Law in the Internet Society

View   r3  >  r2  ...
AnjaKongSecondEssay 3 - 22 Jan 2020 - Main.AnjaKong
Line: 1 to 1
 
META TOPICPARENT name="SecondEssay"
Line: 11 to 11
 In this course, we have talked about how it is frankly unbelievable that the current expectation is that consumers should be responsible for safeguarding their own privacy. How can users even do so within a framework that has been created to profit off of our personal information? Additionally, even if a user is ignorant to the infringement of their privacy rights and its true cost or apathetic to those consequences, does that justify current practices? Because companies benefit from consumer ignorance and apathy, they cannot be trusted or expected to truly care about their users’ privacy rights. For those who care about their privacy and seek to restrain the proliferation, sale, and use or abuse of their personal information, the burden of doing so becomes gargantuan.
Changed:
<
<
Regulations like the GPDR and CCPA that shift the burden onto companies seem to be a step in the right direction. Through my work at my externship, however, I have witnessed how the flaws in these regulations have put a disproportionate burden on small businesses and medium enterprises. My externship placement was at a large retailer that collected customer data for their business purposes, which includes marketing and analytics. During the course of my externship, I learned a lot about what type of data they collected, how they used it, and the different vendors that they contracted with to accomplish their business purposes. Most were very innocuous, used for things like email marketing and customer recordkeeping. But there were a few that were a little scarier from a privacy viewpoint, such as the vendor that allowed the company to record sessions of a customer using the website, linked to an IP address—and thus, very likely, an identity.
>
>
Regulations like the GPDR and CCPA that seek to protect consumers by shifting the burden onto companies seem to be a step in the right direction, but ultimately are misguided – they aim to force pro-privacy practices on a passive public using a framework wherein the emphasis is on what the data collectors do with consumers’ private data, rather than on stopping or controlling collection in the first instance. Additionally, Tthrough my work at my externship, however, I have witnessed how the flaws in these regulations have put a disproportionate burden on small businesses and medium enterprises. My externship placement was at a large retailer that collected customer data for their business purposes, which includes marketing and analytics. During the course of my externship, I learned a lot about what type of data they collected, how they used it, and the different vendors that they contracted with to accomplish their business purposes. Most were very innocuous, used for things like email marketing and customer recordkeeping. But there were a few that were a little scarier from a privacy viewpoint, such as the vendor that allowed the company to record sessions of a customer using the website, linked to an IP address—and thus, very likely, an identity.
 Of course, the purpose for which the company used this vendor and this technology was an innocent one. The company uses the recordings to figure out what issues users are having with the company website so that the IT team could fix and improve the website. User-submitted complaints and reviews were not enough for the team to understand or replicate problems; recordings made the problems clear, and thus more easily able to be fixed. But without context (and frankly, even with context), this technology is creepy. And this technology is certainly being used by others with not-so-innocent purposes. Given this, it becomes apparent that current privacy regulations are focused on the wrong actors.

This is something that I’ve come to realize over the semester. The instructors and guest speakers I’ve learned from in my other classes come from private sector backgrounds. They acknowledge that privacy issues are extremely important and are similarly disturbed by the headline scandals, like Cambridge Analytica. But they are more comfortable with leaving the burden on the individual consumer to take control over their personal information and privacy. For those I’ve encountered outside of this class whose day jobs are focused on the nitty-gritty of complying with the GDPR and CCPA, these privacy regulations are onerous, costly, and misguided.

Changed:
<
<
Now at the end of the semester, though I am much more educated and experienced in these issues than I was at the beginning, I find myself more on the fence than before. If asked at the beginning of the semester, I would have wholeheartedly agreed that this burden of protecting individual privacy rights should be placed on those who stand to profit from the collection, use, and sale of personal information. Unglamorously, this opinion arose partly out of a belief that this was the morally right way that things should be carried out and partly out of my own complacency with how things are and thus reluctance to actively protect myself or change my internet usage behavior. Today, while I still believe that regulation and enforcement is needed, I find myself sympathizing with the average business (not data behemoths like Facebook or Google). I am also more active in reigning in the presence of my own personal information, for example by using a VPN as a default rather than only in specific instances. As much as I believe the burden for this should be on the system and not on the individual, I find myself taking increasing steps to protect my privacy because the system is so flawed. It’s ironic that those who believe in protecting their privacy and take steps to do so are in some way relieving the system of that burden and thus enabling it to stay the way it is.
>
>
If asked at the beginning of the semester, I would have argued that this burden of protecting individual privacy rights should be placed wholly on those who stand to profit from the collection, use, and sale of personal information. Unglamorously, this opinion arose partly out of a belief that this was the morally right way that things should be carried out and partly out of my own complacency with how things are and thus reluctance to actively protect myself or change my internet usage behavior. Today, while I still believe that regulation and enforcement is needed, I find myself sympathizing with the average business (not data behemoths like Facebook or Google) that have been disproportionately affected by existing regulation. Also, I am also more active in reigning in the presence of my own personal information, for example by using a VPN as a default rather than only in specific instances. I’m more careful about what information I’m giving away when I sign up for services and about monitoring my subscriptions to have my information deleted once I no longer need the service. As much as I believe the burden for this should be on the system and not on the individual, I find myself taking increasing steps to protect my privacy because the system is so flawed. It’s ironic that those who believe in protecting their privacy and take steps to do so are in some way relieving the system of that burden and thus enabling it to stay the way it is.

Evidently, current methods are not effective in curbing the attack on individual privacy. A solution to this dilemma is in pro-privacy public policy that both educates consumers and supports the creation of accessible technologies that empower consumers to protect themselves. While I have had the fortune to become more educated in thinking about my privacy rights and how to protect them, most do not have the same opportunity. In fact, most are not aware at all of alternatives to services that infringe on privacy; without awareness of these issues and alternatives, there are not enough incentives or resources to develop and improve such alternatives; and so on, perpetuating the current framework. To break out of this cycle, i.e. to support the proliferation of information and development of alternative, pro-privacy systems and services, the support of public policy is imperative.

 

Added:
>
>
[Comments from Prof. Moglen on first draft:]
  This a stronger draft than either of the drafts of the previous essay, reflecting the education process that you are also describing.

The central metaphor of this analysis is "on the fence." Implicitly, that assumes there are two possible outcomes and a line between. Not surprisingly, this turns out to be the land of laissez-faire and the land of too much regulation, with a fence in between. Also not surprisingly, this is neither intellectually satisfying nor reflective of your personal behavior, as you show.


Revision 3r3 - 22 Jan 2020 - 03:26:11 - AnjaKong
Revision 2r2 - 12 Jan 2020 - 10:33:48 - EbenMoglen
This site is powered by the TWiki collaboration platform.
All material on this collaboration platform is the property of the contributing authors.
All material marked as authored by Eben Moglen is available under the license terms CC-BY-SA version 4.
Syndicate this site RSSATOM