New information privacy law articles

From LSN Information Privacy Law Vol. 1 No. 8,  08/05/2008:

Consumer Information Sharing: Where the Sun Still Don’t Shine

CHRIS JAY HOOFNAGLE, University of California, Berkeley – School of Law – Berkeley Center for Law & Technology

In late 2007, the popular social networking site adopted “Beacon,” an application that informs Facebook users’ friends about purchases made and activities on other websites. For example, if a Facebook user bought a movie ticket on, that user’s friends would be informed of that fact through a news “feed” on Facebook. Some users objected vigorously to the Beacon application, because their activities were reported on an opt-out basis, meaning that the user had to take affirmative action to prevent others from learning about their activities. An activism website,, organized a protest, calling users to action by asking, “When you buy a book or movie online – do you want that information automatically shared with the world on Facebook?” Facebook responded to these critiques by changing its policy to obtain express approval before activities on other sites would be shared with friends.

The Facebook folly demonstrates how intensely consumers reject the “sharing” of personal information for marketing purposes. In this instance, consumers learned of Facebook’s strategy because it was transparent and obvious to the individual. But what most do not realize is that, in the absence of a specific law prohibiting information sharing, businesses are generally free to monetize their customer databases by selling, renting, or trading them to others. In fact, the sale of customer information is a common, albeit opaque practice that, if disclosed at all, is usually mentioned in a “privacy policy.” Facebook’s Beacon simply made information sharing obvious to users.

Studies have shown that most consumers oppose the sale of personal information. Unfortunately, most consumers are under the misimpression that a company with a “privacy policy” is barred from selling data. To learn more about information selling, the authors, using a California privacy law, made requests to 86 companies for a disclosure of information sharing practices. The results show that while many companies have voluntarily adopted a policy of not sharing personal information with third parties, many still operate under an opt-out model that is inconsistent with consumer expectations, and others simply did not respond to the request. Based on these results, the authors propose several public policy approaches to bringing business practices in information sharing in line with consumer expectations.


Privacy Protection and the Right to Information: In Search of a New Symbiosis in the Information Age
CYBERLAW, SECURITY & PRIVACY, S.M. Kierkegaard, eds., International Association of IT Lawyers, pp. 201-212, 2007

PIETER KLEVE, Erasmus University Rotterdam (EUR) – Centre for Computers and Law

RICHARD V. DE MULDER, Erasmus University Rotterdam (EUR) – Centre for Computers and Law

JENNIFER KING, Berkeley Center for Law & Technology, University of California, Berkeley – School of Law

The dichotomy between personal privacy and free access to information, which has come increasingly to the fore with the advance of information technology, justifies a reconsideration of these traditional values and interests. In this article, it is contended that privacy, as a constitutional right, is subject to changing norms as a result of the advent of the information society. In today’s information society, citizens weigh the importance of protecting privacy against the advantages of free access to information. The criterion they use is a rational one: an evaluation of which option provides the individual with the most benefit. The protection of privacy is no longer an unconditional good. For state organisations to champion privacy at any cost is, therefore, out of step with this development. A new balance has to be established between the citizen’s right to privacy and their right to know, taking into account this shift in values. In order to prevent on the one hand overzealous protection and, on the other, the abuse of information, it is necessary to set up the monitoring function in a new way.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Connecting to %s