Kashmir Hill Has It Right…
…on the Google privacy policy change.
The idea that people should be able to opt out of a company’s privacy policy strikes me as ludicrous.
Plus she embeds a valuable discussion among her Xtranormal friends. Highlight:
“Well, members of Congress don’t send angry letters about privacy issues very often.”
“Oh, well, actually, they do.”
Read the whole thing. Watch the whole thing. And, if you actually care, take some initiative to protect your privacy from Google, a thing you are well-empowered to do by the browser and computer you are using to view this post.
Online Privacy and the Commerce Clause
I fear that with the PATRIOT Act on the brain, I’ve been remiss in continuing the colloquy on behavioral ads and privacy regulation that I’d been having with Jim Harper—who flattered me by responding in a long and thoughtful essay a couple weeks back. Because there’s so much interesting stuff there, I hope he won’t mind if I restrict myself to the first part of his reply here, in the interest of making this all a bit more digestible to those whose fascination with the topic may not be quite as consuming as ours. I’ll consider briefly the constitutional issue Jim raises, and turn to some of the specifics of the issue—and the relative merits of the common law alternative—in another post.
So like every good dorm room bull session, we begin in the weeds of policy and quickly find ourselves breathing the rarefied air of constitutional theory. Supposing for the moment that we thought it were a good idea on policy grounds, would it be within the power of Congress to set ground rules for online advertisers who gather personal data from Web browsers? Recall that there are two particular rules that I’ve said I’d be tentatively open to, but which Jim rejects: a requirement of notice when information is being collected (say via a small link from the adspace to a privacy policy) and a rule establishing that privacy policies are enforceable, so that individual users can sue for damages if a company knowingly violates its stated policy (thus far, courts have not generally found these to be binding). Does this fall within the power to “regulate commerce … among the several states”? I think so. I’ll start with what I hope will be some uncontroversial arguments and go from there.
Online Privacy and Regulation by Default
My colleague Jim Harper and I have been having a friendly internal argument about Internet privacy regulation that strikes me as having potential implications for other contexts, so I thought I might as well pick it up here in case it’s of interest to anyone else. Unsurprisingly, neither of us are particularly sanguine about elaborate regulatory schemes—and I’m sympathetic to the general tenor of his recent post on the topic. But unlike Jim, as I recently wrote here, I can think of two rules that might be appropriate: A notice requirement that says third-party trackers must provide a link to an ordinary-language explanation of what information is being collected, and for what purpose, combined with a clear rule making those stated privacy policies enforceable in court. Jim regards this as paternalistic meddling with online markets; I regard it as establishing the conditions for the smooth functioning of a market. What do those differences come down to?
Cato on Facebook
Cato on Twitter
Cato on Google+
Cato on YouTube
