Skip to main content Accessibility help

We use cookies to distinguish you from other users and to provide you with a better experience on our websites. Close this message to accept cookies or find out how to manage your cookie settings.

Close cookie message
×
Hostname: page-component-745bb68f8f-l4dxg Total loading time: 0 Render date: 2025-02-11T12:20:52.226Z Has data issue: false hasContentIssue false

1 - Monitoring, Datafication, and Consent: Legal Approaches to Privacy in the Big Data Context

Published online by Cambridge University Press:  05 July 2014

By
Katherine J. Strandburg
Edited by
Julia Lane ,
Victoria Stodden ,
Stefan Bender  and
Helen Nissenbaum
Katherine J. Strandburg
Affiliation:
New York University School
Julia Lane
Affiliation:
American Institutes for Research, Washington DC
Victoria Stodden
Affiliation:
Columbia University, New York
Stefan Bender
Affiliation:
Institute for Employment Research of the German Federal Employment Agency
Helen Nissenbaum
Affiliation:
New York University
Get access

Summary

Introduction

Knowledge is power. ‘Big data’ has great potential to benefit society. At the same time, its availability creates significant potential for mistaken, misguided, or malevolent uses of personal information. The conundrum for law is to provide space for big data to fulfill its potential for societal benefit, while protecting citizens adequately from related individual and social harms. Current privacy law evolved to address different concerns and must be adapted to confront big data’s challenges. This chapter addresses only one aspect of privacy law: the regulation of private sector acquisition, aggregation, and transfer of personal information. It provides an overview and taxonomy of current law, highlighting the mismatch between current law and the big data context, with the goal of informing the debate about how to bring big data practice and privacy regulation into optimal harmony.

Part I briefly describes how privacy regulation in the United States has evolved in response to a changing technological and social milieu. Part II introduces a taxonomy of privacy laws relating to data acquisition, based on the following features: (1) whether the law provides a rule- or a fact-based standard; (2) whether the law is substantive or procedural, in a sense defined below; and (3) which mode(s) of data acquisition are covered by the law. It also argues that the recording, aggregation, and organization of information into a form that can be used for data mining, here dubbed ‘datafication’, has distinct privacy implications that often go unrecognized by current law. Part III provides a selective overview of relevant privacy laws in light of that taxonomy. Section A discusses the most standards-like legal regimes, such as the privacy torts, for which determining liability generally involves a fact-specific analysis of the behavior of both data subjects and those who acquire or transfer the data (‘data handlers’). Section B discusses the Federal Trade Commission’s (FTC’s) ‘unfair and deceptive trade practices’ standard, which depends on a fact-specific inquiry into the behavior of data handlers, but makes general assumptions about data subjects.

Type
Chapter
Information
Privacy, Big Data, and the Public Good
Frameworks for Engagement
 , pp. 5 - 43
Publisher: Cambridge University Press
Print publication year: 2014

Access options

Get access to the full version of this content by using one of the access options below. (Log in options will check for institutional or personal access. Content may require purchase if you do not have access.)

References

Warren, Samuel D. and Brandeis, Louis D., The Right to Privacy, 4 Harv. L. Rev. 193 (1890)
Solove, Daniel J., Privacy Self-Management and the Consent Dilemma, 126 Harv. L. Rev. 1880 (2013)
Warner, Richard, Undermined Norms: The Corrosive Effect of Information Processing Technology on Informational Privacy, 55 St Louis L.J. 1047, 1084–86 (2011)
Cate, Fred H., Protecting Privacy in Health Research: The Limits of Individual Choice, 98 Calif. L. Rev. 1765 (2010)
Schwartz, Paul M. and Solove, Daniel J., The PII Problem: Privacy and a New Concept of Personally Identifiable Information, 86 N.Y.U. L. Rev. 1814 (2011)
Bambauer, Derek E., Rules, Standards, and Geeks, 5 Brook. J. Corp. Fin. & Com. L. 49 (2010)
Kaplow, Louis, Rules versus Standards: An Economic Analysis, 42 Duke L.J. 557 (1992)
Sunstein, Cass R., Problems with Rules, 83 Cal. L. Rev. 953 (1995)
Clarke, Roger A., Information Technology and Dataveillance, 31 Comm. ACM 498 (1988)
Calo, Ryan M., The Boundaries of Privacy Harm, 86 Ind. L.J. 1131 (2011)
Gray, David and Citron, Danielle, The Right to Quantitative Privacy, 98 Minn. L. Rev. 62 (2013)
Strahilevitz, Lior, Toward a Positive Theory of Privacy Law, 126 Harv. L. Rev. 2010 (2013)
Thierer, Adam, A Framework for Benefit-Cost Analysis in Digital Privacy Debates, 20 Geo. Mason L. Rev. 1055 (2013)
Tene, Omer and Polonetsky, Jules, Privacy in the Age of Big Data: A Time for Big Decisions, 64 Stan. L. Rev. Online 63 (2012)
Yakowitz, Jane, The Tragedy of the Data Commons, 25 Harv. J. Law & Tech. 1 (2011)
Tene, Omer and Polonetsky, Jules, Big Data for All: Privacy and User Control in the Age of Analytics, 11 Nw. J. Tech. & Intell. Prop. 239 (2013)
Cohen, Julie M., What Privacy Is For, 126 Harv. L. Rev. 1904 (2013)
Ohm, Paul, The Underwhelming Benefits of Big Data, 161 U. Pa. L. Rev. Online 339 (2013)
Rubinstein, Ira S., Big Data: The End of Privacy or a New Beginning? 3 Int’l Data Privacy L. 74 (2013)
Prosser, William, Privacy, 48 Cal. L. Rev. 383 (1960)
Richards, Neil M. and Solove, Daniel J., Prosser’s Privacy Law: A Mixed Legacy, 98 Cal. L. Rev. 1887, 1891–99 (2010)
Bambauer, Jane Yakowitz, The New Intrusion, 88 Notre Dame L. Rev. 205 (2012)
Zimmerman, Diane L., The New Privacy and the Old: Is Applying the Tort Law of Privacy Like Putting High-Button Shoes on the Internet? 17 Comm. L. & Pol’y 107 (2012)
Prosser, William L., Intentional Infliction of Mental Suffering: A New Tort, 37 Mich. L. Rev. 874, 884 (1939)
Marotta-Wurgler, Florencia, Online Markets vs. Traditional Markets: Some Realities of Online Contracting, 19 S. Ct. Econ. Rev. 11 (2011)
Rubinstein, Ira S., Regulating Privacy by Design, 26 Berkeley Tech. L.J. 1409 (2011)
Kennedy, Charles H., An ECPA for the 21st Century: The Present Reform Efforts and Beyond, 20 CommLaw Conspectus 129 (2011–12)
Tene, Omer and Polonetsky, Jules, To Track or “Do Not Track”: Advancing Transparency and Individual Control in Online Behavioral Advertising, 13 Minn. J.L. Sci. & Tech. 281 (2012)
Hirsch, Dennis D., Is Privacy Regulation the Environmental Law of the Information Age? in Katherine J. Strandburg and Daniela S. Raicu, eds., Privacy and Technologies of Identity: An Interdisciplinary Conversation (2005)
Hirsch, Dennis D., Achieving Global Privacy Rules through Sector-based Codes of Conduct, 74 Ohio St. L.J. 1029 (2013)
Rubinstein, Ira S., Regulating Privacy by Design, 26 Berkeley Tech. L.J. 1409 (2011)
Bamberger, Kenneth A. and Mulligan, Deirdre K., Privacy on the Books and on the Ground, 63 Stan. L. Rev. 24 (2011)
Swire, Peter P., Financial Privacy and the Theory of High-Tech Government Surveillance, 77 Wash. U. L.Q. 461 (1999)
Cate, Fred A., Government Data Mining: The Need for a Legal Framework, 43 Harv. C.R.-C.L. L. Rev. 435 (2008)
Kreimer, Seth F., Watching the Watchers: Surveillance, Transparency, and Political Freedom in the War on Terror, 7 U. Pa. J. Const. L. 13 (2004)

Save book to Kindle

To save this book to your Kindle, first ensure [email protected] is added to your Approved Personal Document E-mail List under your Personal Document Settings on the Manage Your Content and Devices page of your Amazon account. Then enter the ‘name’ part of your Kindle email address below. Find out more about saving to your Kindle.

Note you can select to save to either the @free.kindle.com or @kindle.com variations. ‘@free.kindle.com’ emails are free but can only be saved to your device when it is connected to wi-fi. ‘@kindle.com’ emails can be delivered even when you are not connected to wi-fi, but note that service fees apply.

Find out more about the Kindle Personal Document Service.

Available formats
×

Save book to Dropbox

To save content items to your account, please confirm that you agree to abide by our usage policies. If this is the first time you use this feature, you will be asked to authorise Cambridge Core to connect with your account. Find out more about saving content to Dropbox.

Available formats
×

Save book to Google Drive

To save content items to your account, please confirm that you agree to abide by our usage policies. If this is the first time you use this feature, you will be asked to authorise Cambridge Core to connect with your account. Find out more about saving content to Google Drive.

Available formats
×