1 / 7

Problems with Notice and Consent?

Explore issues with notice and consent in data privacy, including costs, confusion, and loopholes. Learn about better control models and the concept of Contextual Integrity.

ijensen
Télécharger la présentation

Problems with Notice and Consent?

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Problems with Notice and Consent? Helen Nissenbaum, NYU INCO-TRUST Workshop, May 3-5 2010 Work supported by: NSF ITR-0331542: Sensitive Information in a Wired World (PORTIA) NSF CT-M: Privacy, Compliance, and Information Risk CNS-0831124 & AFSOR: ONR BAA 07-036 (MURI)

  2. 1973: HEW Code of Fair Information Practices 1980: OECD Guidelines 1995: EU Data Directive Principles 1998: FTC Privacy Principles Elements: Transparency, notice, purpose and use specification, choice, access, integrity, security, proportionality, enforcement, redress

  3. Problems Consent: Costly in time and resources Confusing cross-national requirements Opt-in or Opt-out? Soft coercion Notice: Abstruse Yawning loopholes Time-consuming Fickle People don’t read them

  4. Solutions? Better models of control Substantive requirements

  5. Contextual Integrity:Context-relative Informational Norms = Rules within contexts that prescribe the flow of personal information according to three key parameters: Actors (Sender:Recipient:Subject) Information types Transmission principles All parameters must be specified!

  6. CRIN expressed in Linear Temporal Logic From: A. Barth, A. Datta, J. Mitchell, and H. Nissenbaum, (2006) “Privacy and Contextual Integrity: Framework and Applications,” Proceedings of the IEEE Symposium on Security and Privacy.

  7. A customer’s address held by a merchant may be shared with a shipping company andwith no other party.

More Related