Trapped in My Mobility: Privacy by Design orAnother Catchphrase for Privacy Lock-in Mihaela Popescu Lemi Baruh
Privacy By Design?• Two legal frameworks – FTC Privacy Framework (March 2012) – EU Proposed Reforms to Data Protection Directive of 1995• Privacy by Design (Ann Cavoukian) – Incorporation of privacy concerns to every stage of digital product development – Compete on the basis of privacy. – Simplify consumer choice (give the ability to the consumer to limit the original party to the transaction from sharing data with a thir
Premise• Exclusive focus on privacy as data control• Alternatives?
Captive audience• Justice Douglas, 1952: Situation when audiences have no choice but to listen to a message forced upon them.• Captive audiences are audiences without funtional opt-out mechanisms to aviod situations of coercive communication.
Captive audience (cont)• Power differential between communicators and audiences: –messages “thrust upon” observers –“a verbal assault” –“inflame the sensibilities” – speakers “force [their] message” –attention is “bludgeoned”
Captive audience (cont)• “particular situations where people are particularly subject to unjust and intolerable harassment and coercion” (Balkin, 1999)• Coercive situation• Incurred costs for exit
Captive audience audiences w/o functional opt-out mechanisms to avoid situations ofcoercive communication
Functional opt-out mechanismsused under agreed-upon expectations of privacywithout significant costs
1. Contextual marketing as coercive communication?
“Marketing to a segment of one”• FTC: Individual autonomy=data autonomy – Informed consent over data collection• Corporate rhetoric: Desired communication=better customization
Contextual marketing• Location + personal history + social filters + life event triggers – “The old buying model [asked about customers] When did I buy last? What did I buy? And how much did I buy?…Now, its about, Where am I at the moment? What is it that Im purchasing right now? And with whom am I conversing at that moment?” (Gary S. Laben, KBM Group)
Privacy of choice• Is contextual marketing coercive communication?• “autonomy trap” (Zarsky 2004); Threat to autonomy of choice.• Imagine for example a Bride to be waiting in line at the Filenes Basement
Privacy as a market product• FTC: “standardize the format and the terminology used in privacy statements so that consumers can compare the data practices of different companies and exercise choices based on privacy concerns, thereby encouraging companies to compete on privacy.”
Switching costs• Lock-ins (Shapiro & Varian, 1999): – Financial – Legal – Technological – Time investment… – Social investiment (Sal Humphrey from the morning section)• Customization: durable lock-ins,
Disincentives for privacy• Lock-ins=“sticky” relationships between users and mobile platforms• Lock-ins are disincentives for better privacy (Bonneau & Preibusch, 2010, 2011)
Impact of FTC market logic• No attempt to break privacy lock- ins• Outcome: incentives for horizontally integrated companies to standardize privacy policies across all their services
Impact of market logic (cont)• Increased opt-out costs• Onus on consumers to identify comparable services with friendlier privacy policies
Summary of Privacy by Design• Limited view of user choice• Limited user control over communication boundaries• Increases user opt-out costs
Principles• Restore user control over communicative interaction rather than data• Define “privacy modes” for mobile devices• Design recognizable signals• Enforce “privacy modes” - Integrate information about data practices with choice.