Privacy and the Internet Professor Peter P. Swire Ohio State University National Press Foundation...
-
Upload
gabriella-pollard -
Category
Documents
-
view
221 -
download
3
Transcript of Privacy and the Internet Professor Peter P. Swire Ohio State University National Press Foundation...
![Page 1: Privacy and the Internet Professor Peter P. Swire Ohio State University National Press Foundation February 14, 2001.](https://reader033.fdocuments.net/reader033/viewer/2022061306/55147e90550346b0158b56c7/html5/thumbnails/1.jpg)
“Privacy and the Internet”
Professor Peter P. Swire
Ohio State University
National Press Foundation
February 14, 2001
![Page 2: Privacy and the Internet Professor Peter P. Swire Ohio State University National Press Foundation February 14, 2001.](https://reader033.fdocuments.net/reader033/viewer/2022061306/55147e90550346b0158b56c7/html5/thumbnails/2.jpg)
Do People Care About Privacy?
90 percent of Americans say they have “lost all control” over their personal information
WSJ poll 9/99
![Page 3: Privacy and the Internet Professor Peter P. Swire Ohio State University National Press Foundation February 14, 2001.](https://reader033.fdocuments.net/reader033/viewer/2022061306/55147e90550346b0158b56c7/html5/thumbnails/3.jpg)
Overview The Clinton Administration and privacy This year
![Page 4: Privacy and the Internet Professor Peter P. Swire Ohio State University National Press Foundation February 14, 2001.](https://reader033.fdocuments.net/reader033/viewer/2022061306/55147e90550346b0158b56c7/html5/thumbnails/4.jpg)
The Clinton Administration
Supported self-regulation generally Sensitive categories deserve legal protection
– Medical & Genetic– Financial– Children’s Online
Government should lead by example Chief Counselor for Privacy
![Page 5: Privacy and the Internet Professor Peter P. Swire Ohio State University National Press Foundation February 14, 2001.](https://reader033.fdocuments.net/reader033/viewer/2022061306/55147e90550346b0158b56c7/html5/thumbnails/5.jpg)
Internet Privacy
Quantity of policies– 15% to 66% to 88% from 1998 to 2000
Quality of policies– Seek continued improvement on choice, access
& security Enforcement if company breaks its privacy
promise– Unfair and deceptive trade practice
![Page 6: Privacy and the Internet Professor Peter P. Swire Ohio State University National Press Foundation February 14, 2001.](https://reader033.fdocuments.net/reader033/viewer/2022061306/55147e90550346b0158b56c7/html5/thumbnails/6.jpg)
Internet Sectors
Individual Reference Services Group (1998)– Look up services code of conduct– Limits on distribution of SSNs
Network Advertising Initiative (2000)– Special sensitivity when a 3d party, unknown to
user, compiles information Safe Harbor for transfers with E.U. (2000)
– Self-regulation as a core achievement
![Page 7: Privacy and the Internet Professor Peter P. Swire Ohio State University National Press Foundation February 14, 2001.](https://reader033.fdocuments.net/reader033/viewer/2022061306/55147e90550346b0158b56c7/html5/thumbnails/7.jpg)
Children’s Online Privacy Protection Act of 1998 FTC rules took effect 4/00 Web sites targeted at under 13s Key is “verifiable parental consent”
![Page 8: Privacy and the Internet Professor Peter P. Swire Ohio State University National Press Foundation February 14, 2001.](https://reader033.fdocuments.net/reader033/viewer/2022061306/55147e90550346b0158b56c7/html5/thumbnails/8.jpg)
Medical Records Privacy
HIPAA 1996 called for legislation by 8/99 President announced proposed regs 10/99 Over 52,000 submissions of comments Final rules 12/00 Administration decision by February 26
![Page 9: Privacy and the Internet Professor Peter P. Swire Ohio State University National Press Foundation February 14, 2001.](https://reader033.fdocuments.net/reader033/viewer/2022061306/55147e90550346b0158b56c7/html5/thumbnails/9.jpg)
Medical Records (cont.)
Fair information practices– Notice– Patient choice– Access– Security– Enforcement
![Page 10: Privacy and the Internet Professor Peter P. Swire Ohio State University National Press Foundation February 14, 2001.](https://reader033.fdocuments.net/reader033/viewer/2022061306/55147e90550346b0158b56c7/html5/thumbnails/10.jpg)
Medical -- Who is Covered?
“Covered entities”– Providers– Plans– Clearninghouses
Business associates Online/offline neutrality
![Page 11: Privacy and the Internet Professor Peter P. Swire Ohio State University National Press Foundation February 14, 2001.](https://reader033.fdocuments.net/reader033/viewer/2022061306/55147e90550346b0158b56c7/html5/thumbnails/11.jpg)
Financial Privacy
Title V of Gramm-Leach-Bliley– Notice– Opt-out 3d parties– Enforcement
Online/offline neutrality President Clinton called for greater
protections last year
![Page 12: Privacy and the Internet Professor Peter P. Swire Ohio State University National Press Foundation February 14, 2001.](https://reader033.fdocuments.net/reader033/viewer/2022061306/55147e90550346b0158b56c7/html5/thumbnails/12.jpg)
Government as a Model
Government web sites– Privacy policies at major sites– Presumption against cookies
Computer security Coordination & oversight mechanisms
![Page 13: Privacy and the Internet Professor Peter P. Swire Ohio State University National Press Foundation February 14, 2001.](https://reader033.fdocuments.net/reader033/viewer/2022061306/55147e90550346b0158b56c7/html5/thumbnails/13.jpg)
Government computer security
Good security is necessary for privacy– Weak security allows access to tax records, criminal
investigative files, etc.– Good security helps stop hackers and other
unauthorized users Good security is not sufficient for privacy
– What can an authorized user do with the data?– Post it to the Internet?– Privacy policies govern authorized users
![Page 14: Privacy and the Internet Professor Peter P. Swire Ohio State University National Press Foundation February 14, 2001.](https://reader033.fdocuments.net/reader033/viewer/2022061306/55147e90550346b0158b56c7/html5/thumbnails/14.jpg)
Coordination & oversight
Coordination -- Chief Counselor position 3/99
Must become aware of issues before you can affect them-- “clearance”
Alert decisionmakers before problems become public
No announcement on Bush approach
![Page 15: Privacy and the Internet Professor Peter P. Swire Ohio State University National Press Foundation February 14, 2001.](https://reader033.fdocuments.net/reader033/viewer/2022061306/55147e90550346b0158b56c7/html5/thumbnails/15.jpg)
II. This Year
Fair information practices and Internet Privacy
Notice– Some favor notice only– Can do with technology, such as P3P– Less strict -- no other requirements– More strict -- a new law more likely later
![Page 16: Privacy and the Internet Professor Peter P. Swire Ohio State University National Press Foundation February 14, 2001.](https://reader033.fdocuments.net/reader033/viewer/2022061306/55147e90550346b0158b56c7/html5/thumbnails/16.jpg)
Choice
The biggest debate so far Opt out
– Customer gets choice– But opt out may be hard to find on web page– Maybe “spyware” and no one to give notice
![Page 17: Privacy and the Internet Professor Peter P. Swire Ohio State University National Press Foundation February 14, 2001.](https://reader033.fdocuments.net/reader033/viewer/2022061306/55147e90550346b0158b56c7/html5/thumbnails/17.jpg)
Choice (cont.)
Opt in– Strong privacy protection– Forces web site to explain why sharing is good– But, how do small sites find customers?
Robust opt out– Possible compromise
![Page 18: Privacy and the Internet Professor Peter P. Swire Ohio State University National Press Foundation February 14, 2001.](https://reader033.fdocuments.net/reader033/viewer/2022061306/55147e90550346b0158b56c7/html5/thumbnails/18.jpg)
Access
Like FOIA -- check on abuse “Reasonable” access
– Cost matters Some exceptions
– Information about other persons– Trade secrets and proprietary
![Page 19: Privacy and the Internet Professor Peter P. Swire Ohio State University National Press Foundation February 14, 2001.](https://reader033.fdocuments.net/reader033/viewer/2022061306/55147e90550346b0158b56c7/html5/thumbnails/19.jpg)
Access (cont.)
Access only to decisional information– Credit reports– Medical records
Access to all information– Psychographic information– Every memo in the company
Target marketing– Decisional?– Proprietary?
![Page 20: Privacy and the Internet Professor Peter P. Swire Ohio State University National Press Foundation February 14, 2001.](https://reader033.fdocuments.net/reader033/viewer/2022061306/55147e90550346b0158b56c7/html5/thumbnails/20.jpg)
Security
Good security in layers– Hardware– Software– Personnel policies
Hard to measure Law focuses on notice of security? Detailed regs on security? Must update anti-virus at least once a week?
![Page 21: Privacy and the Internet Professor Peter P. Swire Ohio State University National Press Foundation February 14, 2001.](https://reader033.fdocuments.net/reader033/viewer/2022061306/55147e90550346b0158b56c7/html5/thumbnails/21.jpg)
Enforcement
FTC new powers State AGs to help Private right of action?
![Page 22: Privacy and the Internet Professor Peter P. Swire Ohio State University National Press Foundation February 14, 2001.](https://reader033.fdocuments.net/reader033/viewer/2022061306/55147e90550346b0158b56c7/html5/thumbnails/22.jpg)
Enforcement (cont.)
What role for TRUSTe, BBBOnline?– Safe harbor in COPPA– Multiplies enforcement resources– Teams enforcement with consulting– Privatizes enforcement– Target for EU pressure
![Page 23: Privacy and the Internet Professor Peter P. Swire Ohio State University National Press Foundation February 14, 2001.](https://reader033.fdocuments.net/reader033/viewer/2022061306/55147e90550346b0158b56c7/html5/thumbnails/23.jpg)
Other Internet Privacy Issues
Preemption In favor:
– Same web site sells to all 50 states– Possibly inconsistent state laws
Opposed:– The big reason for industry to accept legislation– Financial and engine for continued change– Don’t place ceiling on “human rights”
![Page 24: Privacy and the Internet Professor Peter P. Swire Ohio State University National Press Foundation February 14, 2001.](https://reader033.fdocuments.net/reader033/viewer/2022061306/55147e90550346b0158b56c7/html5/thumbnails/24.jpg)
Other Issues (cont.)
Customer lists in bankruptcy– Toysmart case
Law enforcement access to Internet records Extend to offline, too?
– Leary -- consistency requires it– But, ready to regulate each corner store?
![Page 25: Privacy and the Internet Professor Peter P. Swire Ohio State University National Press Foundation February 14, 2001.](https://reader033.fdocuments.net/reader033/viewer/2022061306/55147e90550346b0158b56c7/html5/thumbnails/25.jpg)
Concluding thoughts
Many flows are good in Information Age, but not all flows are good
Self-regulation has been central to date Treat sensitive data more carefully, subject to
legal protections where appropriate Will political system insist on Internet
legislation? In closing, a common sense test:
![Page 26: Privacy and the Internet Professor Peter P. Swire Ohio State University National Press Foundation February 14, 2001.](https://reader033.fdocuments.net/reader033/viewer/2022061306/55147e90550346b0158b56c7/html5/thumbnails/26.jpg)
President Clinton, at Aspen Institute:
“Do you have privacy policies you can be proud of? Do you have privacy policies you would be glad to have reported in the media?”
If so, your policies are far more likely to survive, and help your organization prosper, in the information age.