Andy Serwin, who recently published the article, “The Federal Trade Commission and Privacy: Defining Enforcement and Encouraging the Adoption of Best Practices” (available on SSRN), has a new blog post, “Understanding Proposed Models for Privacy.”
I can see already that it will take me at least a few cups of coffee to work my way through his post, but I want to pull out one section here so that my blog readers will understand why I think we should all be reading and discussing his approach and ideas:
There are some that have interpreted my Privacy 3.0 article, first published over 3 years ago as a chapter in my privacy treatise, as advocating purely a focus on sensitivity and ignoring other issues. If this were true, I would have called the article Privacy 3.0—The Principle of Sensitivity. I did not because I believe that while sensitivity is extremely important, and data classification is the first step in the analysis, it is truly only the first step, which is why I chose the word proportionality.[11]
In Privacy 3.0 I argued that it was widely recognized that the current theoretical construct of privacy—Prosser’s tort-based enforcement/accountability model—had failed. What was needed was a model that provided appropriate, but not over or under-inclusive protection, particularly in the rapidly changing Web 2.0 world where information sharing was the basis of a number of now ubiquitous services, such as Facebook.
I also recognized that society would gain benefit from information sharing, though there should be restrictions, or use-limitations, on the sharing.
Instead, a theory of proportional protection places higher restrictions and access barriers on truly sensitive information that either has limited or no use to third-parties and has great capacity to damage individuals and society, while simultaneously permitting the necessary and appropriate access to those having a legitimate need to know certain information, particularly when that information is less sensitive. Proportionality also has the advantage of minimizing the societal impact of privacy issues because enforcement and compliance will be focused on the most appropriate levels of sensitive information.[12]
In other words, use-limitations should be proportional to the sensitivity of data.
While an examination of data elements for sensitivity could lead to improving privacy protection, that model did not seem to provide prospective guidance. As such, I proposed creating four tiers—highly sensitive; sensitive; slightly sensitive; and non-sensitive. By creating these tiers, one could associate certain use-restrictions and enforcement with each tier. As noted below, I did not simply focus on sensitivity as part of proportionality, but rather a broader set of issues that needed to be defined once the four tiers of information were created:
Thus, there are common elements that I will be discussing regarding each tier. These include:
- whether information can be gathered without notice or consent;
- whether consent must be opt-in or opt-out;
- the effect of consent;
- the types of processing that can be done;
- can information be gathered under false pretenses;
- are there time restrictions upon the retention of the data;
- data security requirements;
- data destruction requirements;
- what steps are required, or permitted, to mitigate any mishandling of information; and
- penalties for misuse of the information, including the imposition of statutory penalties in certain cases.
Read the whole article on Privacy & Security Source.