Computers, Privacy & the Constitution

Background

In the last class on PartFour I proposed the idea of regulating forgetting, forcing data keepers to sunset data. Eben raised First Amendment issues with that proposal, which I think are compelling. However, there may be other sorts of information practices which could be mandated through regulation on government and third parties that may not raise such concerns and that would be useful for providing some protection against losing our identity to those who aggregate information about our lives. Perhaps we can use this space to think of a set of information practices that we would like to see codified, and discuss whether this is a worthwhile exercise at all.

Proposals

To start us off, in 1973 the US Department of Health, Education and Welfare released a code of fair information practices. See, Simson Garfinkel, Database Nation 13 (2000). The code had five tenants:

  • There should be no secret databanks.
  • There must be a procedure for a person to access their record.
  • The data should not be disseminated without the person's consent.
  • There must be a procedure for a person to correct misinformation.
  • There should be a responsibility imposed on organizations to ensure the accuracy of the data.

Another resource could be the Fair Credit Reporting Act.

-- JustinColannino - 15 Feb 2009


It seems to me that a number of the fair information practices (and the equivalent EU privacy scheme) run smack into first amendment concerns when applied to private parties (as opposed to the government):

(1) There should be no secret databanks and (2) There must be a procedure for a person to access their record -- we're not normally in the business of forcing people to reveal everything they may or may not know about other people. Isn't this a massive privacy invasion in itself?

(2) The data should not be disseminated without the person's consent -- this is a clear limitation on the content of a private party's speech

(4) There must be a procedur for a person to correct misinformation -- lots of case law about the unconstitutionality of analogous proposals for rights of reply to newspaper editorials, etc. Traditional 1st Amendment theory is that misleading speech should be countered by correcting speech, but noone is required to provide you with a forum (at their expense).

(5) There should be a responsibility imposed on organizations to ensure the accuracy of the data -- how is this not analagous to legislating the way in which someone thinks? Would you be in favor of legislating a general responsibility for people to ensure the accuracy of the data they use in making every day decisions?

If sunset legislation is meant to ensure that we retain the traditional practice of forgiving old mistakes, then I think you can achieve much of the same effect without going after the private parties collecting the information by forbidding the state from requesting information older than a certain number of years.

I recognize there are issues with the enforcement of such a limitation--if the data is valuable, people will find ways to get at it--, but I don't see how it is any harder to enforce then a sunset clause on data held by private parties.

-- AndreiVoinigescu - 16 Feb 2009

 

Navigation

Webs Webs

r2 - 16 Feb 2009 - 15:25:07 - AndreiVoinigescu
This site is powered by the TWiki collaboration platform.
All material on this collaboration platform is the property of the contributing authors.
All material marked as authored by Eben Moglen is available under the license terms CC-BY-SA version 4.
Syndicate this site RSSATOM