Re: wording for the privacy section

Angel,

I'd like to take a moment to step back from the Geopriv-specific  
discussion to explain why we think tying privacy rules to location  
will be helpful for privacy on the web. In doing so I will address  
your comment about the Article 29 Working Party opinion on location  
data.

John and I (and many others) do not believe that the consumer privacy  
experience on the Web thus far has been a good one. The main vehicle  
that companies have used as a means to express their privacy practices  
is the privacy policy. The examples of privacy policies that I  
mentioned in my previous email to Ian provide a mere snapshot of the  
problem. Privacy policies are written as disclaimers of legal  
liability for corporations, not as the expression of privacy rights of  
individuals. Study after study has shown that privacy policies are too  
long and complicated for people to understand [1]. When people see the  
words "Privacy Policy" at the bottom of a web page, they falsely  
believe that their privacy is being protected [2]. When they find out  
the actual state of affairs on the Web -- that their data is often  
being collected and disclosed without their knowledge -- the majority  
of people are upset or uncomfortable [3]. Thus, it is not the case  
that the Internet is full of highly informed users who carefully  
choose which sites they share data with based on an understanding of  
each site's policies. The best that can be said about privacy on the  
Web is that most users are ignorant of what actually goes on with  
their data, and when they find out they don't like it.

Thus, the notion of tying privacy rules to location appeals to us  
because it represents a way to improve over the status quo for a  
sensitive category of data. Presenting sites with privacy rules  
provides an explicit expression of the user's privacy expectation, and  
creates a basis to judge whether the rules are enforced, regardless of  
how privacy-protective the user's legal regime may be.

But folks are right to raise the impact that the user's legal regime  
can have. In the US, where we have no specific law protecting the  
location information that sites would obtain through this API, passing  
privacy rules increases privacy protection because the mere expression  
of such rules will enhance a court's willingness to honor them.

In the EU, the data protection directive does provide an expression of  
individual privacy rights. But that doesn't mean that each member  
state's implementation of the directive is fully protective of  
location information, and it certainly doesn't mean that legislators  
and judges in each EU country will interpret Article 29 Working Party  
opinions, which are not law, so as to protect location information. If  
the regime as defined in the directive in 1995 were clear, search  
engine companies may not have felt the need to make constant  
adjustments to their data retention policies over the last 2 years,  
for example. As another example, it is not at all clear how lawmakers  
and judges across the EU will interpret "the length of time necessary  
for providing the service" in the opinion that you cite below. Might  
companies claim that indefinite storage is a reasonable length of  
time, and will courts agree? While each member state is busy grappling  
with these questions, passing privacy rules to sites can express the  
user's robust interpretation of how location information should be  
treated.

With this spec, we have the opportunity to surpass what we believe is  
a dismal status quo for privacy on the web. We can decide to whitewash  
the privacy issue by making some generic policy recommendation, the  
result of which will likely be that companies add more vague language  
to their privacy policies absolving them of legal liability for  
whatever happens to the location information they collect. Or we can  
move the ball forward by making user privacy preferences explicit and  
putting the onus on web developers to respect those preferences or  
face potential consequences.

Alissa

[1] http://portal.acm.org/citation.cfm?id=1284627

[2] http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1262130

[3] http://blog.cdt.org/2008/03/28/consumer-discomfort-with-online-tracking/


On Nov 5, 2008, at 7:18 AM, Angel Machín wrote:

> Hi Alissa,
>
> On Tue, Nov 4, 2008 at 8:49 PM, Alissa Cooper <acooper@cdt.org> wrote:
>
> Frankly, I would be astounded if even the small number of sites that  
> already obtain location information using the existing version of  
> this API (1) delete location data after some amount of time less  
> than many years, and (2) commit to not sharing location information  
> with others.
>
> ... but in this particular case we have regulation controlling it,  
> why should we need a specific policy item?
>
> "Storage time – storage of location data is only permitted for the  
> length of time necessary for providing the service. It cannot be  
> stored after that, except for billing and payment purposes. If it  
> is, it must be rendered anonymous."
> http://ec.europa.eu/justice_home/fsj/privacy/docs/wpdocs/2005/wp115_en.pdf
>
> Regards,
> Angel
>

Received on Wednesday, 12 November 2008 21:37:52 UTC