Category: Privacy (Medical)

Surveillance Man 02
0

10 Reasons Why Privacy Matters

Why does privacy matter? Often courts and commentators struggle to articulate why privacy is valuable. They see privacy violations as often slight annoyances. But privacy matters a lot more than that. Here are 10 reasons why privacy matters.

1. Limit on Power

Privacy is a limit on government power, as well as the power of private sector companies. The more someone knows about us, the more power they can have over us. Personal data is used to make very important decisions in our lives. Personal data can be used to affect our reputations; and it can be used to influence our decisions and shape our behavior. It can be used as a tool to exercise control over us. And in the wrong hands, personal data can be used to cause us great harm.

2. Respect for Individuals

Privacy is about respecting individuals. If a person has a reasonable desire to keep something private, it is disrespectful to ignore that person’s wishes without a compelling reason to do so. Of course, the desire for privacy can conflict with important values, so privacy may not always win out in the balance. Sometimes people’s desires for privacy are just brushed aside because of a view that the harm in doing so is trivial. Even if this doesn’t cause major injury, it demonstrates a lack of respect for that person. In a sense it is saying: “I care about my interests, but I don’t care about yours.”

3. Reputation Management

Privacy enables people to manage their reputations. How we are judged by others affects our opportunities, friendships, and overall well-being. Although we can’t have complete control over our reputations, we must have some ability to protect our reputations from being unfairly harmed. Protecting reputation depends on protecting against not only falsehoods but also certain truths. Knowing private details about people’s lives doesn’t necessarily lead to more accurate judgment about people. People judge badly, they judge in haste, they judge out of context, they judge without hearing the whole story, and they judge with hypocrisy. Privacy helps people protect themselves from these troublesome judgments.

Read More

0

What Is Personally Identifiable Information (PII)? Finding Common Ground in the EU and US

This post was co-authored by Professor Paul Schwartz.

We recently released a draft of our new essay, Reconciling Personal Information in the European Union and the United States, and we want to highlight some of its main points here.

The privacy law of the United States (US) and European Union (EU) differs in many fundamental ways, greatly complicating commerce between the US and EU.  At the broadest level, US privacy law focuses on redressing consumer harm and balancing privacy with efficient commercial transactions.  In the EU, privacy is hailed as a fundamental right that trumps other interests.  The result is that EU privacy protections are much more restrictive on the use and transfer of personal data than US privacy law.

Numerous attempts have been made to bridge the gap between US and EU privacy law, but a very large initial hurdle stands in the way.  The two bodies of law can’t even agree on the scope of protection let alone the substance of the protections.  The scope of protection of privacy laws turns on the definition of “personally identifiable information” (PII).  If there is PII, privacy laws apply.  If PII is absent, privacy laws do not apply.

In the US, the law provides multiple definitions of PII, most focusing on whether the information pertains to an identified person.  In contrast, in the EU, there is a single definition of personal data to encompass all information identifiable to a person.  Even if the data alone cannot be linked to a specific individual, if it is reasonably possible to use the data in combination with other information to identify a person, then the data is PII.

In our essay, Reconciling Personal Information in the European Union and the United States, we argue that both the US and EU approaches to defining PII are flawed.  We also contend that a tiered approach to the concept of PII can bridge the differences between the US and EU approaches.

Read More

0

Harvard Law Review Privacy Symposium Issue

The privacy symposium issue of the Harvard Law Review is hot off the presses.  Here are the articles:

SYMPOSIUM
PRIVACY AND TECHNOLOGY
Introduction: Privacy Self-Management and the Consent Dilemmas
Daniel J. Solove

What Privacy is For
Julie E. Cohen

The Dangers of Surveillance
Neil M. Richards

The EU-U.S. Privacy Collision: A Turn to Institutions and Procedures
Paul M. Schwartz

Toward a Positive Theory of Privacy Law
Lior Jacob Strahilevitz

1

Privacy Self-Management and the Consent Dilemma

I’m pleased to share with you my new article in Harvard Law Review entitled Privacy Self-Management and the Consent Dilemma, 126 Harvard Law Review 1880 (2013). You can download it for free on SSRN. This is a short piece (24 pages) so you can read it in one sitting.

Here are some key points in the Article:

1. The current regulatory approach for protecting privacy involves what I refer to as “privacy self-management” – the law provides people with a set of rights to enable them to decide how to weigh the costs and benefits of the collection, use, or disclosure of their information. People’s consent legitimizes nearly any form of collection, use, and disclosure of personal data. Unfortunately, privacy self-management is being asked to do work beyond its capabilities. Privacy self-management does not provide meaningful control over personal data.

2. Empirical and social science research has undermined key assumptions about how people make decisions regarding their data, assumptions that underpin and legitimize the privacy self-management model.

3. People cannot appropriately self-manage their privacy due to a series of structural problems. There are too many entities collecting and using personal data to make it feasible for people to manage their privacy separately with each entity. Moreover, many privacy harms are the result of an aggregation of pieces of data over a period of time by different entities. It is virtually impossible for people to weigh the costs and benefits of revealing information or permitting its use or transfer without an understanding of the potential downstream uses.

4. Privacy self-management addresses privacy in a series of isolated transactions guided by particular individuals. Privacy costs and benefits, however, are more appropriately assessed cumulatively and holistically — not merely at the individual level.

5. In order to advance, privacy law and policy must confront a complex and confounding dilemma with consent. Consent to collection, use, and disclosure of personal data is often not meaningful, and the most apparent solution – paternalistic measures – even more directly denies people the freedom to make consensual choices about their data.

6. The way forward involves (1) developing a coherent approach to consent, one that accounts for the social science discoveries about how people make decisions about personal data; (2) recognizing that people can engage in privacy self-management only selectively; (3) adjusting privacy law’s timing to focus on downstream uses; and (4) developing more substantive privacy rules.

The full article is here.

Cross-posted on LinkedIn.

1

Exponential Hacks

As All Things Digital Kara Swisher reports, Living Social experienced a significant hack the other day: over 50 million users’ email, dates of birth, and encrypted passwords were leaked into the hands of Russian hackers (or so it seems). This hack comes on the heels of data breaches at LinkedIn and Zappos. That the passwords were encrypted just means that users better change their passwords and fast because in time the encryption can be broken. A few years ago, I blogged about the 500 million mark of personal data leaked. Hundreds of millions seems like child’s play today.

This raises some important questions about what we mean when we talk about personally identifiable information (PII). Paul Schwartz and my co-blogger Dan Solove have done terrific work helping legislators devise meaningful definitions of PII in a world of reidentification. Paul Ohm is currently working on an important project providing a coherent account of sensitive information in the context of current data protection laws. Is someone’s password and date of birth sensitive information deserving special privacy protection? Beyond the obvious health, credit, and financial information, what other sorts of data do we consider sensitive and why? Answers to these questions are crucial to companies formulating best practices, the FTC as  it continues its robust enforcement of privacy promises and pursuing deceptive practices, and legislators considering private sector privacy regulations of data brokers, as in Senator John Rockefeller’s current efforts.

1

“Brain Spyware”

As if we don’t have enough to worry about, now there’s spyware for your brain.  Or, there could be.  Researchers at Oxford, Geneva, and Berkeley have created a proof of concept for using commercially available brain-computer interfaces to discover private facts about today’s gamers. Read More

4

Fortune’s Bones: Is There Dignity after Death?

In 1995 Gunther von Hagens presented his Body Worlds exhibit, described as a collection of real human bodies that have been “plastinated” to prevent their decay and make them more malleable. Some of these plastinated bodies were cut open to reveal their inner organs and then positioned in lifelike poses. The exhibit toured the world and was wildly popular.

Body Worlds also generated some criticism. Canadian social scientist, Lawrence Burns, argued that “some aspects of the exhibit violated human dignity.” (7(4): 12-23 Amer. J. Bioethics 2007)  Although touted as an educational experience Burns and others worried that the bodies were being used as “resources to make money from the voyeurism of the general public.” A key concern was that the bodies were denied burial and that this was a dignitary affront. Burns conceded, however, that the concept of human dignity as applied to deceased individuals is unclear.

I started to think about whether there is dignity after death and, if so, what are its parameters, when I read a news article from the New Haven Register, about the skeleton of an enslaved man that was being studied by the anthropology faculty and students at Quinnipiac University prior to burial.

The enslaved man who died in the 1798 (slavery was not abolished in Connecticut until 1848), was named Fortune. At the time of his death Fortune was the human chattel of a Waterbury Connecticut physician who upon Fortune’s death boiled his body to remove the flesh keeping his skeleton to study human anatomy. Fortune’s body remained unburied and was on display as late as 1970 at the Mattatuck Museum where until recently it was still housed. Read More

4

New Edition of Solove & Schwartz’s Privacy Law Fundamentals: Must-Read (and Check out the Video)

Privacy leading lights Dan Solove and Paul Schwartz have recently released the 2013 edition of Privacy Law Fundamentals, a must-have for privacy practitioners, scholars, students, and really anyone who cares about privacy.

Privacy Law Fundamentals is an essential primer of the state of privacy law, capturing the up-to-date developments in legislation, FTC enforcement actions, and cases here and abroad.  As Chief Privacy Officers like Intel’s David Hoffman and renown privacy practitioners like Hogan’s Chris Wolf and Covington’s Kurt Wimmer agree, Privacy Law Fundamentals is an “essential” and “authoritative guide” on privacy law, compact and incredibly useful.  For those of you who know Dan and Paul, their work is not only incredibly wise and helpful but also dispensed in person with serious humor.  Check out this You Tube video, “Privacy Law in 60 Seconds,” to see what I mean.  I think that Psy may have a run for his money on making us smile.

0

Prohibitions on Egg and Sperm Donor Anonymity and the Impact on Surrogacy

Egg and sperm donations are an integral part of the infertility industry. The donors are usually young men and women who donate relying on the promise of anonymity. This is the norm in the United States. But, internationally things are changing. A growing number of countries have prohibited egg and sperm donor anonymity. This usually means that when the child who was conceived by egg or sperm donation reaches the age of eighteen he can receive the identifying information of the donor and meet his genetic parent.

An expanding movement of commentators is advocating a shift in the United States to an open identity model, which will prohibit anonymity. In fact, last year, Washington state adopted the first modified open identity statute in the United States. Faced by calls for the removal of anonymity, an obvious cause for concern is how would prohibitions on anonymity affect people’s willingness to donate egg and sperm. Supporters of prohibitions on anonymity argue that they only cause short-term shortages in egg and sperm supplies. However, in a study I published in 2010, I showed that unfortunately that does not seem to be the case. My study examined three jurisdictions, which prohibited donor gamete anonymity: Sweden, Victoria (an Australian state) and the United Kingdom. It showed that all these jurisdictions share dire shortages in donor gametes accompanied by long wait-lists. The study concluded that although prohibitions on anonymity were not the sole cause of the shortages, these prohibitions definitely played a role in their creation.

In a new article, titled “Unintended Consequences: Prohibitions on Gamete Donor Anonymity and the Fragile Practice of Surrogacy,” I examine the potential effect of the adoption of prohibitions on anonymity in the United States on the practice of surrogacy. Surrogacy has not been part of the international debate on donor gamete anonymity. But the situation in the United States is different. Unlike most foreign jurisdictions that adopted prohibitions on anonymity, the practice of surrogacy in the United States is particularly reliant on donor eggs because of the unique legal regime governing surrogacy here.  Generally, there are two types of surrogacy arrangements: traditional surrogacy and gestational surrogacy. In a traditional surrogacy arrangement the surrogate’s eggs are used and she is the genetic mother of the child, while in gestational surrogacy the intended mother’s eggs or a donor’s eggs are used and the surrogate is not the genetic mother of the conceived child. Most U.S. states that expressly allow surrogacy provide legal certainty only to gestational surrogacy, which relies heavily on donor eggs, while leaving traditional surrogacy in a legal limbo. Without legal certainty, the intended parents may not be the legal parents of the conceived child, and instead the surrogate and even her husband may become the legal parents. Infertility practitioners endorse the legal preference for gestational surrogacy also for psychological reasons, believing that a surrogate who is not genetically related to the baby is less likely to change her mind and refuse to hand over the baby.

The adoption of prohibitions on anonymity in the United States could destabilize the practice of surrogacy in a way that did not occur in other countries that adopted these prohibitions. If, as has happened elsewhere, prohibitions on anonymity will play a role in creating shortages in donor egg supplies in the United States, this could affect the practice of surrogacy in two ways. Individuals seeking surrogacy may need to resort to traditional surrogacy, which does not rely on donor eggs, with the accompanying legal uncertainty. Alternatively, those deterred by the uncertainty enveloping traditional surrogacy may refrain from seeking surrogacy altogether, resulting in a significant contraction of  the practice of surrogacy in the United States. These potential complications suggest that those supporting the adoption of prohibitions on anonymity in the United States, should consider these changes with great caution and think beyond the traditional debate about the privacy of the donors, the privacy and procreational interests of the intended parents, the best interests of the children and the direct effect on gamete supplies.

 

0

Volume 60, Issue 1 (October 2012)

Volume 60, Issue 1 (October 2012)


Articles

Not This Child: Constitutional Questions in Regulating Noninvasive Prenatal Genetic Diagnosis and Selective Abortion Jaime Staples King 2
A Labor Paradigm for Human Trafficking Hila Shamir 76
Prosecutors Hide, Defendants Seek: The Erosion of Brady Through the Defendant Due Diligence Rule Kate Weisburd 138


Comments

Trade Dress Protection for Cuisine: Monetizing Creativity in a Low-IP Industry Naomi Straus 182
What Happens in the Jury Room Stays in the Jury Room . . . but Should It?: A Conflict Between the Sixth Amendment and Federal Rule of Evidence 606(b) Amanda R. Wolin 262