I. Privacy in the Digital Age
The Center for Democracy and Technology believes that interactive communications
media such as the Internet hold great potential for enhancing democratic
values and supporting the full realization of individual freedoms. Policies
that support and encourage the development of technologies that give individuals
control over the ideas and beliefs to which they are exposed, and the collection,
use and disclosure of their personal information, will lay the foundation
for a robust, thriving democracy in the Digital Age.
While optimistic about the privacy enhancing potential of the Digital Age, we believe that the core privacy principles of notice and individual control over personal information must inform the design of the information infrastructure if this potential is to be fully realized. We have a window of opportunity -- offering the chance to put privacy-enhancing technologies into the hands of individuals. To realize this promise, all members of the Internet community must come together to build an infrastructure that supports privacy policies and applications.
Our testimony offers a vision of an individual with the information and tools to make decisions about the collection, use and disclosure of personal information during each and every transaction on the Internet.
Section I sets the stage for a discussion of the Individual Empowerment solution by providing an overview of privacy considerations in the Digital Age. Sections II and III outline our Individual Empowerment model and offer a number of models for its implementation. Section IV examines the application of Individual Empowerment solutions to protecting children's privacy. Finally, Section V explores the potential of the Individual Empowerment model to move the Internet towards compliance with the EU Directive.
The Center for Democracy and Technology (CDT) is dedicated to preserving and enhancing democratic values and civil liberties on the Internet and other interactive communications media. CDT pursues its mission through public education, grass roots organizing, litigation, and coalition building. CDT is a non-profit, public interest organization (501 (c)(3)).
|I. Privacy in the Digital Age|
At its core, the Digital Age represents a dramatic shift in computing and
communication power. The decentralized, open nature of the network coupled,
with an emphasis on user control over information, are central to achieving
the First Amendment potential of the Internet. Through interactive technology,
individuals today can enjoy a here-to-fore unknown ability to exercise First
Amendment freedoms. Access to the Internet empowers individuals with an
enormous capacity to speak and be heard, and listen and learn. The development
of filtering and blocking devices that empower individuals to control the
inflow of information gives new meaning to the core First Amendment principle
that individuals should determine the ideas and beliefs deserving of expression,
consideration, and adherence. [ 1 ]
However, at this moment the impact of the Digital Age on individual privacy remains an open question. Will the Digital Age be a period in which individuals lose all control over personal information? Or does the Digital Age offer a renewed opportunity for privacy? The development of technologies that empower individuals to control the collection and use of personal information and communications -- such as encryption, and anonymous remailers, web browsers and payment systems -- are inspiring examples of the privacy-enhancing possibilities of interactive technology. However, we believe that the architecture of the Internet must be designed to advance individual privacy by facilitating individual control over personal information.
The rise of technologies that empower users of interactive communications media to affirmatively express control over personal information can fundamentally shift the balance of power between the individual and those seeking information. CDT believes this technological shift is possible and necessary, and offers us an unprecedented opportunity to advance individual privacy. However, this shift will only occur if interactive media is harnessed to advance individual privacy.
Rather than responding to the very real risks posed by new technology with the Luddite-call of "smash the machine," we are calling for a reversal of the technological status quo by demanding that technology be designed to empower people. We should seize the opportunity to vest individuals with the information and tools to express their desire for privacy in clear and effective ways, and have those desires acknowledged by information users, we can advance privacy. We believe that this post-Luddite approach will reinvigorate individual privacy in the Digital Age.
While strengthening existing laws, such as the Fair Credit Reporting Act and the Right to Financial Privacy Act, and enacting legislation to protect health records, are crucial to protecting individual privacy, individual empowerment technologies offer a powerful method of implementing the core principle of individual control where current gaps and weaknesses leave individual privacy vulnerable. We believe that user controlled technologies that enable individuals to protect the privacy of their communications and personal information, offer an unprecedented opportunity to extend real protections for individual privacy around the world.
Understanding the value of privacy to individuals and society, and developing
the principles through which privacy can best be preserved is essential,
if we are to develop a cohesive, rational model for realizing individual
privacy on the Internet. [ 2 ] We must understand
why preserving and enhancing privacy is an ultimate "good," and
agree upon a set of privacy principles, before we can come to decisions
on how best to apply them to this new media.
An emblem of a vibrant, participatory democracy is the ability of people to develop as individuals, separate and distinct from one another, with the confidence to hold and express their own political opinions, beliefs and preferences. A free society tolerates -- even revels in -- such individuality, recognizing it as the bedrock of an open society, as a necessary precursor to free speech and political participation.
People must be able to maintain some control over personal information in order to fully realize other core values, including autonomy, liberty, free expression and civic participation. This facet of privacy is uniquely implicated in our move to interactive technology. [ 3 ] By preserving privacy, society provides individuals with the solitude and isolation necessary for the individual to develop her identity, form her own thoughts and opinions, and establish intimate connections with others. Equally important, privacy allows the individual to step forward to participate in the affairs of society without losing all control over personal information. It is axiomatic that an individual's willingness to engage in the activities of the community will be tempered by the degree to which he or she is able to maintain control over the development and presentation of one's self. [ 4 ] In the absence of control over the development of one's self, individual autonomy and self-determination are eroded.
B. Weakness of current privacy protections
A number of factors have contributed to the weak state of individual privacy
protection in the U.S. First, until fairly recently, technology has been
in the hands of the government and large corporations. It has been deployed
to meet governmental needs -- often the need to monitor, survey, and track
individuals -- using increasingly invasive techniques. Similarly, technology
has been used by businesses to collect information on individuals often
without their knowledge or consent and, frequently, to use personal information
collected for one purpose to make decisions about the individual in unrelated
Second, in the U.S., privacy protections for personal information are incomplete and scattered throughout case law [ 5 ], federal and state statutes, and executive branch reports. [ 6 ] Despite the clear articulation of principles that would, if implemented, preserve individual privacy, individuals continue to experience an erosion of privacy. In particular, individuals in this country report an escalating fear that individual privacy is in greater peril each day due to increased computerization of personal information. [ 7 ]
The use of technology to meet the information needs of government and business has disempowered individuals. Technology has escalated the collection of detailed personal information and enabled massive data sharing between entities for unrelated purposes -- all without the individual's consent. Today, privacy protection frequently takes the form of an eight page disclaimer waiving any claim to privacy which the individual must sign prior to receiving a service or benefit. The perception of technology as an invasive tool of "big brother" and "big government" has led civil libertarians and average citizens to consistently demand legal protection -- be it judicial or legislative -- from the incursions on privacy and liberty made possible by the uncontrolled use of technology.
Even where there has been an attempt to codify fair information practices through statute, regulations, or industry guidelines, the results have generally fallen far short of the desired goal -- to have individuals control the collection, use, and disclosure of personal information. This is not to underestimate the importance of hard fought battles to craft statutory privacy protections for personal information. Existing privacy laws in areas such as banking, cable, credit, educational and video records set important limits on the use and disclosure of personal information. However, there is not a statute on the books that gives the individual simple, meaningful, up-front, control over personal information. The sector by sector approach of existing U.S. law makes analytic sense, but progress has been slow and many gaps remain.
As a result of this dynamic, efforts to preserve information privacy can be characterized as a constant struggle to set limits on the invasions of privacy -- the misuse, unauthorized collection, and unauthorized disclosure of personal information -- made possible and practical through technology.
C. New challenges to privacy
Once divulged, bits of personal information can reveal what we think, believe,
and feel. No other medium generates personal information with the granularity
of the Internet. Information is generated and captured each time an individual
enters a Web site, views a picture, FTP's a file, or sends an email. Information
is needed to complete each transaction; however, this information, disclosed
over a period of time, in a variety of circumstances, can reveal details
of the individual's habits, beliefs, and affiliations. The individual "womb
to tomb dossiers" of personal information Arthur Miller warned us of
30 years ago may be readily available -- not stored in a central database,
but culled from a variety of sources and pulled together instantaneously
to create a detailed profile of nearly anyone on the Internet. [ 8 ]
Currently few people are aware of the vast amount of information generated and captured -- and potentially used and disclosed -- during the use of interactive communications media. Unlike the traditional paper-based world where the individual is typically aware that they are providing an entity with information (they present a credit card, or receive a billing statement from the phone company) much of the information gathering on the Internet occurs during browsing or other relatively passive activities. Individuals visit Web sites, read articles, and examine pictures under the illusion that their activities are anonymous or at least unobserved.
In an effort to increase public demand for privacy protection, last week CDT launched a privacy demonstration Web site which greets each visitor with detailed personal information including their name, email address, computer and browser type and the universal resource locator (URL) indicating the Web site from which they came. Initial visitors expressed alarm at the detailed personal information that is routinely recorded by Web sites, Internet providers, and online commercial service providers. In addition, CDT has established an online clearinghouse to highlight existing privacy policies of commercial online service providers. Over the next year, we will expand the clearinghouse to include information on the information practices of Internet service providers, content providers and browsers. Through education we hope to create public demand for stronger more ubiquitous privacy policies and applications. [ 9 ]
Interactive media offers new challenges to privacy. There is growing public concern that the non-consensual, surreptitious collection of personal information is undermining individual privacy. [ 10 ] The lack of transparency about information collection and use on the Internet builds upon this concern. Without the knowledge that information is being collected and used, individuals are unable to make informed decisions to preserve their privacy. People are uncomfortable when they learn that software is available and in use that allows Web site operators and other content providers to easily record their online activities unbeknownst to them. [ 11 ]
As news stories expose the privacy risks of new services and applications such as Deja News [ 12 ], and cookies [ 13 ], individuals may become more reticent in their use of the Internet. The lack of accurate information about the collection, use and disclosure practices of entities on the Internet, may chill speech and political activity on the Internet. Individuals may hesitate and pull back from participating in desirable activities such as signing online petitions to Congress. [ 14 ] They may withdraw from participating in online discussions or visiting Web sites that contain information on sensitive topics such as sex and health.
Policy makers around the world our beginning to address the privacy concerns that threaten to undermine individuals' willingness to partake in First Amendment and commercial activities on the Internet. While few concrete solutions have been proposed, privacy's pivotal role in promoting speech and other democratic values has been recognized. Despite general agreement that individual privacy must be preserved -- and even enhanced -- in cyberspace, we are just beginning to explore the means to make privacy work in this new media. [ 15 ]
Interactive communications media offer both risks and opportunities to securing
individuals' privacy. To have privacy in the Digital Age one must be able
to both enjoy solitude and to make decisions about what, if any, personal
information to divulge, to whom and for what purpose. In the Digital Age
technology can be harnessed to advance privacy by empowering individuals
to control the flow of information on a case by case, setting by setting
basis, by expressing his or her privacy desire. Through the implementation
of existing laws, continued pressure to develop additional laws to protect
personal information in various sectors, and the implementation of individual
empowerment solutions that give people the ability to control personal information
through full notice and meaningful consent, the Internet can be shaped to
support individual privacy.
From the Luddite movement of the early Nineteenth century through publication of David Burnham's Rise of the Computer State, technology has rightfully been viewed as a tool by which the interests of the individual are subsumed to the more powerful interests of the government and big business. While privacy advocates must continue to push for laws, the ability to empower people to directly express privacy choices through user controlled technologies has the potential to significantly alter the traditional relationship between individuals and technology.
We must seize the opportunity to move beyond the current debate over the intrusive nature of technology and seize the opportunity to ensure that privacy protection is a core element of this new communications media. [ 16 ] By building privacy in at the front-end we can craft an environment where each individual gets to decide the level at which information is protected instead of relying on the government and the private sector to mete out weak protections on a sector by sector basis leaving large quantities of personal information unprotected and vulnerable.
The privacy potential of interactive communications media will be realized only through the concerted efforts of policy makers, the public interest community and the communications and computer industries. CDT is exploring the creation of a PICS-like process for privacy with the Massachusetts Institute of Technology (MIT), the World Wide Web Consortium, public interest organizations, and Internet content and service providers. If embraced and implemented, we believe that technology tools, coupled with fair information practices can provide an effective method of making individual privacy a reality on the Internet. Individual empowerment technologies which facilitate both the communication of Web site operator's information practices to users, and the communication of individuals' privacy preferences to Web site operators, will give users maximum control over personal information.
Individual empowerment solutions support core individual privacy and First
Amendment principles and offer an effective method of ensuring respect for
individual privacy in a medium populated by a diversity of players. While
existing laws that protect personal information in particular sectors must
apply regardless of the medium, much of the information generated online,
and many of the Internet service and content providers who collect and use
information, are not covered by existing statutes.
Due to the extent and detailed nature of personal information that can be generated, collected and used during online activities, it is essential that individuals be able to control the flow of this information. Through the implementation of core privacy principles through policies and technologies that empower the individual to independently control the flow of personal information, we can give individuals a meaningful tool with which to fill existing gaps in both law and practice.
CDT believes that people should be provided meaningful notice of information
practices, and the tools to control the use and disclosure of personal information.
Privacy is valued differently by each person. Similarly, an individual's
desire for privacy may vary in different situations. Decisions about the
collection, use and disclosure of personal information have a profound impact
on an individual's ability to exercise First Amendment protected activities.
The individualized nature of privacy and the impact that privacy decisions
may have on other rights and activities, support an approach that vests
control in the individual. Individual empowerment solutions can provide
individuals with the information and tools to make decisions with independence
and flexibility. [ 17 ]
Through individual empowerment solutions we can advance individual control over personal information by:
2. Maximizing the Democratic Potential of the Internet
Individual empowerment solutions use the Internet's unique features to advance
privacy. Individual empowerment solutions build upon the medium's interactivity.
The two-way communication supported by interactive media make the exchange
of information about privacy preferences and practices simple, inexpensive,
and in many instances seamless. The diversity of players on the Internet
-- from the individual with a personal Web site, to the many political Web
sites, to large corporations, require that if we are to develop a uniform
approach to privacy -- which we believe we should -- it must be a solution
that addresses the privacy needs of individuals in each interaction. Shaping
the architecture of the Internet to support individual control over personal
information offers an effective method of preserving privacy in this context.
Similar to the characteristics of the medium itself, the social and political nature of Internet users is distinct in ways that may be important to privacy considerations. First, even in its nascent stage, the Internet has shown itself to be responsive to those who populate it. [ 18 ] Second, many pioneers of the electronic frontier are self-described libertarians. Third, the Internet is alive with people engaged in a host of activities that many consider sensitive. [ 19 ] Both the people engaged in these activities and those establishing the areas where they take place, have a strong interest in developing an environment that engenders trust and confidence in its users. This may bode well for privacy. The combination of a medium that has been responsive to its users, early users who are known privacy fundamentalists, and a tradition of people engaging in activities that they want to keep private, may prove a hopeful combination for individual privacy.
|III. Technologies of Privacy|
We believe that technologies must be designed to give people control over personal information by allowing users to avoid Web sites with inappropriate information collection and use practices, and allowing them to set privacy preferences that prevent or limit the collection, use and disclosure of personal information. Building upon the success of the Platform for Internet Content Selections (PICS) -- a values-neutral platform that enables parents to exercise control over children's access to inappropriate material -- and other user empowering technologies, CDT believes that we can develop applications that maximize individual control over information. In the past ten months, the PICS platform has evolved from concept to final release of standards. Over the next few months, every major browser and online service will update products to include the programming necessary to read and interpret PICS labels. At least four different content labeling and rating services will be available to the public. And there will be two Web-based bureaus where content owners can create their own descriptive labels. In the very near future, PICS will be widely available on the Internet.
A. Privacy Preferences: Enable Individuals to Control the Flow of Personal Information
Technologies that allow users to communicate privacy preferences to Web
sites can promote individual control over the extent and nature of personal
information, if any, that flows to each Web site and its subsequent use
and disclosure. In the normal course of an interaction between a Web site
and a user much information is exchanged in both directions. The user receives
whatever content the Web site has to display. The Web site often maintains
logs of personal transactional information on each visitor.
By allowing the individual or parent to configure their own privacy preferences that are communicated by their browser to each Web site they visit, individual empowerment solutions enable individuals to view material on a Web site while maintaining control over personal information. Technology can be used to communicate limits on the use and disclosure of personal information revealed [ 20 ], or block the collection of personal information altogether. [ 21 ]
The following three scenarios play out possible interactions between a Web site equipped with this enhanced PICS application and a user who has configured privacy preferences. Scenario 1 describes the interaction between a Web site with a policy of accepting all visitors and complying with all limits they have set on the collection, use and disclosure of personal information. Scenarios 2 and 3 describe the interaction between the individual and a Web site with specific information practices. In Scenario 2 the individual's privacy preferences and the Web site's information practices match. In Scenario 3 the individual's privacy preferences and the Web site's information practices are incompatible.
Scenario 1: The Web Site that pleases all users
A Web site operator has made the decision to maximize the number of individuals who visit their site. Using capabilities built into his server software that carry individuals' privacy preferences along with their personal information, the Web site operator has configured his site to accept individuals with all privacy preferences.
Scenario 2: The Perfect Match: Individual's privacy preferences and Web site's practices match.
Using a standard format a Web site operator provides notice of their information practices which is read by the individual's browser and compared with the individual's privacy preference. They are compatible so the person enters the Web site without further dialogue.
Scenario 3: A Mis-match of Preference and Practice: Individual's preferences and Web site's practices differ.
As in scenario 2, a Web site operator has provided a notice of information practice in a standard format and the individual has a browser which is capable of, and configured to, read and compare the notice with the individual's privacy preference. In this instance the individual's preference and Web site's practices are incompatible.
B. Block Bad Actors: Limit Access to Sites With Abusive Information Collection Practices
Existing PICS technology can enable individuals to block access to World
Wide Web sites which engage in unfair information collection procedures
(defined by either the individual or an organization). [ 22 ]
The PICS approach is flexible enough that an individual can prevent access
to pages that contain information collection forms, without prohibiting
access to the entire Web site. Today, consumer groups, privacy organizations,
or industry self-regulatory bodies can easily create PICS rating systems
which would be used to block access to Web pages based on the strength or
lack of privacy practices.
The following two scenarios play out the privacy applications possible with current PICS technology. In Scenario 1 a third-party has developed a list of "good actors" (based on any subjective criteria) which is used by an individual to control her access to the Web. In Scenario 2 a third-party has developed a list of "good actors" which a mother is using to direct her child's access to Web sites.
Scenario 1: The Pro-privacy list: Individual only wants to visit "good" actors
Consumer only wants to visit sites that Privacy First has placed on its index of pro-privacy Web sites.
Scenario 2: The Protective Parent: Parent limits child's access to "good" actors
Parent only wants child to visit Internet sites that are on Privacy First's
"child list" of Web sites that don't solicit personal information.
Here we have a parent who is concerned about her son's activities on the Internet. In particular, she is concerned that her son may be revealing his name, and email and street addresses to others. She is interested in limiting her son's access to pages of Web sites that contain information collection forms.
The scenarios above represent the potential for the Internet to develop
and flourish as a medium that allows the strongest expression of personal
privacy. The individual is able to decide in an informal manner, at the
front-end, without coercion, what if any information to divulge and for
what purpose it may be used. We have an opportunity to truly empower individuals
to take charge and control the flow of personal information by developing
and implementing technologies that vest simple methods for exercise meaningful
control over personal information in the individual. If our goal is to fully
implement the core privacy principle -- individual's have the right to control
the collection, use and disclosure of their personal information -- on the
Internet, policies that build upon the innate ability of interactive communications
media to support individual control hold great promise.
|IV. Protecting Children's Privacy Online|
The issue of children's information privacy on the Internet has caught the
public's eye. Children are an increasingly large segment of the Internet
user population. The Internet offers children, like adults, a tremendous
opportunity to exchange ideas and participate in a world outside their window.
However, the ease with which children can access ideas, reveal information
about themselves, and participate in a range of activities without parental
supervision, has and will continue to be a subject of concern.
CDT is dedicated to enhancing children's privacy on the Internet. We believe that individual empowerment solutions coupled with fair information practices and policies, parental involvement, and strong government response to deceptive and unfair information collection practices, can best protect children's privacy.
The Internet is currently being designed to support parental empowerment solutions which can be implemented without curtailing the availability of information, nor limiting the speech and associational rights of other Internet users. Through user control technology parents can:
CDT believes that parental empowerment technologies provide a solution that gives parent's real control over information. Technologies that allow minors or parents to exercise control over the collection, use and disclosure of children's personal information both affirm minors' independent interest in making decisions regarding personal information, and provide the flexibility to accommodate different parental judgments and preferences regarding childrearing and privacy. By allowing parents to decide the age at which, or situations in which, a minor is mature enough to independently exercise control over personal information, and those in which the parent will decide in their stead, user controlled technologies support minors' independent rights, facilitate parental involvement, and avoid one-size-fits-all solutions.
B. Avoiding rules that may infringe on other rights
The close nexus between individual privacy and First Amendment freedoms
demands careful inspection of rules designed to protect privacy. Protecting
children's privacy online requires a policy that fosters individual privacy
while facilitating minors and parents to in addressing their particular
privacy and safety concerns.
Individual empowerment technologies avoid a host of thorny constitutional issues raised by age-based limitations and provide parents with the ability to exercise control over personal information on behalf of their children. Alternative proposals for protecting children which turn on age-based rules to control information use may require entities operating online to verify the age of each individual with whom they interact. Age verification may well escalate the collection of personal information and ultimately lead to the creation of a nation-wide lists of users and their ages which would directly implicate fundamental rights of freedom of association, [ 23 ] and undermine individual privacy. In addition, implementing identification requirements on the Web would limit all Internet users ability to read, speak, receive information [ 24 ], and interact online under Constitutionally-protected conditions of anonymity. [ 25 ]
|V. European Union Data Protection Directive|
In July, 1995, the European Union (EU) adopted the Directive On the Protection
of Individuals with regard to the Processing of Personal Data and on the
Free Movement of such Data (known as the "Data Protection Directive").
In essence, the Directive sets forth rules relating to individual access
to personal data, requires individual consent prior to certain uses of personal
information, calls for "appropriate" security safeguards to be
put in place by companies handling personal information, and requires member
countries to create "supervisory authorities" to oversee implementation
of the Directive. The intent behind the Directive is to harmonize the data
protection laws within the EU, providing European citizens with a minimum
level of data protection.
The Directive's reach stretches far beyond the limits of the European community by limiting the transfer of data to non-member countries that do not ensure an "adequate" level of data protection. [ 26 ] Although the contours of the "adequacy" standard are unclear, it is certain that the Directive has the potential to seriously impede the flow of data from member states to the United States.
The goal of the Directive is "to protect the fundamental rights and
freedoms of natural persons, and in particular their right to privacy, with
respect to the processing of personal data "that is automated or contained
in a "filing system" structured to permit easy access to personal
data. (Articles 1 & 3) Data protection -- referred to in the United
States as information privacy --is considered a fundamental human right
in Europe, which must be preserved as the EU moves to a common, internal
market. [ 27 ] To protect privacy, the Directive
establishes a core set of fair information practice principles to apply
to data held by both the public and private sectors.
Consistent with the Fair Information Practice Principles developed by HEW in 1973, the Directive calls for clear notice, informed consent for data use, individual access and correction rights, and data reliability and security . In addition, the Directive calls on Member countries to provide judicial remedies for failures to comply with the directive and to establish independent "supervisory authorities"-- with whom all data controllers must register -- to oversee implementation and enforcement of the Directive.
The Directive sets additional limits on the collection of data. All data must be adequate, relevant and not excessive in relation to the purposes for which they are processed," and the purposes must be explicit and legitimate and determined at the time of collection. The purpose of any additional processing "shall not be incompatible with the purposes as they were originally specified." (Articles 6 & 7)
The Directive carves out particular types of information for heightened protection. It requires "the data subject's explicit consent" for the processing of sensitive data (capable by their nature of infringing fundamental freedoms or privacy, such as data relating to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, and data relating to health or sex life). In addition, the Directive allows that some countries may prohibit the processing of data despite the consent of the subject. (Article 8)
The Directive acknowledges that privacy, like other values, is not absolute and exists in relation to, and at times in tension with, other important societal values. The Directive acknowledges circumstances in which personal data may be processed without consent, such as for " the performance of a task carried out in the public interest or in the exercise of official authority, or in the legitimate interests of a natural or legal person, provided that the interests or the rights and freedoms of the data subject are not overriding." Further, the Directive explicitly recognizes and provides exceptions to protect important speech and free flow of information interests. The Directive states that where processing is solely for journalistic, artistic or literary purposes, exceptions may apply if they are necessary to reconcile the right to privacy with the rules governing freedom of expression. (Article 9)
Most important for U.S. policy, the Directive prohibits the transfer of personal data to non-Member countries that do not have "adequate levels of protection." The Directive provides that the adequacy of a non-member country's protection "must be assessed in light of all the circumstances surrounding the transfer operation. Particular consideration shall be given to the nature of the data... and the rules of law, both general and sectional, in force, and the professional rules and security measures which are complied with in that country." (Article 25) Further, even where a non-member country's protection is deemed inadequate, the transfer of data may still be acceptable if the data subject has consented, or the transfer is necessary in relation to a contract, the protection of an important public interest, or where the "controller" of the data offers "appropriate safeguards." (Article 26)
The EU Directive has been an external force subtlety driving U.S. policy
makers and industry to examine privacy issues. As its implementation looms
near, industry, privacy advocates, and policy makers alike are attempting
to discern how the Internet should meet the "adequacy" standard.
CDT believes that individual empowerment solutions, along with a continued emphasis on strengthening existing statutes, crafting new laws to protect information on a sector by sector basis, strong enforcement, and prosecution of unfair and deceptive information practices, will advance individual privacy on the Internet -- consistent with the core goals of the EU Directive.
The implementation of individual empowerment technologies that allow individuals to exercise control over information in a simple, effective manner are a means of implementing the core notice and consent requirements of the EU Directive. Through the development of a standard format for expressing information practices and a method for exchanging individual privacy preferences and entities information practices, individual empowerment solutions would assist entities operating on the Internet to meet the notice and consent provisions of the EU Directive in a nearly seamless fashion.
There are a number of factors that should guide attempts to apply the EU Directive to the Internet. First, the global, decentralized nature of the Internet does not easily lend itself to regional regulation. Second, unlike the sectoral approach taken by U.S. policy makers, the EU Directive -- especially when applied to the Internet -- casts a wide net over a very disparate cast of content providers, including the operators of hundreds of thousands of Web sites. Third, the Internet has shown itself to be particularly suited to supporting First Amendment activities and careful attention should be paid not to unintentionally interfere with its ability to support robust speech.
In considering the Directive's application we should be particularly careful of its impact on other core values. For example, the requirement that each data controller register with the "supervisory authority" appears at first to be a useful accountability provision. However, in practice, requiring every individual with a Web site to register with a government authority may have a chilling effect on individual speech and communication. The application of similarly well-intentioned regulations have been found infirm where they may impact on protected First Amendment rights. [ 29 ]
While the impact of applying the entire EU Directive to the Internet raises some concerns, meeting the notice and consent provisions of the EU directive is a goal that is attainable, and one that would advance individual privacy and the democratic potential of the Internet. Currently very few entities operating on the Internet provide individuals with notice of their information practices. Similarly, the consent requirement set out in the Directive, while codified in certain sectors, is not a standard on which the Internet currently operates. The development of statutory protections to fill the many holes in U.S. privacy law is unlikely, and it is clear that current practice on the Internet does not meet the Directive's adequacy standard.
While there are a host of additional factors that will be examined in determining adequacy, we believe that assisting individuals to exercise meaningful, front-end control over the collection, use and disclosure of personal information will bring the Internet in line with the Directive's core mission of advancing individual privacy and support individuals' continued ability to speak and receive information on the Internet.
In the Digital Age, technology can be the individual's ally, not the intrusive,
meglomaniacal villain, it has been in so many other settings. Through technological
mechanisms that put individuals in control of their information by providing
them with notice of companies information practices and real opportunities
to clearly express the method in which they want their information handled,
the Internet can offer individuals the capacity to protect their privacy
while preserving core First Amendment values.
The potential to meet the goals of protecting privacy and speech, and increase child safety through a solution that maximizes individual and parental control should be attractive to privacy advocates, First Amendment advocates and child advocates alike. We have the opportunity to reverse the pattern of using technology to undermine individual privacy. Ensuring that the architecture of the Global Information Infrastructure is designed to support individual empowerment solutions will have a profound effect on individual privacy in the Twenty-first Century.
1. See Turner Broadcasting Syst., Inc. v. FCC, 114 S.Ct. 2445, 2458 (1994).
2. Information privacy incorporates two components -- at times distinct and at times inextricable -- "the right to be let alone " first articulated by Justice Louis Brandeis over a century ago, and the right to control information about oneself, even after divulging it to others, first defined by Professor Alan Westin in Privacy and Freedom.
3. See the writings of Erving Goffman, Edward Blaustein and Julie Inness for more discussion of the societal impact of inadequate privacy.
4. For a discussion of legal theories related to the development of "personhood" and autonomy in society, see Margaret Radin, "Property and Personhood," 34 STANF. L.F. 957 (1982), "The Consequences of Conceptualism," 41 U. MIAMI L.Rev. 239 (1986), "Market-Inalienability," 100 HARV. L.R. 1849 (1987); and Charles Reich, "The New Property," 73 YALE LAW J. 733 (1964), "Beyond the New Property," 56 BROOK. L.R. 731 (1990); "The Liberty Impact of the New Property," 31 WM. & MARY L. REV. 295 (1990).
5. While there is no definitive case finding a constitutional right of information privacy, the Supreme Court acknowledged that such a privacy right exists in Whalen v. Roe.429 U.S. 589 (1977) (upholding a state statute that required doctors to disclose information on individuals taking certain highly addictive prescription drugs for inclusion on a state database) "This information is made available only to a small number of public health officials with a legitimate interest in the information. [Broad] dissemination by state officials of such information, however, would clearly implicate constitutionally protected privacy rights. . . Id. at 606.
However, the "reasonable expectation" standard set out in U.S.. v. Katz , initially hailed as the landmark privacy decision, has consistently been used to permit the use of technology to undermine privacy interests. As technology has advanced, and as societal demands for sensitive personal information have increased, the Court has increasingly circumscribed the "zones" one may justifiably consider private. Subsequent decisions have consistently allowed the circumstances of modern existence to define the "reasonable expectation of privacy." If an intrusion is technically possible, one's expectation of privacy in certain activities is unreasonable.
6. The lack of strong constitutional privacy protection has placed added emphasis on federal and state statutory protections. While statutory privacy protections for personal information have been crafted on a sector by sector basis, many are based on a common set of principles -- The Code of Fair Information Principles . Developed by the Department of Health Education and Welfare in 1973 printed in the Report of the Secretary's Advisory Committee on Automated Personal Data Systems, Records, Computers and the Rights of Citizens, U.S. Dept. of Health, Education & Welfare, July 1973.
7. See recent polls on the public's growing worries over the lack of information privacy, by Louis Harris & Associates, Time/CNN, Mastercard and the American Civil Liberties Union.
8. Deja News is an example of the profiling capacity made available to anyone on the Internet. Through the use of a search engine it is simple to compile all usenet postings of a single indivdiual. While usenet is a public forum, the capacity to at the stroke of a key pull together an indivdiuals words scattered between 1979 and 1996 in potentially thousands of different usenet groups provides a glimpse of the type of profiling that is made inexpensive and practical in this media.
10 See recent polls on the public's growing worries over the lack of information privacy, by Louis Harris & Associates; Time/CNN; Mastercard; and, the American Civil Liberties Union.
11. Margot Williams, Usenet Newsgroups Great for Research, But Watch What You Say, Wash. Post., March 11, 1996, at WashTech; Public Cyberspace, Wash. Post, March 14, 1996, A26; Anne Eisenberg, Privacy and Data Collection on the Net, Scientific American, March 1996, p 120; Mark Powell, Orwellian Snooping, USA Today, April 2, 1996, 13A.
12. DejaNews is a service that organizes all usenet postings into a searchable index by author's name.
13. Cookies is a Netscape feature that assists merchants in tracking users activities at Web sites. See, Joan E. Rigdon, Internet Users Say They'd Rather Not Share Their `Cookies', WSJ, Feb. 14, 1996, B6.
14. McIntyre v. The Ohio Elections Comm., 115 S.Ct. 1511 (1995); NAACP v. Alabama ex rel. Patterson, 357 U.S. 449, 463-65 (1958) (reversing civil contempt judgment against NAACP for failure to turn over membership list).
15. In addition to the Federal Trade Commission's ongoing efforts, The National Information Infrastructure Advisory Council issued its "Privacy and Security-Related Principles" last year, followed by the Inter-agency Information Infrastructure Task Force's Privacy Principles. More recently, the Department of Commerce's NTIA released its report on "Privacy and Telecommunications-Related Data," which concluded that the private sector must implement privacy standards or face a legislative mandate. In addition, Rep. Bob Franks (R-NJ) recently introduced the "Children's Privacy Protection and Parental Empowerment Act," to protect children's privacy.
16. As the recent Department of Commerce report, "Privacy and the NII: Safeguarding Telecommunications-Related Personal Information," concluded: "The promised interactivity of the NII may diminish the need to make a policy choice between opt-in and opt-out. Such interactivity would make it possible for service providers to obtain consent to use transaction-related personal information] from subscribers electronically before any services were rendered." October, 1995 report, p.26.
17. Of course there are instances where the individual's ability to make decisions regarding the flow of personal information may be encumbered. For example, where the government seeks access to personal information on an individual held by a third-party the individual's ability to intervene and exercise control may demand that they receive notice of the request for access. Similarly, in the context of medical treatment, providing individuals with the ability to exercise meaningful control over the flow of personal may require procedures that protect the individual during this moment of vulnerability from rapacious information demands. These settings should be addressed with solutions that assist individuals, or those acting in their stead, to control personal information.
18. Internet users have sent powerful responses to those who have "abused" the Net. Mass emailings typically result in spamming -- tons of angry messages deluging the original sender. Deja News quickly added a mechanism to allow users to flag postings that they did not want archived. Similarly, most "look-up" services on the Net give individuals the opportunity to opt-out via the Net.
19. Support groups on topics ranging from sexual abuse to drug addiction, discussions on political topics from anarchy to Cuba to Newt Gingrich, and pictures and stories of sexual and other fantasies abound on the Internet.
20. After several press stories about DejaNews, a service that organizes all usenet postings into a searchable index by author's name, the company stated that they were instituting a flag that would allow people to notify them that they did not want a particular posting to be archived. This is an example of a limit on subsequent use of information, it is particularly interesting because many users of the Internet would state that usenet postings are public and subject to no reasonable privacy expectation.
21. Community Connexion, an Internet Service Provider, recently debuted the Anonymizer which allows individuals to surf the Internet without revealing transactional data to the Web sites they visit.
22. In addition, software -- similar to products on the market to limit children's access to objectionable content -- could be developed to limit access to sites that have unacceptable information practices.
23. NAACP v. Alabama ex rel. Patterson, 357 U.S. 449, 463-65 (1958) (reversing civil contempt judgment against NAACP for failure to turn over membership list).
24. Lamont v. Postmaster General, 381 U.S. 301 (1965) (invalidating restrictions on the mailing of foreign communist political propaganda).
25. Plaintiffs in ACLU's case challenging the constitutionality of the Communications Decency Act, including EFF, EPIC, and others, made this point quite eloquently. In addition, parental empowerment approach allows children, like all Internet users, to remain relatively anonymous during transactions and interactions on the Internet. This anonymity may help protect them from people who would single children out for harm.
26 .The Directive has been five years in the making, the first draft circulated in the fall, 1990. Earlier drafts of the Directive required non-Member countries to have "equivalent" levels of data protection before personal data could flow from Member countries. An "equivalency" test was considered to be too stringent by many in the private sector. A debate within the EU continues as to how "adequacy" will be measured, and whether, in application, an adequacy test will be lass rigorous than an equivalency standard.
27 As the Directive states in its preamble: " Whereas data processing systems are designed to serve man; whereas they must, whatever the nationality or residence of natural persons, respect their fundamental rights and freedoms, notably the right to privacy, and contribute to economic and social progress, trade expansion, and the well-being of individuals. The Directive relies,in part on the 1980 OECD Data Protection Guidelines, as well as the Council of Europe Convention of 1981 for the Protection of Individuals with Regard to Automatic Processing of Personal Data.
28. The Directive requires that data subjects learn of the existence of a processing operation, where data is collected from the individual, and must be given full and accurate information about the data processing activity.
29. See, NAACP v. Button, 371 U.S. 415 (1963) (holding a provision which prohibited any organization from retaining a lawyer in connection with litigation to which it was not a party invalid as applied to the NAACP's activities).
Posted on June 12, 1997