Me, Myself and I: Aggregated and Disaggregated Identities on Social Networking Services

In this article I explore some of the legal issues arising from the transformation of SNS operators to providers of digital identity. I consider the implications of the involvement of private sector entities in the field of identity management and discuss some of the privacy implications, as well as the prospects for conciliation between online anonymity and pseudonymity, on the one hand, and the need for identifiability and accountability on the other hand.

Who is Reading Whom Now: Privacy in Education from Books to MOOCs

This Article is the most comprehensive study to date of the policy issues and privacy concerns arising from the surge of ed tech innovation. It surveys the burgeoning market of ed tech solutions, which range from free Android and iPhone apps to comprehensive learning management systems and digitized curricula delivered via the Internet. It discusses the deployment of big data analytics by education institutions to enhance student performance, evaluate teachers, improve education techniques, customize programs, and better leverage scarce resources to optimize education results. This Article seeks to untangle ed tech privacy concerns from the broader policy debates surrounding standardization, the Common Core, longitudinal data systems, and the role of business in education. It unpacks the meaning of commercial data uses in schools, distinguishing between behavioral advertising to children and providing comprehensive, optimized education solutions to students, teachers, and school systems. It addresses privacy problems related to small data --the individualization enabled by optimization solutions that read students even as they read their books-as well as concerns about big data analysis and measurement, including algorithmic biases, discreet discrimination, narrowcasting, and chilling effects. This Article proposes solutions ranging from deployment of traditional privacy tools, such as contractual and organizational governance mechanisms, to greater data literacy by teachers and parental involvement. It advocates innovative technological solutions, including converting student data to a parent-accessible feature and enhancing algorithmic transparency to shed light on the inner working of the machine. For example, individually curated data backpacks would empower students and their parents by providing them with comprehensive portable profiles to facilitate personalized learning regardless of where they go. This Article builds on a methodology developed in the authors\u27 previous work to balance big data rewards against privacy risks, while complying with several layers of federal and state regulation

Big Data for All: Privacy and User Control in the Age of Analytics

We live in an age of “big data.” Data have become the raw material of production, a new source for immense economic and social value. Advances in data mining and analytics and the massive increase in computing power and data storage capacity have expanded by orders of magnitude the scope of information available for businesses and government. Data are now available for analysis in raw form, escaping the confines of structured databases and enhancing researchers’ abilities to identify correlations and conceive of new, unanticipated uses for existing information. In addition, the increasing number of people, devices, and sensors that are now connected by digital networks has revolutionized the ability to generate, communicate, share, and access data. Data creates enormous value for the world economy, driving innovation, productivity, efficiency, and growth. At the same time, the “data deluge” presents privacy concerns which could stir a regulatory backlash dampening the data economy and stifling innovation. In order to craft a balance between beneficial uses of data and individual privacy, policymakers must address some of the most fundamental concepts of privacy law, including the definition of “personally identifiable information,” the role of individual control, and the principles of data minimization and purpose limitation. This article emphasizes the importance of providing individuals with access to their data in usable format. This will let individuals share the wealth created by their information and incentivize developers to offer user-side features and applications harnessing the value of big data. Where individual access to data is impracticable, data are likely to be de-identified to an extent sufficient to diminish privacy concerns. In addition, since in a big data world it is often not the data but rather the inferences drawn from them that give cause for concern, organizations should be required to disclose their decisional criteria

Big Data for All: Privacy and User Control in the Age of Analytics

We live in an age of “big data.” Data have become the raw material of production, a new source for immense economic and social value. Advances in data mining and analytics and the massive increase in computing power and data storage capacity have expanded by orders of magnitude the scope of information available for businesses and government. Data are now available for analysis in raw form, escaping the confines of structured databases and enhancing researchers’ abilities to identify correlations and conceive of new, unanticipated uses for existing information. In addition, the increasing number of people, devices, and sensors that are now connected by digital networks has revolutionized the ability to generate, communicate, share, and access data. Data creates enormous value for the world economy, driving innovation, productivity, efficiency, and growth. At the same time, the “data deluge” presents privacy concerns which could stir a regulatory backlash dampening the data economy and stifling innovation. In order to craft a balance between beneficial uses of data and individual privacy, policymakers must address some of the most fundamental concepts of privacy law, including the definition of “personally identifiable information,” the role of individual control, and the principles of data minimization and purpose limitation. This article emphasizes the importance of providing individuals with access to their data in usable format. This will let individuals share the wealth created by their information and incentivize developers to offer user-side features and applications harnessing the value of big data. Where individual access to data is impracticable, data are likely to be deidentified to an extent sufficient to diminish privacy concerns. In addition, since in a big data world it is often not the data but rather the inferences drawn from them that give cause for concern, organizations should be required to disclose their decisional criteria

The Promise and Shortcomings of Privacy Multistakeholder Policymaking: A Case Study

With formal privacy policymaking processes mired in discord, governments and regulators in the United States and Europe have turned to the private sector seeking assistance and solutions. Multistakeholder-driven self-regulation and co-regulation have been pursued in a variety of contexts ranging from online privacy and transparency for mobile applications to protection of transborder data flows. This article focuses on one such process, the World Wide Web Consortium (W3C) discussion of a Do Not Track (DNT) standard, as a case study. It critically analyzes the procedural pitfalls, which hampered the quest to reach a compromise solution acceptable by groups with diametrically opposed interests, including industry players, government regulators, and privacy advocates. It is based on a series of interviews that the Authors conducted with participants in the process, including leading industry, civil society, and the government players. Proponents of multistakeholder processes, including the U.S. government, suggests that this mode of policymaking benefits from important advantages, including an opportunity to coopt industry experts, move swiftly to conclusion, and garner industry support. The reality, however, is that the W3C process featured few of these benefits. It was protracted, rife with hardball rhetoric and combat tactics, based on inconsistent factual claims, and under constant threat of becoming practically irrelevant due to lack of industry buy-in. Perhaps this should not be surprising. The way DNT has been framed—as a veritable “on/off” switch for an entire industry—inevitably raised the stakes for a common accord. Indeed, DNT crystalizes a deep ideological divide about right and wrong in online behavior, with one side arguing that merely collecting users’ information is wrong, and the other side claiming a right—in fact a business imperative—to use such information for multiple goals. Add to that a healthy portion of competitive maneuvering within the industry, and you get a combustive mix