-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
On 12/18/13 10:15 AM, Nat Sakimura wrote: > Indeed the context matters especially as the consent is only given > in a context. There are a lot of contexts where consent is problematic to obtain, where people simply click right through informed consent prompts, and/or where obtaining consent is directly against the public interest (e.g., public health monitoring of disease would not work very well if folks could opt-out of such data sharing). I say this because this is a big difference between the US and EU views on privacy regulation, with the EU favoring explicit, informed consent pretty heavily. I think the US view is less coherent, but would probably be characterized as "consent or opt-in is required for especially sensitive contexts, demographics, and data types". Nissenbaum's book talks at length about how consent is increasingly outdated and ineffective and shifting the obligation to "respect context" on the data management side has many benefits, but is quite hard to police/enforce. best, Joe > Also actors are very important since even "identification" has to > do with the observer and the domain. (Otherwise, we would not have > a notion such as "partially anonymous, partially unlink-able". ) > Also, issues around generated/inferred attributes are important. > Acquired attributes + auxiliary knowledge may generate additional > attributes. This is often captured as "use" or "acquisition" and > implicit but is worth making note. > > Nat > > > > 2013/12/19 Joseph Lorenzo Hall <[email protected] <mailto:[email protected]>> > > > > On 12/18/13 8:17 AM, S Moonesamy wrote: >>> >>> I suppose, to avoid confusion, it probably is better to use >>> the definition portion of it instead of the defined word in >>> the usual conversation. > >> There has been some discussion on other IETF mailing lists about >> the definition of the word "privacy". Warren and Brandeis are >> often cited in a U.S context. The "right of personal immunity" >> is broader than privacy. > >> Within an IETF context it might be a problem if the "right to be >> let alone" is used. In my opinion a right is guaranteed by law >> and that doesn't fit in with what the IETF does. > > Many of us from academia (in my case, having recently jumped ship > for civil society) that study privacy are more persuaded by Helen > Nissenbaum's notion of privacy as "contextual integrity". Here's > the skiny in shorter-than-book-length form: > > "I give an account of privacy in terms of expected flows of > personal information, modeled with the construct of > context-relative informational norms. The key parameters of > informational norms are actors (subject, sender, recipient), > attributes (types of information), and transmission principles > (constraints under which information flows). Generally, when the > flow of information adheres to entrenched norms, all is well; > violations of these norms, however, often result in protest and > complaint. In a health care context, for example, patients expect > their physicians to keep personal medical information con½dential, > yet they accept that it might be shared with specialists as needed. > Patients’ expectations would be breached and they would likely be > shocked and dismayed if they learned that their physicians had sold > the information to a marketing company. In this event, we would say > that informational norms for the health care context had been > violated." [1] > > Much of the scholarship these days in privacy thinking is > increasingly based on this kind of contextual definition of privacy > (and in the U.S., at least, the Obama administration embraced this > in a recasting of fair information principles in their Consumer > Privacy Bill of Rights). > > At CDT, we argue that "abuse" or "harm" is an anemic framing, and > that there are important privacy interests implicated after > information has been fixed and collected but before any use has > been made. See Brookman and Hans [2], if you're interested in > reading more. > > [1]: > http://www.amacad.org/publications/daedalus/11_fall_nissenbaum.pdf > [2]: > http://www.futureofprivacy.org/wp-content/uploads/Brookman-Why-Collection-Matters.pdf > > > > _______________________________________________ ietf-privacy > mailing list [email protected] <mailto:[email protected]> > https://www.ietf.org/mailman/listinfo/ietf-privacy > > > > > -- Nat Sakimura (=nat) Chairman, OpenID Foundation > http://nat.sakimura.org/ @_nat_en - -- Joseph Lorenzo Hall Chief Technologist Center for Democracy & Technology 1634 I ST NW STE 1100 Washington DC 20006-4011 (p) 202-407-8825 (f) 202-637-0968 [email protected] PGP: https://josephhall.org/gpg-key fingerprint: 3CA2 8D7B 9F6D DBD3 4B10 1607 5F86 6987 40A9 A871 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (Darwin) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJSsb2cAAoJEF+GaYdAqahxVccQAL0TfywfHMna0kGRyuSoH7lz GIgrBgh2vA195IijqFzKjKv0bZ4YAGOPksjwuUWnumSHgiqbtArOk3t664NH6hlO M6IV7dAc31f4wVFU05Fn+bhU0wEFLsMR49hdyu5GbqRPEWQIG9TA9Rzk0xo3LF+f w++6wEl/LZ29j4xfe9+W7omoPKxZDELpVY0xgkFpMHlm0l0RbaP0kRgxfVBSExcg LQiIsDeibjMPQ1sP4KK3570bvX1aaUCSBKr56yj51Rxp8F2JhnWmQxEX4nHK4ruW fBfzQ35uQHxOoCtVXhsr2j6LPtjBNwNbsschL9jSRTDGE1Gr9E9NVPTN8fDD2OP5 DhlV7DC3slSEyPIRUB2V6RLAch25s5mmUs3wCQI4WZyLHBUg/tWVx9sTpJEEG6ht Z5Gqg4SJU4xwHgshJLmX+Pjwn+MC0xxCGLpOdsVegejUbRWneDt+7kEeHz8sgFsU zYTKGFs6HplaAhnh4ktZTzFf67jyBT48J6+aR8Wn8yk8IVEJ4dXuRTxg3XdhyJHu M2iTU/9huz/PNpnkl88ZdwM5jkFxLgJFbKxTUEngmv553iqwUWqo9QZRg3geY1Cx dsAX3ATgULRVjgkNxmwa/Ut2ZhQY/QlI5ztkTyB9Hl75F1CysK5+VyPhb6mSMNGR g9kLuDVBrTF6+2rxeQ2C =FeRd -----END PGP SIGNATURE----- _______________________________________________ ietf-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/ietf-privacy
