PRIVACY + SECURITY BLOG

News, Developments, and Insights

high-tech technology background with eyes on computer display

Cartoon: The Privacy Paradox

Cartoon Privacy Paradox - TeachPrivacy Privacy Training 02 small

This cartoon is about the “privacy paradox” — the phenomenon where people say that they value privacy highly, yet in their behavior relinquish their personal data for very little in exchange or fail to use measures to protect their privacy.

I recently wrote an article about the privacy paradox: The Myth of the Privacy Paradox, forthcoming 89 Geo. Wash. L. Rev.  You can download it on SSRN for free.

Download Article Solove Myth of the Privacy Paradox

Commentators typically make one of two types of arguments about the privacy paradox. On one side, privacy regulation skeptics contend behavior is the best metric to evaluate how people actually value privacy. Behavior reveals that people ascribe a low value to privacy or readily trade it away for goods or services. The argument often goes on to contend that privacy regulation should be reduced.

On the opposite side, other commentators argue that people’s behavior isn’t an accurate metric of preferences because behavior is distorted by biases and heuristics, manipulation and skewing, and other factors.  People also demonstrate a strong tendency to favor immediate gratification, and this often leads to people giving up their data; the costs aren’t understood until it is far too late.

In contrast to both of these camps, I contend that the privacy paradox is a myth created by faulty logic. The behavior involved in privacy paradox studies involves people making decisions about risk in very specific contexts. In contrast, people’s attitudes about their privacy concerns or how much they value privacy are much more general in nature. It is a leap in logic to generalize from people’s risk decisions involving specific personal data in specific contexts to reach broader conclusions about how people value their own privacy.

* * * *

This post was authored by Professor Daniel J. Solove, who through TeachPrivacy develops computer-based privacy and data security training. He also posts at his blog at LinkedIn, which has more than 1 million followers.

Professor Solove is the organizer, along with Paul Schwartz, of the annual Privacy + Security Forum events.

NEWSLETTER: Subscribe to Professor Solove’s free newsletter
TWITTER: Follow Professor Solove on Twitter.

 

Global Privacy and Data Protection
Privacy Awareness Training Course

Click here to see a demo or to learn more about the course.

TeachPrivacy Privacy Awareness Training - Global Privacy screenshots 01

Table of Contents

TeachPrivacy Privacy Awareness Training - Global Privacy Outline 02

Click here to see a demo or to learn more about the course.

 

New Supplemental Materials for INFORMATION PRIVACY LAW Casebooks


I am pleased to announce that Professor Paul Schwartz and I have released new supplemental materials for our INFORMATION PRIVACY LAW casebooks:

(1) edited version of Carpenter v. US

(2) overview of the CCPA + state biometric privacy laws

Continue Reading

ALI Data Privacy: Overview and Black Letter Text — Available for Download

American Law Institute (ALI) Data Privacy 01

Professor Paul Schwartz and I have posted the black letter text of the American Law Institute (ALI), Principles of the Law, Data Privacy. Professor Paul Schwartz and I were co-reporters on the project.  Earlier this year, I wrote a post about our completion of the project.  According to the ALI press release: “The Principles seek to provide a set of best practices for entities that collect and control data concerning individuals and guidance for a variety of parties at the federal, state, and local levels, including legislators, attorneys general, and administrative agency officials.”

The project is an attempt to create a comprehensive approach to data privacy for the United States.  The project was 7 years in the making, and we’re thrilled finally to share the text.  We also wrote a short introduction to explain what various provisions are attempting to accomplish.  You can download it from SSRN for free.  Our piece is called ALI Data Privacy: Overview and Black Letter Text.

Here’s the abstract.

In this Essay, the Reporters for the American Law Institute Principles of Law, Data Privacy provide an overview of the project as well as the text of its black letter. The Principles aim to provide a blueprint for policymakers to regulate privacy comprehensively and effectively.

The United States has long remained an outlier in privacy law. While numerous nations have enacted comprehensive privacy laws, the U.S. has clung stubbornly to a fragmented, inconsistent patchwork of laws. Moreover, there long has been a vast divide between the approaches of the U.S. and European Union (EU) to regulating privacy – a divide that many consider to be unbridgeable.

The Principles propose comprehensive privacy principles for legislation that are consistent with certain key foundations in the U.S. approach to privacy, yet that also align the U.S. with the EU. Additionally, the Principles attempt to breathe new life into the moribund and oft-criticized U.S. notice-and-choice approach, which has remained firmly rooted in U.S. law. Drawing from a vast array of privacy laws and frameworks, and with a balance of innovation, practicality, and compromise, the Principles aim to guide policymakers in advancing U.S. privacy law.

The essay above consists of our short introduction and the black letter text.  The full document is 100+ pages long and is available at the ALI.  Right now, final proofreading and formatting are being done on the document, but you can obtain from ALI the near-final version.

Continue Reading