Web2.0 2007: Privacy and User Generated content

April 16 , 2007

Once upon a time

Lauren Gelman, , Stamford Law School, Lawyer, Social world the way we live. Law and society and technology and how those two interact. I teach a school on law technology and privacy.
What kind of society do we create when there is more information is available? There is a particular buckets of things to be thinking about. One is the general use for one company and then gets used by another one for a completely different use. They will connect me with people in another place. I want to give this company this information tracking me but that could be interesting and useful whether is for govt or other companies to tell you where the closest Starbucks is. Is it privacy for one company or the secondary one is how the information is transferred past.

The permanence of the data?

I want my law students all to blog. Engage professionals in things they are interested in. The benefits of web 2.0. On-line and offline identity? How are we combining technology and develop separate identity on-line and offline, distinct from their real life.

Massive Societal Change

What we do is influenced by who else knows what we’re doing.
Eliminates opportunity to experiment while young. Should companies think about that? Since kids aren’t concerned yet about downstream affects in their life?
Loss of control (who owns transitional data)

The Law

  • Constitutional “expectation of privacy”
  • Statutory-"silo approach” treats different kinds of information differently: medical (HIPPA), financial (GLB), video(VPPA), cable(Cable Act).
    If you are in a business collecting data and you can be a target. You want to extend it into the architecture of your systems to enable you to be in compliance with these rules. This silo is different than in Europe. European directive that governs it more generally.If you are doing this overseas you have to comply whether it is in Europe or Asia.
  • Policy-privacy and other policies: DMCA notice and take down, CDA limitations on liability.

Top level privacy questions

What info do you collect? Is it PII, how long is it held for?
Who do you share it with and under what circumstances?
do you augment this info with data from other sources?
What internal protections do you have to prevent disclosures?

Think about these things early!

What does the user want?
What do your partners “really” need?
What might third parties come looking for?

Privacy policy generator

A project she’s working on now.  An internet based application. Features: Enables web companies to create privacy policies. Informs user about requirements. Gives background about the privacy landscape.

Part of a joint project

Generator for: terms of service, privacy polices
Participants: David Hornik, August capital
Cyberlaw Clinic at Stanford Law School
Berkman Center at Harvard Law School

Chicken and Egg problem…
Previous initiatives
P3P

Improvements

informed choice: educational explanations, explanations of the provisions which maybe chosen
graphical tags: creative commons model, technical architecture, EFF approved

Potential

Useful tools to reduce repetitive work
Educational benefit

Conclusion

There is a lot of good in this space, coupled with both positive and negative externalities.
Who is the party best able to address them?
Governments?
Lawyers?
Technologies?
Innovators?

You want your users to have a good experience. Even at the privacy level. There is no magic bullet. It is a thought experiment in a company.

Writing privacy policies understandable. The silicon muni wireless a model privacy policy. My mom should be able to know what is going to be done with her information.Go check it out to see where the info is. (sidebar: I think this is it.. the Muni wireless privacy policy she was referring to.

About

I'm living in San Francisco, Ca and partnered with the guys at Nclud. Constantly, trying to learn new things, and on the way I get to meet some amazing people with my camera by my side. XOXO!

on Flickr