Privacy on the Books and on the Ground Kenneth A. Bamberger & Deirdre K. Mulligan University of California, Berkeley School of Law and School of Information.

Slides:



Advertisements
Similar presentations
The HIPAA Colloquium Harvard University August 22, 2002 HIPAA Compliance Strategies for the Pharmaceutical Industry John T. Bentivoglio
Advertisements

Elephants and Mice Revisited: Law and Choice of Law on the Internet Professor Peter P. Swire Moritz College of Law Ohio State University Penn Law Review.
Interaction of RFID Technology and Public Policy Presentation at RFID Privacy MIT 15 TH November 2003 By Rakesh Kumar
Product Stewardship Paradigm Shifts Beth Turner Global Director – Sustainability and Product Stewardship E. I duPont de Nemours and Co, Inc. Asia Pacific.
© 2003 IBM Corporation Preparing for Privacy Society of Internet Professionals January 19, 2004 Nigel Brown Senior Privacy.
Can the US Meet International Privacy Standards in an Era of Personal Health Records, Consumer Scores and Watch Lists? UNSW's Cyberspace Law and Policy.
Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator.
Research Update- July 11, 2009 Andrew Boyd 1.  Study recap  Status of bibliographical research  Problems with mental models  Model revision and re-design.
How to Prepare for the Fall Exam COM380/CIT304 Harry Erwin, PhD University of Sunderland.
The U.S.-E.U. Safe Harbor Framework The U.S.-E.U. Safe Harbor Framework New Developments in Data Flows, Standards, & Compliance Damon Greer U.S. Department.
Taking Steps to Protect Privacy A presentation to Hamilton-area Physiotherapy Managers by Bob Spence Communications Co-ordinator Office of the Ontario.
A New Approach to More Effective Regulation? 4 th Symposium on Regulatory Reform, Institute of International Parliamentary Affairs. Dr. Bettina Lange,
1st MODINIS workshop Identity management in eGovernment Frank Robben General manager Crossroads Bank for Social Security Strategic advisor Federal Public.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
© 2010 Dorsey & Whitney LLP Social Media Friday, September 17, 2010 The Committee on Finance & Information Technology (CFIT)
Outsourcing Louis P. Piergeti VP, IIROC March 29, 2011.
BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.
Privacy Codes of Conduct as a self- regulatory approach to cope with restrictions on transborder data flow Dr. Anja Miedbrodt Exemplified with the help.
Rule Dynamics: A Journey into Organizational Intelligence Exploring the tension between performance and accountability.
Questions, Quandaries, and Random Thoughts Laura E. Hunter
Presentation to Senior Management MiFID for Senior Managers Introduction These slides introduce the big changes for senior management from MiFID.
The Private Sector and Building Effective Demand for Corporate Governance Caribbean Corporate Governance Forum September g.
Managing the Privacy Function at a Large Company Kimberly S. Gray, Esq., CIPP Chief Privacy Officer Highmark Inc.
Can We Have EHRs and Privacy Too? Dr. Alan F. Westin Professor of Public Law and Government Emeritus, Columbia University; Principal, Privacy Consulting.
Knowledge Transfer - Policy Deirdre K. Mulligan School of Law School of Information University of California, Berkeley.
Mongolian Responsible Mining Centre presentation by Mr. O. Zorigt General manager of the MNMA.
European Standards on Confidentiality and Privacy in Healthcare Dr Colin M Harper Division of Psychiatry & Neuroscience Queen’s University.
Privacy of Home Energy Usage Data Jim Williams June 26, 2012 Jim Williams June 26, 2012.
The European influence on privacy law and practice Nigel Waters, Pacific Privacy Consulting International Dimension of E-commerce and Cyberspace Regulation.
Ole Kr. Fauchald Introduction to biodiversity n What is ”biodiversity”? ä Distinguish between levels of biodiversity ä Development of biodiversity.
Page 1 of 10 The Role of the Privacy Officer Roles of the CPO The CPO’s Top 10 Challenges.
Racing to the Top: Creating a Flexible Duty of Care to Secure Personal Information Deirdre K. Mulligan Clinical Professor Director, Samuelson Law, Technology.
Higher Education PKI Summit Meeting August 8, 2001 The ABA PAG Rodney J. Petersen, J.D. Director, Policy and Planning Office of Information Technology.
Federal Trade Commission U.S. Rules on Privacy and Data Security Organization for International Investment General Counsel Conference October 16, 2009.
Des Hudson Chief Executive Officer The Law Society.
6 Ethics and Privacy.
Comprehensive Volume, 18 th Edition Chapter 48: Securities Regulation.
Malcolm Crompton APEC Information Privacy Framework: review, impact, & progress APEC Symposium on Information Privacy Protection in E Government & E Commerce.
U.S. Department of Education Safeguarding Student Privacy Melanie Muenzer U.S. Department of Education Chief of Staff Office of Planning, Evaluation, and.
Privacy and Data Protection III Annual Latin American Telecommunications, Technology, and Internet Public Policy Forum Geff Brown, Assistant General Counsel.
2 Digital Citizenship
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
APEC Privacy Framework “The lack of consumer trust and confidence in the privacy and security of online transactions and information networks is one element.
Andrew Boyd, Kaven Williams, Ron Chin, Scott Densten, Diana Diamond, Chris Morgenthaler 1.
1 Compliance vs. the Law Department: How to Work Together Michael Dusseau Senior Director, Compliance North America Schering-Plough David Ralston, Esq.
RA/PM Ethics Within Campus Housing and Beyond. Why Ethics Is Important This is as an introduction to thinking ethically. We all have an image of ourselves.
Chapter 6 Ethics and Privacy © Ilin Sergey/Age Fotostock America, Inc.
Key Points for a Privacy Programme for Multinationals Steve Coope.
Information and Network security: Lithuania Tomas Lamanauskas Deputy Director Communications Regulatory Authority (RRT) Republic of Lithuania; ENISA Liaison.
 The U.S. Securities and Exchange Commission (SEC) oversees the key participants in the securities world.  Concerned with promoting disclosure of important.
Department of Computer Science Introduction to Information Security Chapter 8 ISO/IEC Semester 1.
Child Safe Standards How effective is your leadership team in promoting a child safe culture in your organisation? 2 June 2016.
School of Health Sciences Unit 4 Legal Aspects of Health Information and Health Care Statistics HI 135 Instructor: Alisa Hayes, MSA, RHIA, CCRC.
Consumer Information Federal Trade Commission Act grants Federal Trade Commission (FTC) responsibility regarding unfair methods of competition and unfair.
ERRA Workshop on Regulatory Monitoring of the Electricity Sector Almaty, Kazakhstan, January 31 – February 2, Policies for Information Disclosure.
Accountability & Structured Privacy Management
Data Sharing, Storage, & Consent
Competition, Regulation, The Digital Marketplace Session: Disruptive Technologies and Economic Regulations Dr. Derek Ireland : Policy Consultant and Lecturer.
Data Sharing, Storage, & Consent
CompTIA Security+ Study Guide (SY0-401)
D3 Confidentiality.
Tips on Privacy Audits and Assessments Insurance Consumer Affairs Exchange October 2, 2005 Kirk Herath, CPO & Associate General Counsel, Nationwide Insurance.
SYLVIA ROBERTS Communication librarian
Reflections on PIPEDA and the Future of Privacy Law in Canada
Managing Privacy Risk in Your Commercial Practices
SYLVIA ROBERTS Communication librarian
Move this to online module slides 11-56
Handling information 14 Standard.
How to Ensure Effective Implementation of a Competition law ?
Presentation transcript:

Privacy on the Books and on the Ground Kenneth A. Bamberger & Deirdre K. Mulligan University of California, Berkeley School of Law and School of Information Deirdre K. Mulligan Department of Commerce, May 7, 2010

Regulating for Privacy I.The Conventional Debate over privacy regulation “on the Books” II. Our Empirically-Based Project: privacy “on the Ground” III. Policy Implications? 2

3 I. The Conventional Debate – Critiquing U.S. Law Fragmented, under-inclusive, disconnected from rights framework, ill-defined 1995 study of corporate practices -systemic inattention & lack of resources -policies “non-existent” or not followed in practice -Low-level attention - Attributes failures to “ambiguity” regarding the legal meaning of privacy and legal requirements Advocates and Academics Push European-Style Regulation –comprehensive, unambiguous mandates

4 II. Our Project Revisiting Privacy “on the Ground” Sea change since 1995 Empirical Component »Chief Privacy Officer Interviews »Document Internal Practices »Enforcement Studies »Revisit Descriptive Account

Privacy on the Ground First Data from Qualitative Interviews with Leading U.S. Chief Privacy Officers –9 CPO leaders (per the information privacy community) –Cross-Industry –Semi-structured interviews –Baseline for a large-scale survey of privacy practices in other U.S. firms –Striking uniformity as to three elements

U.S. CPO Responses (1)The Limited Import of the Rules and “Compliance” to Privacy (a) Compliance as a “starting point only” (b) The shortcomings of FIPPS procedures in guiding decisions in light of ubiquitous computing 6

U.S. CPO Responses (2) An Alternative Conception of Privacy Protecting Consumer Expectations/Avoiding Harm to Expectations “consistent with customer or individual expectations” “Do they get the heebie jeebies, you know? Is it kind of creepy?” “[H]ow likely, is a customer going to be comfortable using our service in the future?” “Trust, trust, trust, trust.” 7

U.S. CPO Responses (2) Alternative Approach to manage P as CE - From Compliance to Risk Management Evolving, dynamic and contextual “looking around corners” “the next thing that’s coming down the pike because if you get caught unawares, you’re behind the ball” “Privacy is how you apply information usage to new contexts, whether it's the creative marketing, or a new product you want to develop, so it's very contextual.” I want to keep changing the way we’re doing business so it is dynamic, so we are, you know, trying to mitigate the risk of the day while keeping our core program in place. And so we’re changing... I don’t keep [processes the same] the same. Implications for Internal Structures (Separate Paper) 8

U.S. CPO Responses (3) External Influences on Privacy’s Conception –Federal Trade Commission consumer protection authority –State Data Breach Notification Laws –Professionalization and Networks 9

10 A New Account of U.S. Privacy Law “New Governance” at the Federal Trade Commission Exploiting Regulatory Ambiguity Soft and Hard Guidance Workshops, White Papers and Roving Enforcement Powers A site for Advocates Comparisons with Europe

11 Policy Implications

Broadening the Conventional Debate 12 Take account of law in practice and on paper Concern with substance and form Rules v. standards + enforcement Power of civil society + market in regulatory context More to the story than: “Omnibus” privacy laws robust procedural protections dedicated data privacy commissioners Piecemeal regulation by sector; much left unregulated No dedicated regulator Reliance on corporate self-regulation

Policy Implications... for the Substantive Debate Over Privacy Regulation - Recognizing technology shifts - Recognizing context - Overcoming collective action/behavioral problems with assigning privacy to individual choice 13

Beyond Conventional Debate “Informational Self- determination” through process “notice and consent” EULA/TOS 14

Policy Implications... Contextually grounded expectations what expectations do consumers as a whole bring to the table But I do have an expectation of privacy when it comes to my , and I think that even in this age of social-networking TMI, most people still think of as a safe place for speaking privately with friends and family. And for Google to come along and broadcast that network to the world without asking first—and force you to turn it off after the fact—is, I think, both shocking and unacceptable. Molly Wood, CNET 15

Policy Implications... for the Debate Over Privacy’s Form Regulatory Specificity vs. Ambiguity Empowering those inside organizations Bottom-up and top-down policymaking Normative conservatism in the face of technological change 16

Questions 17 Bamberger, Kenneth A. and Mulligan, Deirdre K., “Privacy on the Books and on the Ground,” forthcoming Stanford Law Review, Vol. 63, 2010 Available at SSRN: Support Rose Foundation, Consumer Privacy Rights Fund TRUST (The Team for Research in Ubiquitous Secure Technology) National Science Foundation NSF CCF

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.