Bridging the Gap Between Privacy and Design

University of Pennsylvania Journal of Constitutional Law, Dec 2012

By Deirdre K. Mulligan and Jennifer King, Published on 03/01/12

Article PDF cannot be displayed. You can download it here:

https://scholarship.law.upenn.edu/cgi/viewcontent.cgi?article=1056&context=jcl

Bridging the Gap Between Privacy and Design

† BRIDGING THE GAP BETWEEN PRIVACY AND DESIGN * Deirdre K. Mulligan ** Jennifer King ABSTRACT This article explores the gap between privacy and design in the context of “lateral privacy”— privacy issues arising among users of a service rather than from the service provider—on social networking sites (SNSs) and other platforms by analyzing the privacy concerns lodged against the introduction of Facebook’s News Feed in 2006. Our analysis reveals that the dominant theory of privacy put forth by regulators, privacy as individual control, offers little insight into the experiences of privacy violation claimed by users. More importantly, we show that this theory is illequipped to guide the design of SNSs and platforms to avoid similar harms in the future. A rising tide of privacy blunders on social networking sites and platforms drives the search for new regulatory approaches, and privacy regulators across the globe are increasingly demanding that the Fair Information Practice Principles, the embodiment of privacy as individual control, inform the design of technical systems through Privacy By Design. The call for Privacy By Design—the practice of embedding privacy protections into products and services at the design phase, rather than after the fact—connects to growing policymaker recognition of the power of technology to not only implement, but also to settle policy through architecture, configuration, interfaces, and default settings. We argue that regulators would do well to ensure that the concept of privacy they direct companies to embed affords the desirable forms of protection for privacy. Ideally, there would be a widely used set of methods and tools to aid in translating privacy into design. Today, neither is true. We identify three gaps in the “informational self-determination” approach that limit its responsiveness to lateral privacy design decisions in SNSs and platforms and then explore three alternative theories of privacy that provide compelling explanations of the privacy harms exemplified in platform environments. Based on this descriptive utility, we argue that these theories provide more robust grounding for efforts by SNSs and platform developers to address lateral privacy concerns in the design of technical artifacts. Unlike FIPPs, which can be applied across contexts, these theories require privacy to be discovered, not just implemented. To bridge this discovery gap, we turn to the field of Human Computer Interaction (“HCI”) and dip into the related field of Value Sensitive Design (“VSD”) to identify tools and methodologies that would aid designers in discovering and ultimately embedding these contextual, socially- oriented † * ** This project is supported by the TRUST Center (The Team for Research in Ubiquitous Secure Technology), which receives support from the National Science Foundation (NSF award number CCF-0424422), and by the Nokia Corporation. This material is based upon work supported by the U.S. Department of Homeland Security, under grant award #2006-CS-001-000001, and the National Institute of Standards and Technology, under grant award #60NANB1D0127, under the auspices of the Institute for Information Infrastructure Protection (I3P) research program. The I3P is managed by Dartmouth College. The views and conclusions contained in this document are those of the authors and should not be interpreted as necessarily representing the official policies, either expressed or implied, of the U.S. Department of Homeland Security, the I3P, or Dartmouth College. Assistant Professor, University of California, Berkeley, School of Information. Doctoral Candidate, University of California, Berkeley, School of Information. 989 990 JOURNAL OF CONSTITUTIONAL LAW [Vol. 14:4 understandings of privacy in technical artifacts. Finally, we provide some tentative thoughts on the form and substance of regulations that would prompt corporations to invest in these HCI approaches to privacy. INTRODUCTION For over thirty years the public and private sectors have been directed to protect privacy through adherence to Fair Information 1 Practice Principles (“FIPPs”). Regional directives, international in2 3 4 5 struments, omnibus and sectoral laws, and guidance documents 1 2 3 4 5  See, e.g., Directive 95/46, of the European Parliament and of the Council of 24 October 1995 on the Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of Such Data, 1995 O.J. (L 281) 31, 33 (EC); ASIA-PACIFIC ECON. COOPERATION, APEC PRIVACY FRAMEWORK (2005), available at http://publications.apec. org/publication-detail.php?pub_id=390. See Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data, Council of Europe, Jan. 28, 1981, E.T.S. 108, available at http://conventions.coe.int/Treaty/EN/Treaties/HTML/108.htm; OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data, ORG. FOR ECON. COOPERATION & DEV. (Sept. 23, 1980), http://www.oecd.org/document/18/0,3343,en_2649_34255_ 1815186_1_1_1_1,00.html. See Personal Information Protection and Electronic Documents Act (PIPEDA), S.C. 2000, c. 5 (Can.); Loi 1978-17 du 6 janvier 1978 relative à l’informatique, aux fichiers et aux libertés modifiée [Law 1978-17 of January 6, 1978 on Information Technology, Data Files and Civil Liberties], JOURNAL OFFICIEL DE LA REPUBLIQUE FRANÇAISE [J.O.] [OFFICIAL GAZETTE OF FRANCE], 1978; Legge 31 dicembre 1996, n.675 (It.), available at http://www.garanteprivacy.it/garante/doc.jsp?ID=28335; Decreto Legislativo 30 June 2003, n.196 (It.), available at http://www.garanteprivacy.it/garante/docu-ment?ID= 1219452 (implementing Directive 95/46/EC and the Data Protection Code). While the U.S. has continued to take a largely sectoral approach to privacy, it has enacted statutes to advance FIPPs. See, e.g., Right to Financial Privacy Act (“RFPA”), 12 U.S.C. §§ 3401–22 (2006) (protecting the confidentiality of personal financial records by creating a statutory Fourth Amendment protection for bank records); Gramm-Leach-Bliley Act (“GLBA”), 15 U.S.C. §§ 6801, 6827 (2006) (empowering various agencies to promulgate data security regulations for financial institutions); Electronic Communications Privacy Act of 1986 (“ECPA”), 18 U.S.C. §§ 2510, 2511 (2006) (extending restrictions against wiretaps to include transmissions of electronic data by computer); Video Privacy Protection Act of 1988 (“VPPA”), 18 U.S.C. § 2710 (2006) (preventing disclosure of personally identifiable rental records of “prerecorded video cassette tapes or similar audio visual material”); Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), Pub. L. No. 104–91, 110 Stat. 1936 (1996) (codified as amended in scattered sections of 42 U.S.C.) (regulating the use and disclosure of “Protected Health Information” in the section 1173 under “Security Standards for Health Information” Section 2). See, e.g., FED. TRADE COMM’N, P (...truncated)


This is a preview of a remote PDF: https://scholarship.law.upenn.edu/cgi/viewcontent.cgi?article=1056&context=jcl
Article home page: https://scholarship.law.upenn.edu/jcl/vol14/iss4/4

Deirdre K. Mulligan, Jennifer King. Bridging the Gap Between Privacy and Design, University of Pennsylvania Journal of Constitutional Law, 2012, Volume 14, Issue 4,