Archive for the ‘Privacy’ Category
Neil Richards on Why Video Privacy Matters
posted by Danielle Citron
Our guest blogger Neil Richards, a Professor of Law at Washington University School of Law, turns his sights on video privacy in this guest blog post. It whets our appetite for his forthcoming book on Intellectual Privacy. So here is Professor Richards’s post:
The House of Representatives recently passed an amendment to a fairly obscure a law known as the Video Privacy Protection Act. This law protects the privacy of our video rental records. It ensures that companies who have information about what videos we watch keep them confidential, and it requires them to get meaningful consent from us before they publish them. The House, at the urging of Netflix and Facebook, has passed an amendment that would allow these companies to share our movie watching habits much more easily. The Video Privacy Act was passed after the Washington City Paper obtained the video rental records of Supreme Court nominee Robert Bork and published them in order to politically discredit him. It worked. The Video Privacy Act rests on the enduring wisdom that what we watch is our own business, regardless of our politics. It allows us to share films we’ve watched on our own terms and not those of video stores or online video providers.
What’s at stake is something privacy scholars call “intellectual privacy” – the idea that records of our reading habits, movie watching habits, and private conversations deserve special protection from other kinds of personal information. The films we watch, the books we read, and the web sites we visit are essential to the ways we make sense of the world and make up our minds about political and non-political issues. Intellectual privacy protects our ability to think for ourselves, without worrying that other people might judge us based on what we read. It allows us to explore ideas that other people might not approve of, and to figure out our politics, sexuality, and personal values, among other things. It lets us watch or read whatever we want without fear of embarrassment or being outed. This is the case whether we’re reading communist or anti-globalization books; or visiting web sites about abortion, gun control, cancer, or coming out as gay; or watching videos of pornography, or documentaries by Michael Moore, or even “The Hangover 2.”
For generations, librarians have understood this. Libraries were the Internet before computers – they presented the world of reading to us, and let us as patrons read (and watch) freely for ourselves. But librarians understood that intellectual privacy matters. A good library lets us read freely, but keeps our records confidential in order to safeguard our intellectual privacy. But we are told by Netflix, Facebook, and other companies that the world has changed. “Sharing” as they call it is the way of the future. I disagree. Sharing can be good, and sharing of what we watch and read is very important. But the way we share is essential. Telling our friends “hey – read this – it’s important” or “watch this movie – it’s really moving” is one of the great things that the Internet has made easier. But sharing has to be done on our terms, not on those that are most profitable for business. Sharing doesn’t mean a norm of publishing everything we read on the Internet. It means giving us a conscious choice about when we are sharing our intellectual habits, and when we are not.
Industry groups are fond of saying that good privacy practices require consumer notice and consumer choice. The current Video Privacy Act is one of the few laws that does give consumers meaningful choice about protecting their sensitive personal information. Now is not the time to cut back on the VPPA’s protections. Now is the time to extend its protections to the whole range of intellectual records – the books we buy, our internet search histories, and ISP logs of what we read on the Internet. As a first step, we should reject this attempt to eviscerate our intellectual privacy.
January 4, 2012 at 11:42 am
Posted in: Legal Theory, Privacy, Privacy (Consumer Privacy), Web 2.0
Print This Post
No Comments
Secure Identities on the Internet
posted by Frank Pasquale
Katharine Gelber offers a thoughtful review of The Offensive Internet in the Australian Review. (David Levine conducted an interview with the book’s editors, Martha Nussbaum and Saul Levmore, available here.) I contributed an essay to this volume, and I found both the other essays in it and the conference it was based on very illuminating. As Gelber notes,
Anyone who believes the Internet to be exclusively, or even primarily, a site for the democratisation of the media or a mechanism to enhance participation in public discourse needs to read this book. This outstanding collection tackles the dark side of the Internet, its use by ‘cyber mobs’, liars, aggressive misogynists and purveyors of hate to distribute their views largely with impunity, while their targets suffer the consequences of this predominantly unregulated arena for speech. . . .
January 2, 2012 at 11:36 am
Posted in: Civil Rights, Culture, Current Events, Privacy, Technology
Print This Post
No Comments
More on the Student Data Grab
posted by Daniel Solove
Here’s another piece critiquing the Education Department’s student data grab. I am a bit dismayed that this story has barely received coverage from the mainstream media or much general concern by the public. Many privacy advocacy organizations have been very quiet about it. I think that these developments are quite troublesome — they are a George W. Bush-esque endeavor, but this time, the reaction is largely ho-hum. It shouldn’t be.
December 30, 2011 at 9:19 pm
Posted in: Education, Privacy
Print This Post
No Comments
Data Security in Healthcare: Some Startling Statistics
posted by Daniel Solove
A new report by the Ponemon Institute reveals some startling statistics about data security in healthcare:
The frequency of data breaches among organizations in this study has increased 32 percent from the previous year. In fact, 96 percent of all healthcare providers say they have had at least one data breach in the last two years. Most of these were due to employee mistakes and sloppiness—49 percent of respondents in this study cite lost or stolen computing devices and 41 percent note unintentional employee action. Another disturbing cause is third-party error, including business associates, according to 46 percent of participants.
There is a lot more alarming information in the report.
Self-interest alert: I provide privacy and data security programs to healthcare institutions.
December 30, 2011 at 9:12 pm
Posted in: Privacy, Privacy (Medical)
Print This Post
No Comments
Posting about Patients on Social Media Sites
posted by Daniel Solove
An increasing problem is caused when medical personnel post details about patients on their social media websites. From Daily News:
Providence Holy Cross Medical Center officials are investigating an employee who allegedly posted a patient’s medical information on his Facebook page, apparently to make fun of the woman and her medical condition.
According to a printout of the Facebook page obtained by the Daily News, the employee displayed a photo of a medical record listing the woman’s name and the date she was admitted, and posted the comment: “Funny but this patient came in to cure her VD and get birth control.”
Providence officials said the employee was provided by a staffing agency.
An interesting fact in this article is that most healthcare institutions lack policies for employee use of social media:
Only about a third of all hospitals are believed to have specific policies in place regarding patient information and social media sites, such as Facebook and Twitter, according to published reports.
I expect this to change in the next few years.
Hat Tip: Pogo Was Right
December 30, 2011 at 9:06 pm
Posted in: Privacy, Privacy (Gossip & Shaming), Privacy (Medical)
Print This Post
No Comments
The Year in Privacy Books 2011
posted by Daniel Solove
Here’s a list of notable privacy books published in 2011.
Previous lists:
| Saul Levmore & Martha Nussbaum, eds., The Offensive Internet (Harvard 2011)
This is a great collection of essays about the clash of free speech and privacy online. I have a book chapter in this volume along with Martha Nussbaum, Cass Sunstein, Brian Leiter, Danielle Citron, Frank Pasquale, Geoffrey Stone, and many others. |
|
| Daniel J. Solove, Nothing to Hide: The False Tradeoff Between Privacy and Security (Yale 2011)
Nothing to Hide “succinctly and persuasively debunks the arguments that have contributed to privacy’s demise, including the canard that if you have nothing to hide, you have nothing to fear from surveillance. Privacy, he reminds us, is an essential aspect of human existence, and of a healthy liberal democracy—a right that protects the innocent, not just the guilty.” — David Cole, New York Review of Books |
|
| Jeff Jarvis, Public Parts: How Sharing in the Digital Age Improves the Way We Work and Live (Simon & Schuster 2011)
I strongly disagree with a lot of what Jarvis says, but the book is certainly provocative and engaging. |
|
| Daniel J. Solove & Paul M. Schwartz, Privacy Law Fundamentals (IAPP 2011)
“A key resource for busy professional practitioners. Solove and Schwartz have succeeded in distilling the fundamentals of privacy law in a manner accessible to a broad audience.” – Jules Polonetsky, Future of Privacy Forum |
|
| Eli Pariser, The Filter Bubble (Penguin 2011)
An interesting critique of the personalization of the Internet. We often don’t see the Internet directly, but through tinted goggles designed by others who determine what we want to see. |
|
| Siva Vaidhyanathan, The Googlization of Everything (U. California 2011)
A vigorous critique of Google and other companies that shape the Internet. With regard to privacy, Vaidhyanathan explains how social media and other companies encourage people’s sharing of information through their architecture — and often confound people in their ability to control their reputation. |
|
| Susan Landau, Surveillance or Security? The Risk Posed by New Wiretapping Technologies (MIT 2011)
A compelling argument for how designing technologies around surveillance capabilities will undermine rather than promote security.
|
|
| Kevin Mitnick, Ghost in the Wires (Little Brown 2011)
A fascinating account of the exploits of Kevin Mitnick, the famous ex-hacker who inspired War Games. His tales are quite engaging, and he demonstrates that hacking is often not just about technical wizardry but old-fashioned con-artistry. |
|
| Matt Ivester, lol . . . OMG! (CreateSpace 2011)
Ivester created Juicy Campus, the notorious college gossip website. After the site’s demise, Ivester changed his views about online gossip, recognizing the problems with Juicy Campus and the harms it caused. In this book, he offers thoughtful advice for students about what they post online. |
|
| Joseph Epstein, Gossip: The Untrivial Pursuit (Houghton Mifflin Harcourt 2011)
A short engaging book that is filled with interesting stories and quotes about gossip. Highly literate, this book aims to expose gossip’s bad and good sides, and how new media are transforming gossip in troublesome ways. |
|
| Anita Allen, Unpopular Privacy (Oxford 2011)
My blurb: “We live in a world of increasing exposure, and privacy is increasingly imperiled by the torrent of information being released online. In this powerful book, Anita Allen examines when the law should mandate privacy and when it shouldn’t. With nuance and thoughtfulness, Allen bravely tackles some of the toughest questions about privacy law — those involving the appropriate level of legal paternalism. Unpopular Privacy is lively, engaging, and provocative. It is filled with vivid examples, complex and fascinating issues, and thought-provoking ideas.” |
|
| Frederick Lane, Cybertraps for the Young (NTI Upstream 2011)
A great overview of the various problems the Internet poses for children such as cyberbullying and sexting. This book is a very accessible overview for parents. |
|
| Clare Sullivan, Digital Identity (University of Adelaide Press 2011)
Australian scholar Clare Sullivan explores the rise of “digital identity,” which is used for engaging in various transactions. Instead of arguing against systematized identification, she sees the future as heading inevitably in that direction and proposes a robust set of rights individuals should have over such identities. This is a thoughtful and pragmatic book, with a great discussion of Australian, UK, and EU law. |
December 29, 2011 at 11:12 pm
Posted in: Articles and Books, Book Reviews, Privacy, Privacy (Consumer Privacy), Privacy (Electronic Surveillance), Privacy (Gossip & Shaming), Privacy (ID Theft), Privacy (Law Enforcement), Privacy (Medical)
Print This Post
No Comments
The Student Data Grab
posted by Daniel Solove
There’s a good editorial in the NY Post today about the big data grab the Education Department is facilitating with student data. I blogged about this issue a short while ago at the Huffington Post.
According to the op-ed:
Would it bother you to know that the federal Centers for Disease Control had been shown your daughter’s health records to see how she responded to an STD/teen-pregnancy-prevention program? How about if the federal Department of Education and Department of Labor scrutinized your son’s academic performance to see if he should be “encouraged” to leave high school early to learn a trade? Would you think the government was intruding on your territory as a parent?
Under regulations the Obama Department of Education released this month, these scenarios could become reality. The department has taken a giant step toward creating a de facto national student database that will track students by their personal information from preschool through career. Although current federal law prohibits this, the department decided to ignore Congress and, in effect, rewrite the law. Student privacy and parental authority will suffer.
How did it happen? Buried within the enormous 2009 stimulus bill were provisions encouraging states to develop data systems for collecting copious information on public-school kids. To qualify for stimulus money, states had to agree to build such systems according to federally dictated standards. So all 50 states either now maintain or are capable of maintaining extensive databases on public-school students.
The administration wants this data to include much more than name, address and test scores. According to the National Data Collection Model, the government should collect information on health-care history, family income and family voting status. In its view, public schools offer a golden opportunity to mine reams of data from a captive audience.
December 29, 2011 at 9:26 pm
Posted in: Education, Privacy
Print This Post
No Comments
Two New Cases Regarding NSA Surveillance
posted by Daniel Solove
The 9th Circuit has decided a pair of cases involving the NSA Surveillance Program.
In Jewel v. NSA, the 9th Circuit concluded that plaintiffs had standing to raise constitutional challenges against NSA telephone surveillance:
At issue in this appeal is whether Carolyn Jewel and other residential telephone customers (collectively “Jewel”) have standing to bring their statutory and constitutional claims against the government for what they describe as a communications dragnet of ordinary American citizens. In light of detailed allegations and claims of harm linking Jewel to the intercepted telephone, internet and electronic communications, we conclude that Jewel’s claims are not abstract, generalized grievances and instead meet the constitutional standing requirement of concrete injury.
In In re NSA Telecommunications Litigation, the 9th Circuit held that § 802 of the Foreign Intelligence Surveillance Act (“FISA”), 50 U.S.C. § 1885a (the FISA Amendments
Act) is constitutional. The Act retroactively immunized telecommunication companies for cooperating with the NSA.
December 29, 2011 at 9:20 pm
Posted in: Privacy, Privacy (Electronic Surveillance), Privacy (Law Enforcement), Privacy (National Security)
Print This Post
One Comment
What Were the Biggest Privacy Developments and Issues of 2011?
posted by Daniel Solove
Here is EFF’s view. And here is a survey by Privacy Camp. What are your thoughts?
December 29, 2011 at 3:05 am
Posted in: Privacy
Print This Post
No Comments
New Record Possibly Set for Sending an Accidential Email
posted by Daniel Solove
The New York Times may have set a new record for sending an accidental email. There are tales of email being sent out organization-wide, but nothing on the scale of what the New York Times just did. An email meant for 300 people was sent to 8 million. Oops!
December 29, 2011 at 3:00 am
Posted in: Humor, Privacy
Print This Post
2 Comments
Do Computer “Unlawful Access” Laws Exempt Improperly Accessing a Spouse’s Account?
posted by Daniel Solove
Short answer: No. This case got considerable media attention and outrage when it was first reported. A man accessed his wife’s email without her consent. They were separated. He was charged with violating the Michigan’s computer unlawful access law, MCL 752.795, which is similar to the federal Computer Fraud and Abuse Act (CFAA). Now a court of appeals has rejected the spouse’s argument. From the Detroit Free Press:
A Rochester Hills man charged with a 5-year felony for reading his wife’s e-mail pledged today to take the matter to the state’s highest court after a lower court refused to dismiss the charge.
In a written opinion released this morning, the Michigan Court of Appeals rule that Leon Walker should proceed to trial on charges that he gained unlawful access to his then-wife Clara Walker’s Gmail account in the summer of 2009.
His 2010 arrest prompted widespread outrage and a national debate about computer privacy in the marital home. But in today’s decision, the three-member appellate panel said Michigan’s computer hacking law has “no spousal exception,” and the law as written applies to Walker’s case. The judges also noted discussions in Michigan’s legislature to amend the law to exclude spouses.
“However, unless and until such legislation occurs, this court is left with the statute as written,” the court said.
The opinion is here. From the opinion:
Second, there was evidence that defendant acted without authorization when he accessed his estranged wife’s Gmail account. Defendant’s wife testified that her Gmail account was a personal account and that she never shared her passwords for the account with defendant or granted him permission to access the account. Further, she allowed defendant to use her computer only when it needed a repair. Defendant admitted to the police that he accessed his wife’s Gmail account by guessing her password. These facts support a reasonable inference that defendant lacked authorization for his access of his wife’s Gmail account.
It seems to me that spouses should not be given special exemptions to hack into each other’s accounts. Breaking into one’s private accounts is a violation no matter who does it. Even spouses are entitled to have private accounts and things, and the law should protect them.
December 29, 2011 at 2:54 am
Posted in: Criminal Law, Privacy, Privacy (Electronic Surveillance)
Print This Post
2 Comments
Surveillance, For Your Benefit?
posted by Danielle Citron
Bloomberg Businessweek reports on retailers’ use of camera surveillance to glean intelligence from shoppers’ behavior. A company called RetailNext, for instance, runs its software through a store’s security camera video feed to analyze customer behavior. It describes itself as the “leader in real-time in-store monitoring, enabling retailers and manufacturers to collect, analyze and visualize in-store data.” According to the company, it “uses best-in-class video analytics, on-shelf sensors, along with data from point-of-sale and other business systems, to automatically inform retailers about how people engage in their stores.” RetailNext’s software can integrate data from hardware such as RFID chips and motion sensors to track customers’ movements. The company explains that it “tracks more than 20 million shoppers per month by collecting data from more than 15,000 sensors in retail stores.” Its service apparently helps stores figure out where to place certain merchandise to boost sales. T-Mobile uses similar technology from another firm 3VR, whose software tracks how people move around their stores, how long they stand in front of displays, and which phones they pick up and for how long. 3VR is testing facial-recognition software that can identify shoppers’ gender and approximate age. Businessweek explains that the “software would give retailers a better handle on customer demographics and help them tailor promotions.” What we are seeing is, according to 3VR’s CEO, just “scratching the surface as someday “you’ll have the ability to measure every metric imaginable.”
Indeed. Little imagination is needed to predict the future in light of our present. As Joseph Turow‘s important new book The Daily You: How the New Advertising Industry Is Defining Your Identity and Worth (Yale University Press) explores, data collection and analysis of individuals is breathtaking. In the name of better, more relevant advertising and marketing efforts, companies like Acxiom have databases teeming with our demographic data (age, gender, race, ethnicity, address, income, marital status), interests, online and offline spending habits, and heath status based on our purchases and online comments (diabetic, allergy sufferer, and the like). Consumers are sorted into categories such as “Corporate Clout,” “Soccer and SUV,” “Mortgage Woes,” and “On the Edge.” eXelate gathers online data of over 200 million unique individuals per month through deals with hundreds of sites: their demographics, social activities, and social networks. Advertisers can add even more data to eXelate’s cookies– data from Nielsen, which includes Census Bureau data, as well as data brokers’ digital dossiers. Data firms like Lotame track the comments that people leave on sites and categorize them. Now, let’s consider weaving in facial recognition software and retailer cameras of companies like 3VR and RetailNext. And to really top things off, let’s think about linking all of this data to cellphone location information. The surveillance of networked spaces would be totalizing.
Turow’s book exposes important costs of these developments. This post will discuss a few–hopefully, I can have Professor Turow on for a Bright Ideas feature. This sort of targeting and hyper surveillance leaves many with far more narrow options and with social discrimination. Marketers use these databases to determine if Americans are worthy “targets” or not-worth-bothering with “waste.” For the “Soccer and SUV” moms between 35 and 45 who live in the West Coast and want to buy a small car, car companies may offer them serious discounts via online advertisements and e-mail. But their “On the Edge” counterparts get left in the cold with higher prices–why bother trying to attract people who don’t pay their debts? All of this sorting encourages media to offer soft stories designed to meet people’s interests, as secretly determined by those gathering and analyzing our networked lives. This discussion brings to mind to another important read: Julie Cohen‘s Configuring the Networked Self: Law, Code, and the Play of Everyday Practice (Yale University Press). As Professor Cohen thoughtfully explores, this sort of surveillance has a profound impact on the creative play of our everyday lives. It creates hierarchies among those watched and systematizes difference. I’ll have lots more to say about Cohen’s take on our networked society more generally, soon. In March, we will be hosting an online symposium on her book–much to look forward to in the new year.
December 25, 2011 at 4:15 pm
Posted in: Architecture, Privacy, Privacy (Consumer Privacy), Privacy (Medical), Social Network Websites, Technology
Print This Post
No Comments
The Roberts Court’s Bad Romance
posted by Frank Pasquale
Recently a coalition of Missouri payday lenders implied “that standing up for high-interest-rate lenders is somehow analagous to the acts of the ‘poor people who followed Dr. King and walked with him hundreds of miles because they believed in civil rights that much.’” Because we all know that liberty means little if you’re not free to take a loan out at 444% APR.
In The Irony of Free Speech, Owen Fiss warned that the language of the First Amendment would lose its emancipatory potential as courts used it to gut progressive legislation. In a recent essay in Democracy Journal, Jedediah Purdy confirms those fears. His thoughts on last term’s Sorrell v. IMS Health are particularly incisive on the topic of commercial speech, which the Court appears ready to radically rethink:
Read the rest of this post »
December 21, 2011 at 11:01 pm
Posted in: First Amendment, Privacy
Print This Post
8 Comments
FTC v. Santa
posted by Daniel Solove
Jeff Jarvis has this humorous piece about the FTC vs. Santa:
Federal Trade Commission Chairman Jon Leibowitz today announced a record fine against Santa Claus for violations of the Children’s Online Privacy Protection Act.
“Mr. Claus has flagrantly violated children’s privacy, collecting their consumer preferences for toys and also tracking their behavior so as to judge and maintain a data base of naughtiness and niceness,” Leibowitz said. “Worse, he has tied this data to personally identifiable information, including any child’s name, address, and age. He has solicited this information online, in some cases passing data to third parties so they may fulfill children’s wishes. According to unconfirmed reports, he has gone so far as to invade children’s homes in the dead of night. He has done this on a broad scale, unchallenged by government authorities for too long.”
I also heard that DHS has called for the arrest of Santa for flying over restricted airspace. The FBI is seeking his records about those who are naughty. The TSA is upset that he bypassed security screening. Meanwhile, his reindeer are being charged with cyberbullying Rudolf. And he’s in trouble with the NLRB for his restrictive social media policy forbidding his elves from blogging about their low pay and inability to unionize. . . .
December 20, 2011 at 10:23 pm
Posted in: Humor, Privacy, Privacy (Consumer Privacy), Privacy (Electronic Surveillance), Privacy (Gossip & Shaming)
Print This Post
2 Comments
Student Privacy in Peril
posted by Daniel Solove
Over at the Huffington Post, I have a short piece about the growing problems with student data. Here’s the opening:
In October, personal financial data — including social security numbers, loan repayment histories and bank-routing numbers – of thousands of college students was exposed on the Department of Education’s (ED) direct loan website. For seven minutes, anyone surfing the direct loan website could find personal information about students who had borrowed from the Department of Education.
In and of itself, this data security breach is quite alarming, but it is even more so considering the aggressive data gathering efforts ED is spearheading. For example, the ED’s changes to the Family Educational Rights and Privacy Act (FERPA) regulations will provide the government with greater powers to gather and use longitudinal data about students to track their performance over time.
December 19, 2011 at 3:38 pm
Posted in: Education, Privacy
Print This Post
No Comments
Gamifying Control of the Scored Self
posted by Frank Pasquale
Social sorting is big business. Bosses and bankers crave “predictive analytics:” ways of deciding who will be the best worker, borrower, or customer. Our economy is less likely to reward someone who “builds a better mousetrap” than it is to fund a startup which will identify those most likely to buy a mousetrap. The critical resource here is data, the fossil fuel of the digital economy. Privacy advocates are digital environmentalists, worried that rapid exploitation of data either violates moral principles or sets in motion destructive processes we only vaguely understand now.*
Start-up fever fuels these concerns as new services debut and others grow in importance. For example, a leader at Lenddo, “the first credit scoring service that uses your online social network to assess credit,” has called for “thousands of engineers [to work] to assess creditworthiness.” We all know how well the “quants” have run Wall Street—but maybe this time will be different. His company aims to mine data derived from digital monitoring of relationships. ITWorld headlined the development: “How Facebook Can Hurt Your Credit Rating”–”It’s time to ditch those deadbeat friends.” It also brought up the disturbing prospect of redlined portions of the “social graph.”
There’s a lot of value in such “news you can use” reporting. However, I think it misses some problematic aspects of a pervasively evaluated and scored digital world. Big data’s fans will always counter that, for every person hurt by surveillance, there’s someone else who is helped by it. Let’s leave aside, for the moment, whether the game of reputation-building is truly zero-sum, and the far more important question of whether these judgments are fair. The data-meisters’ analytics deserve scrutiny on other grounds.
Read the rest of this post »
December 19, 2011 at 3:21 pm
Posted in: Political Economy, Privacy, Social Network Websites, Sociology of Law
Print This Post
One Comment
Should Teachers Be Banned from Communicating with Students Online?
posted by Daniel Solove
Increasingly, states and school districts are struggling over how to deal with teachers who communicate with students online via social network websites. One foolish way to address the issue is via strict bans, such as a law passed in Missouri earlier this year that attempted to ban teachers from friending students on social network websites. Such laws are likely violations of the First Amendment right to freedom of speech and association, and I blogged at the Huffington Post that the law was unconstitutional. Soon thereafter, a court quickly struck down the law.
The NY Times now has an article out about the challenges in crafting social media policies for teacher-student interaction, noting that “stricter guidelines are meeting resistance from some teachers because of the increasing importance of technology as a teaching tool and of using social media to engage with students.”
There are a number of considerations that schools should think about when crafting a social media policy:
1. The policy should account for the fact that there are legitimate reasons for students and teachers to communicate online. A teacher might be related to a student, and certainly a law or policy shouldn’t ban parents from friending their children. Or a teacher might be a godparent to a child or a close family friend or related in some way.
2. One middle-ground approach is to require parental consent whenever a teacher wants to friend a minor student online. This greater transparency will address the cases where teachers might have inappropriate communication with minors.
3. Clear guidelines about appropriate teacher expression should be set forth, so teachers know what things will be inappropriate to say. Teachers need to learn about their legal obligations of confidentiality, as well as avoiding invasions of privacy, defamation, harassment, threats, and other problematic forms of speech.
4. When teachers use social network sites in the classroom — or otherwise use blogs and online posting as a teaching device — they should exercise great care, especially when requiring minors to express themselves publicly online. I’ve seen some class blogs, where students are asked to post reactions to reading or write online journals. Making students post their views and opinions to the public, especially at such a young age, strikes me as a problematic practice. The Children’s Online Privacy Protection Act (COPPA) would protect minors under the age of 13, but teachers should be sensitive to minors 13 and older too. No minor student should be required to post any personal information or class assignment on a publicly-accessible website without the student’s consent and the parent’s consent. And all websites that involve student personal information have a privacy policy.
5. Education is key. I’ve read about a lot of cases involving improper social media use by educators, and they often stem from a lack of awareness. Teachers think they can say nearly anything and it will be protected by the First Amendment. The First Amendment law actually gives schools a lot of leeway in disciplining educators for what they say, and educators can also be sued by those whom they write about. Educators often think that if they post something anonymously, then it is okay or they can get away with it — but anonymity online is often a mirage, and comments can readily be traced back to the speaker. And educators often set the privacy settings on social media sites incorrectly. They don’t spend enough time learning the ins and outs of the privacy settings. These are actually quite tricky — even rocket scientists have trouble figuring them out.
December 17, 2011 at 9:40 pm
Posted in: Privacy, Privacy (Gossip & Shaming), Social Network Websites
Print This Post
3 Comments
New Edition of Information Privacy Law Casebooks
posted by Daniel Solove
The new edition of my casebook, Information Privacy Law (4th edition) (with Paul M. Schwartz) is hot off the presses. And there’s a new edition of my casebook, Privacy, Information, and Technology (3rd edition) (with Paul M. Schwartz). Copies should be sent out to adopters very soon. If you’re interested in adopting the book and are having any difficulties getting a hold of a copy, please let me know.
You also might be interested in my concise guide to privacy law, also with Paul Schwartz, entitled Privacy Law Fundamentals. This short book was published earlier this year. You can order it on Amazon or via IAPP. It might make for a useful reference tool for students.
![]() |
![]() |
![]() |
December 13, 2011 at 1:31 am
Posted in: Articles and Books, Privacy, Privacy (Consumer Privacy), Privacy (Electronic Surveillance), Privacy (Gossip & Shaming), Privacy (ID Theft), Privacy (Law Enforcement), Privacy (Medical), Privacy (National Security)
Print This Post
No Comments
Updating Video Privacy or Gutting It?
posted by Danielle Citron
The video rental business is among a few sectors of the U.S. economy with strong federal limits on the collection and sharing of consumer data. Under the Video Privacy Protection Act, which was passed in 1988, “video tape service providers” generally are not permitted to share a consumer’s video usage information without “the informed, written consent of the consumer given at the time the disclosure is sought.” VPPA also prohibits companies from retaining personal information beyond the period prompting its initial collection. Companies like Blockbuster ran afoul of VPPA by sharing its users’ rental information with social network contacts, without their consent, and by retaining personal information, including credit card numbers, of users who canceled their accounts. In September, Facebook began making it easier for millions of U.S. customers to effortlessly share, via a new timeline, more of their online activities, such as the music they’re enjoying and the articles they’re reading. Left off the timeline: the details of the movies they’re renting–due to VPPA’s requirement that consumers explicitly consent at the time of disclosure. Thus began Netflix’s renewed lobbying efforts to amend VPPA, so that Facebook users could automatically share their Netflix rental activity without requiring their rental-by-rental consent.
Those efforts have begun to pay off. The House recently passed a bill, H.R. 2471, which would amend VPPA to makes clear that “informed, written consent” may be obtained electronically using the Internet. Such consent must be obtained distinctly and separate from any other legal or financial terms that are presented to consumers. Representative Goodlatte stated in his remarks on the House floor that the bill maintains an opt-in consent requirement. H.R. 2471 also addresses what it means that consent must be obtained from a consumer “at the time the disclosure is sought.” If adopted, the bill would make clear that consumers may provide their consent to information-sharing in advance of a disclosure, so long as such consent may be withdrawn by the consumer. So a Facebook user’s one-time grant of approval, opt-in style, would permit the automatic sharing of video-rental activity, that is until the user changed his or her mind and opted out. On one view, the amendment is dismantling the high water mark for consumer privacy protection. Marc Rotenberg, executive director of the Electronic Privacy Information Center, explained to the New York Times that Congress isn’t “trying to modernize the law,” it is “trying to gut the law.” At stake, he argued, is not the ostensible sharing of a person’s video viewing history, but rather the larger issue of meaningful consent. On an another, the Center on Democracy and Technology’s Director on the Consumer Privacy Project Justin Brookman sees the amendment’s insistence on separate notice and consent for the opt-in sharing of video information as sufficiently protective of consumer privacy. He argues that “if people want to tell all their friends every single thing they watch without the bother of clicking “Okay” each time, that should be their prerogative.” As Brookman explains, although the VPPA amendment doesn’t compromise consumer privacy, CDT “would feel stronger about the bill if it offered some benefit to consumers who don’t plan to take advantage of automatic sharing, such as by clarifying that the law applies to online streaming of movies — something that wasn’t envisioned when the VPPA was passed in 1988. More broadly, there’s a lot more consumer interest in generally improving privacy protections to make sure they understand what data is being collected and used about them, and to give them stronger controls around that data.” Chris Wolf, co-chair of the Future of Privacy and director of Hogan Lovells’ privacy practice, agrees that if consumers want to share their video choices with others in the way they now can share their music and reading preferences, they should be able to do so.
Rotenberg is spot on in his larger concern about meaningful consent. I’ve long been a notice skeptic — people tend not to read privacy policies and don’t understand them if they do. But that’s not to say that notice can’t be done right. The VPPA isn’t all bad–it demands that sharing permission be given separately from other legal or financial terms. Ryan Calo‘s important work on the flaws of notice regimes across various areas points to the potential for design to address those concerns. If notice can be done right, then the notion of privacy as control may not be illusory. And if CDT has its way in its important work supporting various proposed privacy laws, consumers may in the future be able to better understand what companies collect about them and have greater controls over collection practices. Yet what remains is a nagging feeling that notice and choice regimes can’t do it all, that some lines need to be drawn on the kinds of personal data that ought to be collected. Perhaps the collection cat is already out of the bag, and so we need to remain focused on providing protections related to use and distribution. I’m looking forward to getting my copy of the Brooking Institute’s volume on Constitution 3.0 co-edited by Jeff Rosen (who had a fabulous interview with NPR’s Terry Gross on the book): Orin Kerr has an interesting chapter on the promise of disclosure restrictions. But nonetheless minimizing data collection is something that may be of crucial importance, especially in an era when we feel more and more comfortable gauging privacy protections on what people want. So often, people’s rationality is indeed bounded when it comes to privacy. They don’t truly understand the long-term implications of their consent — and it might be impossible even for the most sophisticated consumers.
December 11, 2011 at 8:57 am
Posted in: Politics, Privacy, Privacy (Consumer Privacy)
Print This Post
No Comments
FTC Facial Recognition Event
posted by Daniel Solove
Today, I’ll be speaking at Face Facts: A Forum on Facial Recognition Technology, an event organized by the FTC.
Here’s the agenda.
The event will be webcast here.
December 8, 2011 at 1:44 am
Posted in: Conferences, Privacy, Privacy (Electronic Surveillance), Privacy (Law Enforcement), Privacy (National Security)
Print This Post
No Comments















