Book Description
Individuals consistently express significant privacy concerns related to their social, consumptive, and commercial interactions with third parties, as well as a specific intent to act on those concerns by refusing to disclose personal information. This is particularly true in the online environment. Yet in practice we readily provide our personal information with what appears to be little regard for the risks of doing so and for little of value in return. This phenomenon, commonly referred to as the privacy paradox, points to the inconsistency between individuals' asserted intentions and their actual disclosure behavior. Although it is a well-established concept in many fields of the social sciences, legal scholarship has generally failed to engage the privacy paradox in any meaningful way. This failure diminishes the impact of legal scholarship in the formation of privacy policy while elevating the role of fields traditionally less concerned with the core privacy values of personhood, autonomy, and control - inter alia, economics, contract law, marketing theory, and computer science. The emergence of social network sites only deepens the paradox, intensifying the rate and depth of disclosure, and further marginalizing legal scholarship that fails to seriously consider its role in the development of privacy policy. Focusing on this final point, the goal of this essay is to describe both the current market in personal information and the privacy paradox as a product of market distortion. It then identifies two unique phenomena that modify the conditions of the privacy paradox by creating new and powerful distortions in the market, intensifying the rate and depth of personal data disclosure. The first is a transformation in social organization that is driving individuals to join social network sites and to disclose a great deal of personal information on and to those networks. The second is an alteration of the basic structure of the information exchange agreement that permits social network sites to recede into the background as third-party beneficiaries of personal information in social exchange. The essay then addresses the necessity to account for the effect of these phenomena in the formation of privacy policy by briefly addressing various proposals for regulating the collection, storage, use and transfer of personal information. It argues that many of these proposals are misguided, either because they under-protect personal information by failing to adequately address the problems of valuation and consent, or over-protect by failing to adequately preserve functionality in socially-valuable communications platforms. Finally, the essay attempts to briefly conceptualize the broad outline of more a workable solution that, rather than reforming the current notice-and-choice system of privacy protection, is guided by user expectations in imposing minimal restraints on the margins of data collection, storage, use, and transfer practices. Although imposing certain boundaries on the scope of consent, significant space would remain for the negotiation and development of social norms around privacy practices.