Jerry Kang, Self-Analytic Privacy

Jerry Kang, Self-Analytic Privacy

Comment by: Susan Freiwald

PLSC 2009

Published version available here:

Workshop draft abstract:

[1]        Recent technological innovations present a new problem in the information privacy space:  the privacy of self-analytics.   By “self-analytics,” we mean the collection and processing of data by an individual about that individual in order to increase her self-knowledge for diagnostics, self-improvement, and self-awareness.   Think Google analytics, but as applied to the self and not to one’s website.  In this Article, we describe this new problem space and engage in a transdisciplinary analysis, focusing on the case study of locational traces.

[2]        In undertaking this analysis, we are mindful of what has become the standard script for privacy analyses in the law reviews-(i) identify some new threatening technology; (ii) trot out a parade-of-horribles; (iii) explain why the “market” has not already solved the problem; (iv) recommend some changes in code and law that accord with the author’s values.  This script is standard for sensible reasons, but we aim to go farther.

[3]        In particular, we make two theoretical contributions.  In addition to defining a new category of personal data called “self-analytics,” we distinguish between micro and macro definitions of privacy-the former focused on individual choice regarding or consent to personal data processing, and the latter using instead a system-wide measure of the “speed” of personal data flow.   The macro “system-speed” definition is offered to supplement, not replace, the traditional micro “individual-control” definition.  Still, this supplemental conception of information privacy has substantial consequences.  Indeed, we go so far as to suggest that the nearly exclusively micro- approach to privacy hasbeen a fundamental privacy error.

[4]        In addition to the theoretical interventions, we aim to concrete in our recommendations.  In particular, we provide the design specifications, both technical and legal, of a new intermediary called the “data vault,” which we believe is best suited to solve the privacy problem of self-analytics.   As we make this case, we hope to exhibit the values of a genuinely transdisciplinary engagement across law, engineering, computer science, and technology studies when focusing on solving a concrete problem.