On Fri, 2021-12-17 at 15:21 -0500, John Levine via mailop wrote:
> They don't seem very good at recognizing that at the other end
> of each e-mail there is a person, and that person will be affected.

can you blame them? most ordinary people deal >95% of the time with <5%
of the websites in the world, and those happen to be the one that have
automated customer service.

Discerning a legal demand (as GDPR/CCPA should be understood) from a
regular customer service email is also not immediately clear to lay
people who are probably not familiar with the obligations and sanctions
provided in the law.

Based on the conversation with the researchers so far, I suspect that
they disingenously represented to the IRB their data collection
practice so as not to alert the IRB that humans would be affected.  I
also suspect that the IRB process is biased in favour of approving
research, as this is the interest of the university.  How long has it
taken for animal rights activists to achieve representation at IRBs of
the interest of animals?  The same will have to happen for IT users,
because the researchers, who were the ones best placed in the process
to alert the IRB that person will be affected, had absolutely no
interest to do so; and in a common law tradition and in an adversarial,
litigious society such as the US are not obligated and should not
expected to.

Their FAQ is up at <https://privacystudy.cs.princeton.edu/> and it all
looks like a lawyers-approved shield to try to justify what they have
done.  They know they have pushed too far.  The question is whether
they will learn from this and whether the learning will flow into a
fairer IRB.  I will follow up with Jonathan.

--
Yuval Levy, JD, MBA, CFA
Ontario-licensed lawyer

_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Reply via email to