Identity theft Today, most information regarding
identity theft incidents is gathered from the victims whose identities are being stolen. As a result, many aspects regarding identity theft are still unknown. This is because of missing data on synthetic identity theft (situations of identity theft where victims aren't aware of the crime), the fact that most victims don't report identity theft to criminal authorities, and the fact that the FBI may decline to investigate identity theft cases due to lack of resources. Because of these issues, Hoofnagle argues that identity theft information should be gathered from financial institutions. As consumers post more on SNSs, the SNSs gather more and more personal information on the consumer. Data can be collected directly by tracking the smartphone owner's posts or storing information from other phone applications on the device. It can also be collected indirectly from information that other people store about the smartphone owner on their own devices. In a study, Hoofnagle discovered that there was a dramatic increase in the use of standard cookies between 2009 and 2011. Hoofnagle argues that CDBs like
ChoicePoint perform law enforcement duties by allowing the police to download collections of information about individuals. He thinks that CDBs should be regulated by the
Privacy Act of 1974 as a result.
Privacy policies Hoofnagle argues that there are limitations to the FTC's privacy policy approach. The Federal Trade Commission (FTC) is the primary consumer protection agency in the United States. Despite the
FTC's commitment to the self-regulation of privacy, Hoofnagle argues that consumers are very concerned about their private information being collected. In "The Federal Trade Commission and Consumer Privacy in the Coming Decade," Hoofnagle and the other authors explain how most Americans believe that a company's privacy policy explains how their information will remain private. However, in reality, privacy policies merely detail how website will use a consumer's private information. Based on their research, the authors conclude that privacy notices alone are insufficient for consumer privacy. To advance privacy, the authors suggest that the FTC make three provisions: police the term “privacy policy,” consult with experts in usability to create privacy-protecting mechanisms, and set benchmarks for self-regulation.
Privacy law Europe The
European Union's
General Data Protection Regulation (GDPR) is the E.U.'s law on data protection. Hoofnagle argues that the GDPR is "the most consequential regulatory development in information policy in a generation." The GDPR applies to situations where "personal data" is "processed," so virtually all actions involving personal data are protected under the GDPR. The GDPR also places significant burden on data controllers (e.g. companies) to ensure the privacy of consumer information. For instance, they must keep records of all their data processing, adopt a data protection policy, and be transparent on their data usage. Exemptions to the regulations of the GDPR are data activity of personal use or national security. Consequences for breaking the rules of the GDPR include sanctions and fines, and Data Protection Authorities are the main enforcers of the GDPR's regulations.
The United States The U.S.'s
Privacy Act of 1974 and
Fair Credit Reporting Act of 1970 (FCRA) are the framework for U.S. privacy law. Hoofnagle argues that these regulations don't adequately protect privacy, as many companies have found loopholes to them. He argues that the problem with the Privacy Act is that it only applies to the federal government and private companies that work for the government. It does not apply to other private companies or data brokers. • Universal notice of when companies collect individuals’ private information • Meaningful consent of consumers when data is collected • Meaningful exercise of consumers’ rights, • Effective individual management of consumer reporting • Accessing personal information that companies store • Greater security of information • Disclosing security breaches • Limiting use of social security numbers • Regulating access to public records • Limiting use of background checks • Regulating private investigators • Limiting government access to business and financial records • Regulating government data mining • Updating the
Privacy Act • Effectively enforcing privacy rights
Europe and U.S. compared One key divergence between the United States and Europe with regard to privacy is how privacy is discussed legally. In the U.S., conceptions of privacy are broadly categorized as "privacy" or "
information privacy" issues. On the other hand, European law distinguishes between information privacy and
data protection. While data protection ensures the due process of data, privacy refers to the right to a private life (e.g. private family life and private home). Additionally, while the GDPR places the burden of the privacy of consumer information on data controllers, U.S. privacy law places this burden on data subjects.
Cybercrime In "Deterring Cybercrime: Focus on Intermediaries,” authors Aniket Kesari, Chris Hoofnagle, and Damon McCoy prove how intermediaries can limit
cybercrime. According to the authors, cybercriminals rely on many intermediaries to commit illegal acts. These include methods of acquiring new customers, web hosting, collecting payments, and the delivery of products. While most of the legal scholarship on cybercrime grants intermediaries’ general immunity from the illegal acts of users, the authors argue that intermediaries should be required to take action against criminal activities of users. The authors list examples of current methods to force intermediaries to take action. An example of a government-led intervention includes domain name seizures. This is authorized by the
PRO-IP Act, giving the federal government the authority to seize a website accused of illegal activity. An example of private companies limiting the harm of cybercriminals includes the eBay Verified Rights Online (VeRO) Program. This program prevents sellers from illegally marketing and selling items.
The tethered economy In "The Tethered Economy" by Chris Hoofnagle, Aniket Kesari, and
Aaron Perzanowski, the authors refer to tethering as the connection and dependence of goods on sellers for their operation. Examples of tethered devices include Google Home, Amazon Alexa, smart kitchen appliances, and other
Internet of things devices. All of these items depend on consumers for their functionality. The benefits of tethering are that tethered products increase trade generativity, may be safer to use, and have the potential for new and personalized functions over time. One harm of tethering includes the fact that manufacturers decide the durability of products through bricking, feature reduction, altering the terms of the bargain. Tethering also presents information risks, since devices are constantly collecting information on consumer behavior. Lastly, tethering reduces choice and competition in the market, raising switching costs that may lock consumers into particular devices or platforms. For example, it may be hard to switch to Microsoft devices once a consumer already owns many Apple devices. The authors present legal interventions that can change the relationship between sellers and buyers and address the tethering of the economy.
Contracts,
tort law, and antitrust and consumer protection laws are all suggested reforms to address consumer problems that arise from tethering; however, the authors argue that no single approach will solve all of the problems discussed in the article. == See also==