Informational Privacy, Privacy
Law, Consent, and Norms
Richard Warner
Why Privacy and Security?
 What is the connection between privacy and
security?
 Online security is essentially a matter of
preventing unauthorized access to
information while ensuring authorized access.
 What how should we distinguished between
authorized and unauthorized access?
Privacy and Security
 To answer, we need to know what should be
private.
 Consider health information. What
information should be secured against
unauthorized access, and how secure should
it be?
Three Types of Privacy
 Spatial rights define a physical zone of
control over intrusions by others.
 Decisional rights protect an individual’s
freedom of choice.
 Informational rights demarcate an ability to
determine what others know about us and
what they do with that knowledge.
Informational Privacy
 Informational privacy is a matter of control.
 It is “the claim of individuals, groups, or
institutions to determine for themselves
when, how, and to what extent information
about them is communicated to others”[1]
and for what purpose others use that
information.
Alan Westin, Privacy and Freedom 7 (1967).
Loss of Control
 The degree of control we once enjoyed has
vanished.
 Advances in information processing
technology now give others considerable
power to determine when personal
information is collected, how it is used, and to
who distributed.
Direct Marketing Example
 “One can reasonably expect to purchase a listing of
five thousand women who are both public
employees and wear sexy underwear; or business
owners who espouse far-right political causes; or
registered Republicans who are purchasers of
pornography—or . . . of pornography with S-M
themes. . . . The guest list information from a hotel
frequented by lesbians . . . [and lists of] women who
buy wigs; callers to a romance telephone service;
impotent middle-aged men; gamblers; buyers of hair
removal products; male buyers of fashion
underwear; believers in the feminist political
movement, anti-gay movement, and prayer in the
public schools.”
Direct Marketing
 Direct mail marketing now “returns $10 in
sales for every $1 in costs—a ratio double
that for a television advertisement.”
 Direct marketing now accounts for just over
half of all advertising expenditures.
Categories
 It is convenient to divide activities affecting
informational privacy in to three categories:
Activities affecting informational privacy
Collection
Processing
Distribution
Privacy in the Past
 In the recent past, our ability to process
information was relatively limited.
 Consequently, what each of us thought ought
to be private could, through our own efforts,
be kept private to a considerable extent.
 Consequently, privacy law focused primarily
on distribution and, to some extent, on
collection.
The Common Law Torts
 The common law privacy torts reflect this
background. Only one tort is concerned with
collection:
Intrusion into seclusion.
 The other three distribution:
Public disclosure of private facts,
False light,
Misappropriation of a name or likeness.
 Misappropriation protects one’s financial interest in one’s
name or likeness, so the first two really concern the
disclosure of information.
Unreasonable Intrusion Into Seclusion
 Intentional intrusion on the seclusion of
another
 Highly offensive to a reasonable person
 Remsburg v. Docusearch
 Do I have an expectation of privacy in my

Work address? Social security number?
 Where do I have a reasonable expectation of
privacy?
 Subjective expectation required?
Appropriation Of Likeness Or Name
 Interfere with the “interest of the individual in
the exclusive use of his own identity, in so
far as it is represented by his name or
likeness.”
 See Restatement (Second) of Torts § 652C,
Comment a (1977)
 Absence of permission
 Topheavy Studios v. Jane Doe
 Financial advantage
 No significant newsworthiness
 Restatement (Second) Torts §652(C)
Unreasonable Publicity Of Private Facts
 Publicity of private facts about an individual
 Which is highly offensive to a reasonable
person, and
 No newsworthiness.
 Social value
 Voluntary or involuntary public figure?
 Involuntary: substantial nexus between
published matters and public interest in those
matters
Public placing in false light
 Use of a name or identifying information,
 Which would lead a reasonable person to
believe falsely that the individual has been
engaged in criminal or morally reprehensible
conduct.
Daniel Solove
 “Theorists have proclaimed the value of
privacy to be protecting intimacy, friendship,
individuality, human relationships, autonomy,
freedom, self-development, creativity,
independence, imagination, counterculture,
eccentricity, creativity, thought, democracy,
reputation, and psychological well-being.”
Privacy Harms
 Horror stories
Increased risk of bad outcomes
 Solove, Bartow
 Cumulative information overload
 Changes in the balance of power
May be commercial or non-commercial
 Concentration of power leads to abuse
 Social inequities
 Chilling effect
Fermat’s Last Theorem example (Andrew Wiles)
Impact on the development of the self.
Two Claims
 Technology has enabled ever-increasing
mass surveillance—constant surveillance of
almost everyone over a wide range of
activities.
The goal is discrimination.
 Governmental: to determine eligibility;
entitlement; law-abidingness.
 Private: to profit: credit worthiness; insurance;
direct marketing; price discrimination.
James Rule on Information Processing
 “A distinctive and sociologically crucial
quality: they not only collect and record
details of personal information; they are also
organized to provide bases for action toward
the people concerned. Systematically
harvested personal information, in other
words, furnishes bases for institutions to
determine what treatment to mete out to each
individual.”
Dwyer v. American Express
 American Express analyzed the purchases of
its cardholders to divide them into
 “six tiers based on spending habits and then
rent this information to . . . merchants . . .
[D]efendants analyze where they shop and
how much they spend, and also consider
behavioral characteristics and spending
histories. Defendants . . . create a list of
cardholders who would most likely shop in a
particular store and rent that list to the
merchant.”
Collection
Trespass
Processing
Distribution
Intrusion on
seclusion
Contract
Disclosure of
sensitive
information
Public
Misappropriation
disclosure
of private.
facts
False
light
Consent Requirements
 Why not require businesses to present consumers
with relevant information in an understandable
fashion and secure an affirmative act of agreement
to proceeding with the transaction?
 I assume that consumers will obtain this information
primarily by reading privacy policies and contracts
governing sales of goods or the provision of
services, where the latter includes terms of use
agreements governing the use of web sites. I will
call these collectively, privacy notices.
Unread Privacy Notices
 “Judging by behavior in the marketplace,
most consumers have better things to do with
their time than read privacy notices . . .
[P]rocessing privacy notices is a cost that
most consumers apparently do not believe is
worth incurring. The perceived benefits are
simply too low.”
J. Howard Beales, III & Timothy J. Muris, Choice
or Consequences: Protecting Privacy in
Commercial Information, 75 U. of Chi. L. Rev. 109
– 110 (2008).
Informed Consent Is Impossible
 Even if they did read and understand privacy
notices, consumers would not obtain all the
information necessary to give informed
consent.
 The data aggregation problem.
The Approach Would Have Bad Results
 Suppose consumers could obtain and
understand all the relevant information.
 The resulting overall pattern of consent would
determine a tradeoff between privacy and
competing concerns.
Is there any reason to think that the tradeoff
will result in the socially optimal balance
between informational privacy and competing
concerns?
No Socially Optimal Outcome
 There would be if:
(1) the giving or withhold of consent signaled
consumers’ preferences with regard to consent to
sellers;
(2) sellers responded to these signals by altering
their offerings to reflect these values;
(3) buyers responded by preferring products and
services consistent with their preference about
consent to those not consistent;
(4) this feedback mechanism yielded the socially
optimal allocation of information.
Non-Optimal Results
 But even if (1) – (3) are true, there is no
reason to think (4) is.
 The telephone book example.
Informational Norms
 Informational norms are social norms that constrain
the collection, use, and distribution of personal
information.
 Informational norms explain why, for example, you
expect your pharmacist to inquire about drugs you
are taking (to prevent harmful drug interactions), but
not whether you are happy in your marriage.
 Such norm-governed exchanges not only implement
acceptable tradeoffs between informational privacy
and competing goals, they also ensure consumers
give free and informed consent to those tradeoffs.