Next Generation Privacy: The Internet of Things, Data Exhaust, and Reforming Regulation by Risk of Harm

Author:

Cunningham McKay

Abstract

The disparities inherent in various national privacy laws have come into sharper contrast as access to information grows and formerly domestic markets become international. Information flow does not adhere to national boundary lines. Increasingly, laws that seek to protect informational privacy do not either. The European Union took a bold approach by limiting access to its markets for those who failed to observe its strict law designed to protect personal information. The 1995 Directive (and 2014 Regulatory Amendment) embody this approach as they: (1) broadly define personal information; (2) broadly define those who process and control personal information; (3) restrict transfer of personal information to those who cannot demonstrate compliance. Tellingly, the Directive does not limit its scope to certain industries or practices, but requires privacy controls across the board, regardless of whether the processor is a healthcare provider, pastry chef or girl scout. To many, the Directive has failed. While the global trend toward adopting laws similar to the Directive suggests that many States value privacy rights, commentators and empirical studies reveal significant shortcomings. The Directive outlaws harmless activities while allowing exceptions that threaten to swallow the rule. It is simultaneously over-inclusive and under-inclusive. National governments enjoy wide latitude to collect and use personal information under the guise of national security. Perhaps more concerning, technology continues to leapfrog. Information privacy is made continually more difficult with each new “app” and innovation. The Internet of Things is more probable than speculative. Radio-frequency identification is a predicate to computer identification and assimilation of everyday physical objects, enabling the use of these objects to be monitored and inventoried by computers. Tagging and monitoring objects could similarly be accomplished by other technologies like near field communication, barcodes, QR codes and digital watermarking, raising the legitimate argument that informational privacy—at least as envisioned in the 1995 Directive’s absolute terms—is impossible. Informational privacy cannot be accomplished by declaring it a fundamental right and outlawing all processing of personal information. To legally realise and enforce a privacy right in personal information, incremental, graduated, and practical legislation better achieve the goal than sweeping proclamations that have applications to actions unrelated to the harms associated with the absence of the right. With information privacy in particular, a capacious claim of right to all personal information undermines legal enforcement because the harms attending lack of privacy are too often ill-defined and misunderstood. As a result, legal realization of a claimed privacy right in the Age of Information should proceed incrementally and begin with the industries, practices, and processes that cause the most harm by flouting informational privacy. Data mining and data aggregation industries, for example, collect, aggregate and resell personal information without express consent. A targeted prohibition of this industry would reduce financial incentives of the most conspicuous violators and alleviate some of the most egregious privacy infractions. A graduated legal scheme also reduces undue and overbroad Internet regulation. While the right to privacy has been recognised and legally supported in one way or another for centuries, it has not faced the emerging and countervailing Age of Information until now. Current omnibus international legislation reflects the impossibility of legally protecting all privacy in the Age of Information; it also illustrates the need for a refined and practical legal scheme that gradually and directly targets the harms associated with privacy violations.

Publisher

University of Groningen Press

Cited by 8 articles. 订阅此论文施引文献 订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献

1. European Biometric Surveillance, Concrete Rules, and Uniform Enforcement;The Cambridge Handbook of Facial Recognition in the Modern State;2024-03-31

2. Facial Recognition Technology across the Globe;The Cambridge Handbook of Facial Recognition in the Modern State;2024-03-31

3. Ethical concerns about social media privacy policies: do users have the ability to comprehend their consent actions?;Journal of Strategic Marketing;2023-07-07

4. Public–Private Interactions in Privacy Governance;Laws;2022-10-26

5. Turning Digital Trails into a Telehealth Competitive Edge;Telemedicine and e-Health;2022-01-01

同舟云学术

1.学者识别学者识别

2.学术分析学术分析

3.人才评估人才评估

"同舟云学术"是以全球学者为主线,采集、加工和组织学术论文而形成的新型学术文献查询和分析系统,可以对全球学者进行文献检索和人才价值评估。用户可以通过关注某些学科领域的顶尖人物而持续追踪该领域的学科进展和研究前沿。经过近期的数据扩容,当前同舟云学术共收录了国内外主流学术期刊6万余种,收集的期刊论文及会议论文总量共计约1.5亿篇,并以每天添加12000余篇中外论文的速度递增。我们也可以为用户提供个性化、定制化的学者数据。欢迎来电咨询!咨询电话:010-8811{复制后删除}0370

www.globalauthorid.com

TOP

Copyright © 2019-2024 北京同舟云网络信息技术有限公司
京公网安备11010802033243号  京ICP备18003416号-3