|
META TOPICPARENT | name="WebPreferences" |
Let's Give Them Something to Talk About: Mobile Devices and the Privacy Policy Distraction | | "The Tale of the Vacant Lot" is a story about a young girl, driven by capitalist signifiers of success and self-worth, who buys every product she desires and imagines will improve her life. Unwilling to part with money or any of her other physical possessions, the girl agrees to a trade. The shopkeeper offers to take only "something that has no value to her." When the girl questions what that might be, the shopkeeper replies: "Should it matter?" The twist of course is that the shopkeeper slowly steals pieces of her life. We trade pieces of our lives (in a less metaphysical sense) for free browsing, free email, and a multitude of other online services, but many if not most of us have no idea exactly what it is that we are giving up and to what end. Privacy policies are designed to itemize that bill. | |
< < | Such transparency has become imperative in a world where transactions, both personal and professional, are conducted increasingly on mobile phones, but as it stands, less than one third of Americans feel they are in control of their personal information on their mobile devices. Many apps routinely gather information from the personal address books of unwitting users and store such information on their servers, with one leading app executive calling it "industry best practice." By June of 2012, California Attorney General Kamala Harris had reached an agreement with Apple, Google, Facebook, Amazon, Microsoft, Hewlett Packard, and Research in Motion that they would require mobile applications ("apps") on their platforms to conspicuously post a privacy policy detailing the information they collect, how they use it, and with whom it is shared. Users would be able to review these policies before they download a given app, and platforms must offer a mechanism to report non-compliant apps. While in some sense this seems to indicate positive momentum with respect to users' privacy, the agreement also serves to further obfuscate the boundaries of privacy rights. | > > | Such transparency has become utterly inapposite at this point. Less than one third of Americans feel they are in control of their personal information on their mobile devices; many apps routinely gather information from the personal address books of unwitting users and store such information on their servers, with one leading app executive calling it "industry best practice" The internet occasionally erupts in outrage over such practices, and yet, smartphone penetration continues to increase. More people than ever are conducting personal and professional transactions on data-gathering mobile applications ("apps"), willfully blind to the agreements they have made when downloading them. | | | |
> > | The attitudes consumers have towards privacy policies make California Attorney General Kamala Harris's crusade all the more farcical. By June 2012, Harris had reached an agreement with Apple, Google, Facebook, Amazon, Microsoft, Hewlett Packard, and Research in Motion that they would require apps on their platforms to conspicuously post a privacy policy detailing the information they collect, how they use it, and with whom it is shared. Users would be able to review these policies before they download a given app, and platforms must offer a mechanism to report non-compliant apps. While in some sense this seems to indicate positive momentum with respect to users' privacy, in reality, the Agreement perpetuates an already defunct system based on the ethics of consent. | | | |
< < | Who's in Charge Here Anyway? | > > | The Death of the Notice-and-Consent Model | | | |
< < | The Harris Agreement is little more than a commitment of these seven platforms to comply with current California law. Section 22575(a) of the 2004 California Online Privacy Protection Act provides that: | | | |
< < | An operator of a commercial Web site or online service that collects personally identifiable information through the Internet about individual consumers residing in California who use or visit its commercial Web site or online service shall conspicuously post its privacy policy on its Web site, or in the case of an operator of an online service, make that policy available in accordance with paragraph (5) of subdivision (b) of Section 22577. | > > | Private transactions are governed by the law of contract. Vendors provide notice of their terms and consumers make a choice to accept those terms. Both must be meaningfully present in order to ensure a fair bargain. Until recently, this model seemed a given, but traditional notions of notice and consent break down in transactions involving personal information. | | | |
< < | Paragraph (5) states that "any reasonably accessible means of making the privacy policy available for consumers of an online service" is acceptable. | | | |
< < | By engaging these platforms in discussion, the Harris Agreement seems to imply that these platforms have a choice as to whether they obey the law. This unsettling power dynamic has philosophical underpinnings. "Cyber-sovereignty," a philosophy emerging from the smaller, community-based internet of the early 90s, is characterized by the fundamental conviction that traditional legal regimes and institutions should not impose their rules on the digital world and suggests instead that a cyber-regime should be created, designed, and enforced exclusively by members of the online community. The U.S. has, however inadvertently, acquiesced, and in doing so has set some very dangerous precedent. Google was recently embroiled in legal conflict after the site refused to remove the anti Islamic film "Innocence of Muslims" from its site despite the requests of the U.S. government to reconsider. Though in this case it was a victory for free speech, it illustrates a problematic power dynamic, particularly when contextualized in the larger democratic system. We as a nation have implicitly agreed to entrust our digital rights to entities that have corporate values and shareholders rather than those that are accountable to a constitution and an electorate. | > > | No One Notices | | | |
< < | The Harris Agreement continues this pattern of empowering platforms to enforce the law on their terms. This is illustrated most clearly by what it fails to say: There is no mention of a requirement to remove any non-compliant apps. All that this agreement secures is a promise, but we actually had that before. Prior to the Harris Agreement, Google required developers to ask users for permission to obtain their online data and Apple prohibited any app that collected or transmitted data without permission, but a June 2012 study found that only 22.7% of free apps and 13.3% of paid apps across all platforms posted their privacy policies on the app listing page. To continue to legitimize these entities as policymakers is worse than useless; it is entirely the problem. | | | |
> > | Most people do not read privacy policies. A YouGov study found that though 92% of active internet users utilize at least one Google service, only 12% of users actually read Google's privacy policy. One could point to any number of reasons for this apathy: Vendors have every incentive to be overly vague and data collection practices themselves are extremely complex; the opacity of data collection and usage frustrates transparency; even if violations became apparent, there is no enforcement mechanism in place to address them; and many vendors reserve the right to alter the terms without notifying the consumers. All of these complaints are valid ones, but none of them are actually to the problem. Clear and concise notice is simply not the issue. Assuming that all of these concerns are addressed and remedied, there is little reason to believe that consumers would change their habits. Informing individuals that Facebook is collecting biometric information or that Google is reading their mail, or even that every single keystroke on their iPhone is being recorded will certainly horrify them, but it will not stop most of them from living their digital lives in exactly the same addictive way. | | | |
> > | Consent or Can't-Sent? | | | |
< < | If a Privacy Policy Falls in the Forest, and Nobody Can Understand It, Does it Make a Sound? | | | |
< < | Privacy policies, when written with clarity and transparency in mind, are an effective tool for consumers to make choices about which online services they use. Disclosure is an important first step, but unfortunately, it does not necessarily create accountability. What apps do with personal information, and just how much personal information they access, is still largely invisible. Even if app manufacturers are honest in their privacy policies, they will likely still tend to lack for comprehensiveness. These policies are not so much intended to afford consumers protection as they are to serve manufacturers legal liability. They are vague by design, and as Harris herself has said, most privacy policies are "absolutely beyond the understanding of the average person." A recent survey even found that Google and Facebook privacy policies are more confusing than the small print coming from credit card companies. It is no wonder that most consumers do not read privacy policies. | > > | Margaret Jane Radin notes that free consent requires more than a mere passive acquiescence to do something; there must be a possibility for individuals to choose to do otherwise. Most, if not all, major digital vendors collect a significant amount of user data, and there is very little room to bargain for more data protection. If the average person wants to use an online service, the cost, a surrender of privacy, is non-negotiable. While no one is forced to use a computer or a smartphone to conduct transactions, most people prefer to live in a "highly digitized society," wherein one is free to consume and transact online constantly. Some of these services have doubtlessly made our lives better, but many of them have just made us gluttonous. The only meaningful consent we've made then is the choice to continuously over-discount the future risks of privacy loss. | | | | Conclusion | |
< < | Though one might wonder why on earth the government would expend the regulatory energy attempting to improve a tool that most people entirely disregard, it is easy to see why these platforms are so accommodating. The agreement changes nothing of substance. Companies that trade on data collection will still be free to do whatever they choose with users' data and they will be able to hide behind the shield of legal compliance. If the government truly wanted to make meaningful changes, they would have put actual penalties in place for companies that take users' data without their express permission. Instead, they have seemingly strengthened the privacy policy shield. Pity that it is protecting the wrong side. | > > | The Harris Agreement is yet another regulatory effort that misses the point entirely. Harris assumes that the issue is one of notice, but overlooks the even more pronounced problem of consent. The only thing consumers care about when downloading an app is whether it is free. If it is and their friends are using it, just show them where to click. Present them with a mandatory privacy policy first and they will immediately scroll to the bottom. Just like they do with the optional privacy policies now. Those that do read it are the likely same people who already have constructive knowledge that they must be parting with something to play Angry Birds, but they also know that it is something they don't seem to miss in the present. | | | |
< < | -- StacyAdelman - 27 Apr 2013 | > > | Though one might wonder why on earth the government would expend the regulatory energy attempting to improve a tool that most people entirely disregard, it is easy to see why these platforms are so accommodating. The agreement changes nothing of substance, and they are empowered as units of official public policy. Companies that trade on data collection will still be free to do whatever they choose with users' data and they will be able to hide behind the shield of legal compliance. The only ones that suffer here are the app developers, who will now be told how and what to program by the government. Harris may think she is helping those who cannot help themselves, but she is mistaken. We are a people who will not help themselves. | |
\ No newline at end of file |
|