Jerry Kang, Self-Analytic Privacy
Comment by: Susan Freiwald
Published version available here: http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1729332
Workshop draft abstract:
 Recent technological innovations present a new problem in the information privacy space: the privacy of self-analytics. By “self-analytics,” we mean the collection and processing of data by an individual about that individual in order to increase her self-knowledge for diagnostics, self-improvement, and self-awareness. Think Google analytics, but as applied to the self and not to one’s website. In this Article, we describe this new problem space and engage in a transdisciplinary analysis, focusing on the case study of locational traces.
 In undertaking this analysis, we are mindful of what has become the standard script for privacy analyses in the law reviews-(i) identify some new threatening technology; (ii) trot out a parade-of-horribles; (iii) explain why the “market” has not already solved the problem; (iv) recommend some changes in code and law that accord with the author’s values. This script is standard for sensible reasons, but we aim to go farther.
 In particular, we make two theoretical contributions. In addition to defining a new category of personal data called “self-analytics,” we distinguish between micro and macro definitions of privacy-the former focused on individual choice regarding or consent to personal data processing, and the latter using instead a system-wide measure of the “speed” of personal data flow. The macro “system-speed” definition is offered to supplement, not replace, the traditional micro “individual-control” definition. Still, this supplemental conception of information privacy has substantial consequences. Indeed, we go so far as to suggest that the nearly exclusively micro- approach to privacy hasbeen a fundamental privacy error.
 In addition to the theoretical interventions, we aim to concrete in our recommendations. In particular, we provide the design specifications, both technical and legal, of a new intermediary called the “data vault,” which we believe is best suited to solve the privacy problem of self-analytics. As we make this case, we hope to exhibit the values of a genuinely transdisciplinary engagement across law, engineering, computer science, and technology studies when focusing on solving a concrete problem.