Ira Rubinstein of NYU's Information Law Institut has written Big Data: The End of Privacy or a New Beginning? Here's the abstract:
“Big data” refers to novel ways in which organizations, including government and businesses, combine diverse digital data sets and then use statistics and other data mining techniques to extract from them both hidden information and surprising correlations. While big data promises significant economic and social benefits, it also raises serious privacy concerns. In particular, big data challenges the Fair Information Practices (FIPs) as embodied in various privacy laws including the EU Data Protection Directive. This past January, the European Commission released a proposal to reform and replace the Directive by adopting a new Regulation. In this paper, I argue that this Regulation relies too heavily on the discredited informed choice model, and therefore fails to fully engage with the coming big data tsunami. My contention is that when this advancing wave arrives, it will so overwhelm the core privacy principles of informed choice and data minimization on which the Directive rests that reform efforts alone will prove inadequate. Rather, an adequate response must combine legal reform with encouragement of new business models premised on consumer empowerment and supported by a personal data ecosystem. This new business model is important for two reasons: first, existing business models have proven time and again that privacy regulation is no match for them. Businesses inevitably collect and use more and more personal data, and while consumers realize many benefits in exchange, there is little doubt that businesses, not consumers, control the market in personal data with their own interests in mind. Second, a new business model, which I describe in this paper, promises to stand processing of personal data on its head by shifting control over both the collection and use of data from firms to individuals. This “control shift” — and this alone — stands a chance of making the FIPs efficacious by giving individuals the capacity to benefit from big data and hence the motivation to learn about and control how their data is collected and used, while also enabling businesses to profit from a new breed of services that are both data-intensive and imbued with privacy values.
Meanwhile, Chris Jay Hoofnagle and of Jennifer M. Urban, both of Berkeley, and Su Li of Berkely's Center for the Study of Law and Society have produced Privacy and Modern Advertising: Most US Internet Users Want 'Do Not Track' to Stop Collection of Data about their Online Activities for the 2012 Amsterdam Privacy Conference. Here's the abstract:
Most Americans have not heard of 'Do Not Track,' a proposal to allow Internet users to exercise more control over online advertising. However, when probed, most prefer that Do Not Track block advertisers from collecting data about their online activities. This is a much more privacy-protective approach for Do Not Track than what has been proposed by the advertising industry.
In previous studies, we have found that Americans think they are protected by strong online privacy laws. Here, we probed beliefs about tracking on medical websites and 'free' websites, with most not able to answer true/false questions correctly about tracking. This result brings into question notice-and-choice models that depend on consumer understanding of the terms for their legitimacy.
We also probed Internet users' attitudes towards advertising. Most Internet users say that they do not find utility in online advertising, with half claiming that they never click on ads.
Advertisers and consumers are at an impasse on privacy. Advertisers seem to be seeking a kind of total information awareness for behavioral advertising, and have proposed self-regulatory guidelines with little bite. At the same time, both our survey evidence and media reports show consumer opposition to tracking.
Do Not Track has emerged from the current skirmish between consumers and advertisers, but it is a relatively modest intervention that does little to shift the underlying incentives that have driven increasing tracking and aggregation of information about consumers. It is foreseeable that regardless of the form Do Not Track takes, websites will simply require consumers to disable it in order to access content. A fundamental change in incentives may be necessary to relieve this impasse and find an approach for advertising that is not so dependent upon third-party tracking and aggregation of information, both online and off.
I think there is still much room for privacy in this data filled word. Data protection becomes a large part of this. Keeping unwanted elements aware from your data is key. As we learn to live with these technologies more I feel these securities paired with people better understanding what they should not be doing with personal data and information will get better
Readers may also be interested in the Harvard Law Review’s Symposium on Privacy & Technology, taking place this Friday, Nov. 9, in Cambridge. The schedule and papers are available at http://www.harvardlawreview.org/privacy-symposium.php and the event is open to the public.