Online data privacy has been in the spotlight for a variety of reasons over the past year, from Facebook’s privacy settings to the government subpoenaing WikiLeaks data, but before Congress, regulators or courts can give any legal clarity to the issue, they need to answer some fundamental questions about what area of law even applies. A panel on data privacy earlier this week at the Consumer Electronics Show laid out the broad spectrum issues that need to be determined before any meaningful attempts at institutional reform can really get underway, among them: the question of whether online privacy is a matter of personal property or of human rights.
Rep. Marsha Blackburn (R-Tenn.) kicked off the discussion, explaining that Congress is looking seriously at regulating online consumer privacy, but that it still needs to figure out what exactly it means by data privacy, what exactly it wants to regulate, and how to balance interests between protecting consumers and protecting emerging commerce. Determining the latter two should be relatively easy — those are the questions inherent in any lawmaking process — but answering the first question could be a struggle.
The crux of the issue is whether or not someone’s online persona is an extension of themselves — as Marc Davis, a partner architect in Microsoft’s (s msft) online services division, believes — or just a collection of bits that can be bartered away for access to free email or a social network. Davis sees the issue of data privacy as nothing less than defining what it means to be a person in a digital world. Beyond just storing and mining data, there are questions about who has rights to publish readily available public data about individuals, and what it means to have digital identities that individuals might not even create, and that will live on after their deaths.
Fred Carter, senior adviser to Ontario’s Office of Information and Privacy commissioner, boiled it down to an issue about how we characterize personal data. Whereas the U.S. government and citizens tend to view data as a property issue (i.e., we own our data and we’ll do with it what we please), the rest of the world views it as a human rights issue (i.e., there are defined limits to what web companies can and cannot do with our data). That’s a big distinction, because although we can contract away property rights, basic human rights always remain.
Often times, consumers are the ones that get burned by this distinction. As Electronic Frontier Foundation Senior Staff Attorney Marcia Hoffman pointed out, website terms of service are non-negotiable, which puts consumers in a weak position. If they want to use a service, they agree to the terms. Period. As long as Americans and the law treat personal data as property, sites like Facebook can essentially grant themselves whatever rights they please to our data so long as we sign up, and companies like Google (s goog) can collect whatever they please as we pass through its expansive web presence.
It seems like the ideal solution is to find a middle ground: a way to preserve the freedom that comes along with property rights in data while placing limits on how we can convey those rights, or the methods by which we can do so. U.S. citizens, high on individual rights, likely want to keep the idea of their information being their property, but they need a say in the negotiation over how it’s used, other than deciding whether or not to use a web service. The FTC has ideas about how to regulate data collection online, and the Department of Commerce has suggested an online Bill of Rights, of sorts, but Congress has some deep thinking to do about what type of issue data privacy actually is before it can think about regulation.
Image courtesy of Flickr user PinkMoose.
Related content from GigaOM Pro (sub. req’d):