Last week hundreds of privacy regulators, corporate officers, and activists gathered in Jerusalem, Israel for the annual Data Protection and Privacy Commissioner Conference. My weekly technology law column (Toronto Star version, homepage version) notes the conference theme focused on the perception of a growing privacy divide between generations, with older and younger demographics seemingly adopting sharply different views on the importance of privacy.
Many acknowledged that longstanding privacy norms are being increasingly challenged by the massive popularity of social networks that encourage users to share information that in a previous generation would have never been made publicly available for all the world to see. Moreover, rapid technological change and the continuous evolution of online sites and services create enormous difficulty for regulators unaccustomed to moving at Internet speed.
Given these changes, the conference asked participants to question whether privacy norms are at a breaking point with conventional laws, regulations, and principles rendered irrelevant in the face of the generational and technological shift.
The response from many participants - both privacy experts and those studying online youth - was that privacy remains an important value. Recent studies in the United States and New Zealand both found that people want it all: robust, interactive social networks and privacy protection.
Experts pointed to two explanations to reconcile the desire to be openly online and maintain privacy. First, they noted that online social networks are merely social spaces that replicate what we commonly do socially offline including chatting with friends, gossiping with co-workers, and connecting with family. In the offline world, these activities rarely raise privacy concerns since sharing photos or discussing recent activities is not perceived to be a privacy issue. Once those activities move online, the privacy implications can become dramatically different.
Bringing offline social activities to the online environment raise a host of issues, including the notion of "collapsed context." In the offline world, we interact with many different groups, such as friends, family, and co-workers, with conversations and information sharing that differs for each. In online social networks, the context for those different conversations is collapsed into a single space. Moreover, the information from online social networks never disappears and the context for a photograph, video or conversation from years earlier is often lost.
Second, privacy experts argued that social media companies make it too difficult for users to protect their privacy by establishing open privacy settings as the default. Facebook and other social media sites give users the ability to adjust those settings, yet over the past few years the default settings have steadily pushed users toward greater openness leaving hundreds of millions of users with the open privacy settings that Facebook selected for them.
Pursuing the twin goals of greater openness and protecting personal privacy may seem like an impossibility, but at least three strategies to address both desires emerged from the discussions. First, there is a need to focus on default settings by ensuring that they err on the side of greater privacy. Users should be free to make their information as openly available as they wish, but guarding against inadvertently exposing a photo, video, or embarrassing comment requires default settings that enshrine privacy as the norm.
Second, education is needed on the implications of privacy, social networks, and sharing information online. Online social network offer tremendous opportunities to mirror and extend our offline networks, yet many users have yet to fully grapple with differences and the potential implications.
Third, there is still a role for regulation and the law. Although it will invariably lag behind the rapid pace of technology, it is important for companies to understand the legal limits on collecting, using, and disclosing personal information and for users to know that the law stands ready to assist them if those rules are violated.
By Michael Geist, Chair of Internet and E-commerce Law. Visit the blog maintained by Michael Geist here.
Related topics: Law, Policy & Regulation, Privacy, Web
To post comments, please login or create an account.
Top-Level DomainsSponsored byMinds + Machines | |
MobileSponsored bydotMobi | |
DNS SecuritySponsored byAfilias | |
IPv6Sponsored byNominum | |
SecuritySponsored byVerisign | |
DNSSponsored byNeustar UltraDNS |
Interesting post. I liked the concept of "collapsed context."
Personally I don't share anything very personal online, and I still get a lot of value from social media. Others may feel differently, and as long as its their decision, no harm no foul.
Law enforcement should focus on deliberately deceptive practices, and demographic harvesting that has nothing to do with an individual choosing to share PII.