Data collection and the various technologies that facilitate comprehensive data collection for and through online businesses, advertising firms, and service providers offer benefits to consumers in terms of network speed and locating topics of interest. However, there are considerable privacy concerns associated with being able to track nearly all of a consumer’s online activities.
On Thursday, the Federal Trade Commission presented an excellent program about Data Collection and Privacy, with comments from FTC Commissioners and discussions from leading academics and professionals. These panels provided an informative discussion about what data is collected, how it is used, what are the benefits and drawl backs, and how consumers are currently responding to data collection.
The benefits of data collection through things like cookies, adware and Deep Packet Inspection (DPI) are clear and include increased network speed, programming to users preferences, and protection against security breaches. Companies can increase network speed through the ability to locate and slow down data hogs or by allowing network management to send information packets to where they need to go faster. Data collection can also help program to a user’s preferences; such as by making visited web pages frequently load faster or showing relevant advertisements. Additionally, data collection can allow networks to protect against security breaches by monitoring activity and activity patterns on their networks. However, some of the privacy harms of these immediately gratifying practices could be delayed long enough for consumers to never really know where the harm came from. They may never know which app downloaded their geolocation and then sold it or what the sold information was resold and used for.
At the FTC event, Washington University in St. Louis law professor, Neil Richards pointed out three different dangers that could result from the loss of privacy associated with data collection. First is the exchange of power between consumers and businesses, meaning information is power and the more a business knows about you the more it may be able to persuade you. Companies could use big data collection to know a consumer’s preferences before they do – possibly knowing more about an individual than they know about themselves– and use that information shape consumer preferences. Companies could also use big data to sort or group consumers in ways that may be discriminatory or distasteful.
Second, surveillance is neutral. We often talk about what companies and advertisers are doing with our information and how it is being sold from one company to another, but governments could be interested in these databases as well. If they are up for sale it is possible that any interested party could have access to a wealth of information about a large number of people that could include your digital presence. This would mean your search history, emails, clicks, advertisement views, and where you search from would all be potentially accessible to the highest bidder.
Most interesting and most dangerous is the potential harm to intellectual privacy. Richards describes this as the questions we ask to make sense about the world; private or possibly embarrassing questions that we don’t want to ask other people; things that we read or try to learn about. This massive data collection and constant surveillance would be a disincentive to think freely. As we are so concerned about free speech, we should also be concerned with preserving free thought.
However, as George Washington professor Howard Beales pointed out, there is no one stop shop for all of our personal information. We browse the web with many devices and use different platforms throughout the day. He noted that people under 35 own around four different internet capable devices. Work and home are the most popular places for browsing, but outside of the home 40% of people use their phones while 31% use computers and 20% use tablets. In addition we vary our network usage. For example, 37% of cell phone browsing uses Wi-Fi networks rather than the cellular provider network. This fragmentation of devices and network usage make aggregation about one person more difficult, but no less frightening.
As we look to methods for protecting our data ourselves, researcher and consultant Ashkan Soltani noted that using encryption is not always effective in protecting against deep packet inspection. An increase in opt-in opt-out notices are tedious for consumers, and often consumers are not educated about how their data is used or what the opt out messages mean to make appropriate choices about their data privacy.
Regulatory discussions to overcome fears about data usage often rely on opt-in opt-out inclusions as a way to protect consumers. Interestingly, Carnegie Mellon professor Alessandro Acquisti’s research showed that opt-in opt-out messages or disclaimers about how information was to be used often resulted in more divulging of sensitive material, and that that other distracting factors could redirect consumers’ attention away from privacy concerns.
In summation, there seemed to be agreement that the technology for data collection is not what should be regulated; regulations should be platform neutral. Platforms and technologies are constantly changing so if a technology is regulated for privacy concerns, the regulation can be “innovated around.” Regulations should therefore be based on the activity or the use of data. They should be based on specific harms and problems resulting from data collection and should take into account the values that are threatened. Finally, regulation must respond to an articulated harm, not a speculative concern.