTC fined TRUSTe for failing to recertify privacy programs as claimed.
 TrustArc introduced a Privacy Feedback button to show commitment to privacy.
 Allows users to ask questions or provide feedback on privacy practices through a Dispute Resolution System.
 TrustArc no longer verifies company privacy policies.
Network Advertising Initiative (NAI):

 NAI, an industry association, focuses on developing privacy policies for advertising networks.
 Aims to provide consumers with opt-out options and redress mechanisms.
 Offers a global opt-out feature on Networkadvertising.org to prevent cookie placement by advertising agencies.
 Provides a link for consumers to file complaints.
AdChoices Program:

 Industry-sponsored initiative promoting transparency and user input in ad personalization.

 Features AdChoices icon next to ads, offering more information and feedback options.
  Effectiveness of the program remains uncertain due to limited available data.
Corporate Self-Regulation via Market and Public Pressure:

 Public backlash on social media and investigations by regulatory agencies can pressure firms to change their
behavior.
 Companies like Facebook and Google offer tools for users to set privacy preferences and restrict information use.
 These tools are underutilized due to their complexity and visibility issues.
Impact of Industry Self-Regulation:

 Industry self-regulation has not alleviated American privacy concerns during online transactions.
 Offers notice about privacy policies but often lacks transparency on data use.
 Rarely provides meaningful control or correction options for consumers.
 Lacks enforceable promises on data security and enforcement mechanisms.

TECHNOLOGICAL SOLUTIONS
cross-site tracking - uses various types of cookies to track users across the Web
cross-device tracking - uses cell phone login and other user-supplied data, combined with cross-site tracking data, to
develop a comprehensive picture of user behavior across all devices
device fingerprinting - collects unique information from a user’s browser or smartphone that can be combined with other
data files to identify specific devices and users
Intelligent Tracking Prevention (ITP) - Apple machine-based learning tool that monitors tracking cookies and eliminates
those not desired by the user
differential privacy software - inhibits the ability of advertisers to merge anonymized consumer data files with other
tracking files
privacy default browsers - identify tracking cookies as they are loaded onto browsers and eliminate them from the
browser

Cross-Site Tracking and Cross-Device Tracking Threats:

 Privacy threats include cross-site tracking and cross-device tracking, as well as device fingerprinting.
 Cookies are commonly used for tracking but face increasing user blocking.
 Device fingerprinting is becoming more popular as it doesn't rely on cookies.
 IP trackers log IP addresses, potentially identifying users.
Common Tools for Reducing Online Tracking:

 Ad Blockers: Block intrusive ads but may not address cross-site tracking.
 Cookie Blocking in Browsers: Users can block cookies, but advertisers find workarounds.
 Do Not Track (DNT) Settings: Browser-based request to not install tracking cookies, often ignored.
 Private Sessions: Clear local history but allow tracking cookies to continue operating.
Apple's Intelligent Tracking Prevention (ITP):

 Safari browser feature.

 Blocks third-party cookies by default and limits the lifespan of first-party cookies.
 Further updates restrict advertisers' ability to track users.
Privacy Badger by Electronic Frontier Foundation: Prevents cross-site tracking and user surveillance.
Differential Privacy Software: Inhibits the merging of anonymized consumer data for precise identification.
Privacy-Preserving Machine Learning (PPML): An emerging technique for privacy protection.
Google's Ad-Blocking Tool in Chrome: Blocks ads from non-compliant sites following Better Ads Standard.
Privacy Default Browsers (Epic and Ghostery):

 Identify and eliminate tracking cookies.

 Include built-in VPN software.
 Make privacy the default option.
Encryption: Used for securing messages and documents.

 Apple implemented encryption for devices and iMessage.

 Many apps offer encryption for digital communications.
Private Browsing: Available in most browsers to disable browsing history and cookies.
HTTPS: Common security protocol that encrypts communication between a computer and server and verifies the
authenticity of websites
PRIVACY PROTECTION AS A BUSINESS
As websites have become more invasive and aggressive in their use of personal informa-tion in the last five years, public
concerns have grown, and a small number of startup firms have sprung up that enable users to reclaim control over their
personal informa-tion and monetize their information by selling it to third-party firms, mostly advertising firms. Suppose
you could get control of all the personal information you share with Facebook, Google, banks, credit card companies, and
even e-mail, deposit that informa-tion in a personal data account in a hosted secure digital vault, and sell access to that
information to interested parties, without identifying yourself ? Potentially, this flips the traditional ad-based Internet on its
head: instead of giving up control of your personal information in return for a service, like a social network, you can sell
that information yourself to third parties. These ideas have several names: Personal Data Economy (PDE), the Internet of
Me, and Life Management tools.The idea of individuals claiming ownership of their personal data, depositing it in a trusted
data store, and then selling that information to third parties is not new, but with the development of supportive digital
technologies, it can be considered today a technically feasible approach to some contemporary privacy issues such as
control privacy default browsersidentify tracking cookies as they are loaded onto browsers and eliminate them from the
browser

Privacy Advocacy Groups

Limitations on the Right to Privacy: Law Enforcement and Surveillance

1. Privacy Concerns: The passage highlights the concerns of online consumers about the
collection of their data by government agencies and law enforcement authorities. Many
individuals feel that they have little control over the data collected about them and are worried
about how the government uses this information.
2. Edward Snowden's Revelations: The passage mentions Edward Snowden, a security
contractor for the U.S. National Security Agency (NSA), who exposed extensive NSA
surveillance programs, including the collection of cell phone metadata and monitoring of
internet services. These revelations had far-reaching consequences and led to concerns about
privacy.
3. Balancing Security and Liberty: The passage emphasizes the challenge of balancing security
and personal liberty in the digital age. While security measures are necessary, they also raise
questions about individual privacy.
4. Legal Framework: Various laws, such as the USA PATRIOT Act, the Communications Assistance
for Law Enforcement Act (CALEA), and the Cyber Security Enhancement Act, have expanded the
government's ability to monitor electronic communications. Surveillance requests typically
require approval from the Foreign Intelligence Surveillance Act Court (FISA Court).
5. Technology Companies' Response: Technology companies like Apple and Google have
introduced encryption and security measures to protect user data. This has raised concerns
from law enforcement agencies, who fear that criminals and terrorists may use these
technologies to evade surveillance.
6. Supreme Court Decisions: The passage mentions significant U.S. Supreme Court decisions
related to privacy, including the need for warrants to search cell phones (Riley v. California) and
the protection of mobile phone location data under the Fourth Amendment (Carpenter v.
United States).
 7. Data Brokers: Government agencies are major users of commercial data brokers who collect
extensive information about consumers from various sources. This information can be linked to
online behavior data to create comprehensive profiles of individuals.
8. Dossier Society: The passage discusses the concept of a "dossier society," where public and
private sector information about individuals is increasingly linked, potentially leading to the
erosion of traditional privacy.

This passage highlights the ongoing debate about online privacy, the role of government surveillance,
and the measures taken by technology companie

Insight on Technology: Contact

.3