In Doyle and Veranas’ article on public anonymity, they give an example of a woman who goes about her day and, in a digital era, has every step of her journey recorded and then that record stored or shared. She can hardly step out of her house without some part of her electronic signature pinging on some kind of radar, or her image getting captured by some manner of camera. In an analog era, she didn’t have a reasonable expectation of privacy about her behavior in public, but “much of her privacy was more or less sustained by the vagaries of memory and the scant and scattered records of her activities.”
Put simply, before the spread of GPS, LPRT, CCTV, and the rise of “cheap storage and extensive networking,” the only people who knew where you’d been during the day were the other people who were also at those places at the same time. The only people who could take notes about your ‘browsing habits’ would have to physically follow you around while you did your shopping.
This just isn’t the case any more. It’s so easy to track your online behavior and actions, it’s trivial. When I look up gardening supplies on Amazon I get emails about garden supply sales and coupons from Target, Overstock, and a half dozen other companies within the next 24 hours.
Someone at Amazon is walking around behind me while I browse and taking notes. Better yet, they’re selling their notes to third parties.
But that’s not illegal, is it? And should it be?
Ownership of Your ‘Likeness’
Let’s think about photography for a moment.
In an article written for Lifehacker, Thorin Klosowski summarizes your photography rights as, generally, if you’re in public and you can see it, you can shoot it. Standing in a public park and taking a picture of something or someone else who is also in that public park? No problem. It gets more complicated when you’re dealing with things like telephoto lenses, or if you’re standing in a public space but shooting a subject that’s on private property. But he thinks it’s a good enough rule of thumb to repeat it twice. “If you can see it, you can shoot it.”
When you go to sell or publish your photographs, however, the situation changes. Klosowski puts it plainly: “You can’t use someone’s likeness for commercial purposes without their express permission.”
According to the Digital Media Law Project, a plaintiff has to establish ‘use of a protected attribute’ if they want to claim unauthorized use of their name or likeness. A protect attribute can be your name, a picture of you, but it can also be other things by which you can be identified. Your voice, for example.
I can’t be identified by my shopping habits alone– or at least, I don’t think I can? Lots of people shop almost exclusively at Target– but a full load-out of my digital signature, with my social media account profiles, my browsing history, and my media consumption?
Right now that’s “data.” Maybe there’s a point where enough data constitutes a “likeness,” but we don’t have a legal framework for that yet.
When I click agree on the terms of service for some new app, am I giving my ‘express permission’? Even when the writer of the ToS knows full well that I did not read the agreement and even if I had, I wouldn’t know what it meant?
At this point it’s easier to envision ToS agreements as something you’re nearly tricked into signing, where the full text is obscured past the point of legibility, than as authentic agreements.
Of course, “I didn’t read it” or “I didn’t know I had agreed to that” or “What? That’s a law?” has never been a viable defense in court, but arguably contracts have never been as opaque as they are now.
That said, when you use an online service like Facebook or Instagram, they’re not under any obligation to just freely provide their server space and interface and app updates. Their ToS protects them and outlines what the trade off is for using their service. The user gets a social network, or a dating app, or an online marketplace. The provider gets data.
Get to the point, Natalie
I don’t think it’s a realistic option to just say, “From now on, it’s illegal to gather data about users of online services and share that data with 3rd parties.”
That data-gathering is how companies like Twitter and Snapchat make enough money to keep their servers online. Take away that revenue stream and they shut down. The users aren’t going to be happy, and those users are also the same constituents that would have to vote for an incumbent politician who let the very unpopular ‘criminalize data gathering’ law get passed.
But I also don’t think it’s realistic to let things go on as they are without intervening. Right now employers can already make use of your online behavioral data when deciding if they want to hire you, through comprehensive background checks. What happens when some kind of social background score starts factoring into things like bank loans? And even having a friend with subversive political opinions can drag down your social credit score? Oh wait we ARE in that timeline.
We’ve had a solution floating around for a decade or more. Corey A. Ciocchetti called it, “A Privacy Nutrition Label” in 2008. He explains in the same article how companies grew fearful of lawsuits about ‘misleading’ privacy statements, and chose to either operate without one or fill theirs with legalese and loopholes to protect themselves. Better that than a clear and concise policy that they can’t deliver on or that gets misinterpreted.
But readability is king online. We need something visually unambiguous, easy to understand, and conspicuous on a website. A privacy nutrition label with fair information practices. Even before we get to regulating how long data can be stored or who it can be disseminated to, we should get companies and websites to first and foremost admit what data they’re collecting and how it’s being used.