Exploring “Databuse” and Online Trusteeship
What is privacy? Depends on who you ask.
This week CDT, in partnership with the Brookings Institute, co-hosted a discussion on the concept of “databuse” and its application to regulatory structures. “Databuse” is a term used by Benjamin Wittes in his 2011 paper entitled “Databuse: Digital Privacy and the Mosaic.” The panel featured Wittes and fellow Brookings scholar Wells Bennett, with CDT Consumer Privacy Director Justin Brookman acting as the panel host and offering counterpoints to encourage discussion.
In his paper, Wittes argues that the word privacy does not adequately address the values that underlie the concept and proposes databuse as a more appropriate alternative. This word is meant to capture the specific misuse of an individual’s information by the entity to which it was entrusted. It addresses the overuse of privacy to broadly define rights that have become much more nuanced and complicated in the era of big data. “When we use the word privacy,” Wittes argued on Tuesday night, “We aren’t always talking about the same value.”
Instead, Wittes argues that a better approach is to create a core set of principles that describe violations of privacy (“databuse”) and create policy around those principles. Until that happens, he claims, it will be impossible to find statutory solutions that uphold and protect consumers’ privacy rights.
Wittes recently published a follow-up paper with co-author Wells Bennett titled, “Databuse and a Trusteeship Model of Consumer Protection in the Big Data Era.” This paper uses the concept of databuse to discuss how to govern what first-party providers should do with our data. Brookman commented that the trusteeship model that Wittes and Bennett argued for in their paper was a good one, but what will be most important in that dynamic is ensuring users understand what personal data they’re giving away and what they’re getting in return for it.
Brookman’s point addressed the heart of much consumer confusion: opaque and confusing privacy policies. Wittes wasted no time in emphasizing that true trusteeship means transparency and integrity in upholding the spirit of privacy policies, not the letter.
“If the aggregate presentation [of a privacy policy] is of caution,” he explained, “the letter of the law doesn’t matter.”
Two areas that the discussion highlighted as needing more research and debate included how to address the relationship between the consumer and third parties and whether behavioral advertising and testing is acceptable.
While the paper itself was limited to first-party relationships or companies with whom users have a direct relationship (for example, a user giving consent to Google to use their information), the vast majority of consumer privacy concerns center around murkier, third party activities. This is particularly important given that third party advertising is integral to the Internet economy and has played a large part in shaping the Internet of today. To neglect analysis of these relationships would be doing a disservice to consumer privacy over all.
Behavioral advertising and testing are also on shaky ground as Facebook discovered earlier this year when consumers balked at their data being used for psychological research. But can behavioral advertising and testing be done in a way that is respectful of consumers and in line with their expectations? Wittes suggested that it can, if the practice of testing is transparent and upfront. Brookman was a bit more reserved in his commentary. “There must be a line,” he noted. “Are you trying to learn things out of scope or recklessly trying to provoke a reaction?”
The event also stimulated dialogue between the panel members and the audience, with intriguing questions coming out in the second half of the event. As a convener of diverse voices in the tech space, CDT looks forward to hosting similar events in the future.
