Privacy and Surveillance Key Concepts

Question 1

Privacy Paradox

Answer 1

People say they care about privacy but then do not do anything about it due to digital resignation

• People value privacy in different ways
• There are a range of stakeholders
• Different regulatory modalities

Question 2

Irwin Altman

Answer 2

Privacy is an interpersonal boundary-control process which places and regulates interactions with others. Privacy regulation by persons and groups is somewhat like the shifting permeability of a cell membrane. Sometimes person or group is receptive to outside inputs, and sometimes closes off contacts with the outside environment

Question 3

What are the different types of privacy?

Answer 3

Spatial

Decisional - we want to make decisions for ourselves without other people having control

Informational - freedom from unwanted surveillance

Question 4

What are the 3 values of privacy?

Answer 4

Autonomy - smaller scale

Democracy - larger scale, collectively make decisions and govern society ourselves

Protection against abuse of power

Question 5

Digital resignation w

Answer 5

People say they care about privacy and do nothing about it because they believe there is nothing they can do about it. The individual must try to secure their own privacy when they know those mechanisms will not really do anything

Question 6

Government Surveillance

Answer 6

Punishment, censorship, abuse of power

Question 7

Corporate Surveillance

Answer 7

Unfair treatment, manipulation, exploitation.

The sectoral approach of U.S. information privacy statutes

The central role of contracts / “notice and consent”

Question 8

4th Amendment

Answer 8

Right against “unreasonable searches and seizures” by law enforcement. Limits surveillance by law enforcement and security agencies. Rules of evidence

Question 9

U.S. Privacy Laws

Answer 9

Important U.S. privacy laws:
- Fair Credit Reporting Act, 1970
- Family Education Rights and Privacy Act, 1988
- Health Insurance Portability and Accountability Act, 1996
- Gramm-Leach-Bliley Act, 2008

Question 10

Sectoral vs. Omnibus Approach

Answer 10

Sectoral: creating specific regulations tailored to particular industries or types of data, allowing for flexibility and adaptability based on the unique needs and risks of each sector.

Omnibus: established a comprehensive framework that applied uniformly across all sectors, promoting consistency in privacy protections and simplifying compliance but potentially lacking the specificity needed for industry-specific challenges

Question 11

Notice and Consent

Answer 11

Requirement for organizations to inform individuals about data collection practices and obtain their explicit permission before processing their personal information, ensuring transparency and empowering individuals to make informed choices about their privacy. This principle aims to foster trust between data subjects and organizations while balancing the need for data use with individuals’ rights to control their personal information

Question 12

GDPR

Answer 12

General data protection regulation

Passed in 2016, went into effect in 2018

Covers all EU companies and all companies elsewhere processing data about EU citizens. Tried to strengthen notice and consent by:

1) raising the privacy floor through more protective minimal standards and default
2) creating more meaningful notice and consent procedures
3) imposing significant penalties for breaking the rules

Question 13

Contextual Integrity

Answer 13

Rejects notice and consent

Argues that:
1) new tech doesn’t enter into ethical vacuums
2) we have existing expectations about how information should flow, which are attached to particular social contexts
3) ethical burden is on data collectors to respect those norms, not on individual data subjects to police them