PRIVACY + SECURITY BLOG

News, Developments, and Insights

high-tech technology background with eyes on computer display

Cartoon: The Privacy Paradox

Cartoon Privacy Paradox - TeachPrivacy Privacy Training 02 small

This cartoon is about the “privacy paradox” — the phenomenon where people say that they value privacy highly, yet in their behavior relinquish their personal data for very little in exchange or fail to use measures to protect their privacy.

I recently wrote an article about the privacy paradox: The Myth of the Privacy Paradox, forthcoming 89 Geo. Wash. L. Rev.  You can download it on SSRN for free.

Download Article Solove Myth of the Privacy Paradox

Commentators typically make one of two types of arguments about the privacy paradox. On one side, privacy regulation skeptics contend behavior is the best metric to evaluate how people actually value privacy. Behavior reveals that people ascribe a low value to privacy or readily trade it away for goods or services. The argument often goes on to contend that privacy regulation should be reduced.

On the opposite side, other commentators argue that people’s behavior isn’t an accurate metric of preferences because behavior is distorted by biases and heuristics, manipulation and skewing, and other factors.  People also demonstrate a strong tendency to favor immediate gratification, and this often leads to people giving up their data; the costs aren’t understood until it is far too late.

In contrast to both of these camps, I contend that the privacy paradox is a myth created by faulty logic. The behavior involved in privacy paradox studies involves people making decisions about risk in very specific contexts. In contrast, people’s attitudes about their privacy concerns or how much they value privacy are much more general in nature. It is a leap in logic to generalize from people’s risk decisions involving specific personal data in specific contexts to reach broader conclusions about how people value their own privacy.

* * * *

This post was authored by Professor Daniel J. Solove, who through TeachPrivacy develops computer-based privacy and data security training. He also posts at his blog at LinkedIn, which has more than 1 million followers.

Professor Solove is the organizer, along with Paul Schwartz, of the annual Privacy + Security Forum events.

NEWSLETTER: Subscribe to Professor Solove’s free newsletter
TWITTER: Follow Professor Solove on Twitter.

 

Global Privacy and Data Protection
Privacy Awareness Training Course

Click here to see a demo or to learn more about the course.

TeachPrivacy Privacy Awareness Training - Global Privacy screenshots 01

Table of Contents

TeachPrivacy Privacy Awareness Training - Global Privacy Outline 02

Click here to see a demo or to learn more about the course.

 

Cartoon: GDPR Lawful Basis

Cartoon GDPR Lawful Basis - TeachPrivacy GDPR Training

This cartoon is about the GDPR’s lawful basis requirement to process personal data. One of the biggest differences between U.S. and EU privacy law is that in the U.S., organizations can collect and use personal data in nearly any way they choose as long as they state what they are doing in their privacy notice and follow what they say.  In the EU, in contrast, the GDPR requires that organizations have a “lawful basis” to collect and process personal data. The GDPR specified six lawful bases, including consent, performance of a contract, compliance with a legal obligation, public interest, protect the vital interests of the data subject or other people, and legitimate interest in processing the data.

Many organizations use legitimate interest as their lawful basis.

Article 6(1)(f) of the GDPR provides: 

1.Processing shall be lawful only if and to the extent that at least one of the following applies:

(f) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

Continue Reading

Cartoon: Facial Recognition

Cartoon Facial Recognition -- TeachPrivacy Privacy Training 02 small

Facial recognition technology involves using algorithms to identify people based on their faces. Distinctive details about people’s faces are compiled into “face templates,” which are then stored in a database and used to find facial matches,

Facial recognition is quickly being deployed by many companies for various purposes, such as authenticating identity (unlocking smart phones) and identifying people in photos.  Other uses include using the data to track people’s location and behavior.  Facial recognition technology also can detect people’s emotions – an ability that could be used to manipulate people.

Continue Reading

Cartoon: The Travails of CCPA Compliance

Cartoon CCPA Sisyphus 04

This cartoon depicts the travails of complying with the CCPA as it rapidly evolves.  The CCPA originated when a referendum regarding consumer privacy rights was scheduled to be on the ballot in November 2018.  Alastair Mactaggart, the referendum’s sponsor, offered to withdraw it if California passed a law.  So, in the summer of 2018, the California legislature passed the CCPA in an all-out dash to beat the deadline for the referendum’s withdrawal

Businesses scrambled to get ready to comply for the CCPA’s effective date – January 2020.  Being ready to comply with the CCPA requires quite a lot of work.  Further complicating compliance, the CCPA is riddled with ambiguities and difficult tradeoffs between privacy and data security.

Continue Reading