Presentation is loading. Please wait.

Presentation is loading. Please wait.

Privacy on the Books and on the Ground Kenneth A. Bamberger & Deirdre K. Mulligan University of California, Berkeley School of Law and School of Information.

Published bySylvia Patterson Modified over 9 years ago

Similar presentations

Presentation on theme: "Privacy on the Books and on the Ground Kenneth A. Bamberger & Deirdre K. Mulligan University of California, Berkeley School of Law and School of Information."— Presentation transcript:

1 Privacy on the Books and on the Ground Kenneth A. Bamberger & Deirdre K. Mulligan University of California, Berkeley School of Law and School of Information Deirdre K. Mulligan Department of Commerce, May 7, 2010

2 Regulating for Privacy I.The Conventional Debate over privacy regulation “on the Books” II. Our Empirically-Based Project: privacy “on the Ground” III. Policy Implications? 2

3 3 I. The Conventional Debate – Critiquing U.S. Law Fragmented, under-inclusive, disconnected from rights framework, ill-defined 1995 study of corporate practices -systemic inattention & lack of resources -policies “non-existent” or not followed in practice -Low-level attention - Attributes failures to “ambiguity” regarding the legal meaning of privacy and legal requirements Advocates and Academics Push European-Style Regulation –comprehensive, unambiguous mandates

4 4 II. Our Project Revisiting Privacy “on the Ground” Sea change since 1995 Empirical Component »Chief Privacy Officer Interviews »Document Internal Practices »Enforcement Studies »Revisit Descriptive Account

5 Privacy on the Ground First Data from Qualitative Interviews with Leading U.S. Chief Privacy Officers –9 CPO leaders (per the information privacy community) –Cross-Industry –Semi-structured interviews –Baseline for a large-scale survey of privacy practices in other U.S. firms –Striking uniformity as to three elements

6 U.S. CPO Responses (1)The Limited Import of the Rules and “Compliance” to Privacy (a) Compliance as a “starting point only” (b) The shortcomings of FIPPS procedures in guiding decisions in light of ubiquitous computing 6

7 U.S. CPO Responses (2) An Alternative Conception of Privacy Protecting Consumer Expectations/Avoiding Harm to Expectations “consistent with customer or individual expectations” “Do they get the heebie jeebies, you know? Is it kind of creepy?” “[H]ow likely, is a customer going to be comfortable using our service in the future?” “Trust, trust, trust, trust.” 7

8 U.S. CPO Responses (2) Alternative Approach to manage P as CE - From Compliance to Risk Management Evolving, dynamic and contextual “looking around corners” “the next thing that’s coming down the pike because if you get caught unawares, you’re behind the ball” “Privacy is how you apply information usage to new contexts, whether it's the creative marketing, or a new product you want to develop, so it's very contextual.” I want to keep changing the way we’re doing business so it is dynamic, so we are, you know, trying to mitigate the risk of the day while keeping our core program in place. And so we’re changing... I don’t keep [processes the same] the same. Implications for Internal Structures (Separate Paper) 8

9 U.S. CPO Responses (3) External Influences on Privacy’s Conception –Federal Trade Commission consumer protection authority –State Data Breach Notification Laws –Professionalization and Networks 9

10 10 A New Account of U.S. Privacy Law “New Governance” at the Federal Trade Commission Exploiting Regulatory Ambiguity Soft and Hard Guidance Workshops, White Papers and Roving Enforcement Powers A site for Advocates Comparisons with Europe

11 11 Policy Implications

12 Broadening the Conventional Debate 12 Take account of law in practice and on paper Concern with substance and form Rules v. standards + enforcement Power of civil society + market in regulatory context More to the story than: “Omnibus” privacy laws robust procedural protections dedicated data privacy commissioners Piecemeal regulation by sector; much left unregulated No dedicated regulator Reliance on corporate self-regulation

13 Policy Implications... for the Substantive Debate Over Privacy Regulation - Recognizing technology shifts - Recognizing context - Overcoming collective action/behavioral problems with assigning privacy to individual choice 13

14 Beyond Conventional Debate “Informational Self- determination” through process “notice and consent” EULA/TOS 14

15 Policy Implications... Contextually grounded expectations what expectations do consumers as a whole bring to the table But I do have an expectation of privacy when it comes to my e-mail, and I think that even in this age of social-networking TMI, most people still think of e-mail as a safe place for speaking privately with friends and family. And for Google to come along and broadcast that network to the world without asking first—and force you to turn it off after the fact—is, I think, both shocking and unacceptable. Molly Wood, CNET 15

16 Policy Implications... for the Debate Over Privacy’s Form Regulatory Specificity vs. Ambiguity Empowering those inside organizations Bottom-up and top-down policymaking Normative conservatism in the face of technological change 16

17 Questions 17 Bamberger, Kenneth A. and Mulligan, Deirdre K., “Privacy on the Books and on the Ground,” forthcoming Stanford Law Review, Vol. 63, 2010 Available at SSRN: http://ssrn.com/abstract=1568385http://ssrn.com/abstract=1568385 Support Rose Foundation, Consumer Privacy Rights Fund TRUST (The Team for Research in Ubiquitous Secure Technology) National Science Foundation NSF CCF-0424422

Download ppt "Privacy on the Books and on the Ground Kenneth A. Bamberger & Deirdre K. Mulligan University of California, Berkeley School of Law and School of Information."

Similar presentations

The HIPAA Colloquium Harvard University August 22, 2002 HIPAA Compliance Strategies for the Pharmaceutical Industry John T. Bentivoglio 202.942.5508

The HIPAA Colloquium Harvard University August 22, 2002 HIPAA Compliance Strategies for the Pharmaceutical Industry John T. Bentivoglio
Elephants and Mice Revisited: Law and Choice of Law on the Internet Professor Peter P. Swire Moritz College of Law Ohio State University Penn Law Review.

Elephants and Mice Revisited: Law and Choice of Law on the Internet Professor Peter P. Swire Moritz College of Law Ohio State University Penn Law Review.
Interaction of RFID Technology and Public Policy Presentation at RFID Privacy MIT 15 TH November 2003 By Rakesh Kumar

Interaction of RFID Technology and Public Policy Presentation at RFID Privacy MIT 15 TH November 2003 By Rakesh Kumar
Product Stewardship Paradigm Shifts Beth Turner Global Director – Sustainability and Product Stewardship E. I duPont de Nemours and Co, Inc. Asia Pacific.

Product Stewardship Paradigm Shifts Beth Turner Global Director – Sustainability and Product Stewardship E. I duPont de Nemours and Co, Inc. Asia Pacific.
© 2003 IBM Corporation www.ibm.com/security/privacy Preparing for Privacy Society of Internet Professionals January 19, 2004 Nigel Brown Senior Privacy.

© 2003 IBM Corporation Preparing for Privacy Society of Internet Professionals January 19, 2004 Nigel Brown Senior Privacy.
Can the US Meet International Privacy Standards in an Era of Personal Health Records, Consumer Scores and Watch Lists? UNSW's Cyberspace Law and Policy.

Can the US Meet International Privacy Standards in an Era of Personal Health Records, Consumer Scores and Watch Lists? UNSW's Cyberspace Law and Policy.
Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator.

Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator.
Research Update- July 11, 2009 Andrew Boyd 1.  Study recap  Status of bibliographical research  Problems with mental models  Model revision and re-design.

Research Update- July 11, 2009 Andrew Boyd 1.  Study recap  Status of bibliographical research  Problems with mental models  Model revision and re-design.
How to Prepare for the Fall Exam COM380/CIT304 Harry Erwin, PhD University of Sunderland.

How to Prepare for the Fall Exam COM380/CIT304 Harry Erwin, PhD University of Sunderland.
The U.S.-E.U. Safe Harbor Framework The U.S.-E.U. Safe Harbor Framework New Developments in Data Flows, Standards, & Compliance Damon Greer U.S. Department.

The U.S.-E.U. Safe Harbor Framework The U.S.-E.U. Safe Harbor Framework New Developments in Data Flows, Standards, & Compliance Damon Greer U.S. Department.
Taking Steps to Protect Privacy A presentation to Hamilton-area Physiotherapy Managers by Bob Spence Communications Co-ordinator Office of the Ontario.

Taking Steps to Protect Privacy A presentation to Hamilton-area Physiotherapy Managers by Bob Spence Communications Co-ordinator Office of the Ontario.
A New Approach to More Effective Regulation? 4 th Symposium on Regulatory Reform, Institute of International Parliamentary Affairs. Dr. Bettina Lange,

A New Approach to More Effective Regulation? 4 th Symposium on Regulatory Reform, Institute of International Parliamentary Affairs. Dr. Bettina Lange,
1st MODINIS workshop Identity management in eGovernment Frank Robben General manager Crossroads Bank for Social Security Strategic advisor Federal Public.

1st MODINIS workshop Identity management in eGovernment Frank Robben General manager Crossroads Bank for Social Security Strategic advisor Federal Public.
Chapter 20 20-1 © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
© 2010 Dorsey & Whitney LLP Social Media Friday, September 17, 2010 The Committee on Finance & Information Technology (CFIT)

© 2010 Dorsey & Whitney LLP Social Media Friday, September 17, 2010 The Committee on Finance & Information Technology (CFIT)
Outsourcing Louis P. Piergeti VP, IIROC March 29, 2011.

Outsourcing Louis P. Piergeti VP, IIROC March 29, 2011.
BITS Proprietary and Confidential © BITS 2003. Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.

BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.
Privacy Codes of Conduct as a self- regulatory approach to cope with restrictions on transborder data flow Dr. Anja Miedbrodt Exemplified with the help.

Privacy Codes of Conduct as a self- regulatory approach to cope with restrictions on transborder data flow Dr. Anja Miedbrodt Exemplified with the help.
Rule Dynamics: A Journey into Organizational Intelligence Exploring the tension between performance and accountability.

Rule Dynamics: A Journey into Organizational Intelligence Exploring the tension between performance and accountability.
Questions, Quandaries, and Random Thoughts Laura E. Hunter

Questions, Quandaries, and Random Thoughts Laura E. Hunter

Similar presentations

Ads by Google