Page 24 - FIGI - Big data, machine learning, consumer protection and privacy
P. 24
ters that are often beyond their comprehension, the transparency and consumer control, and thus also
manner by which consent is solicited on a binary to make data more freely available due to increased
take-it-or-leave-it basis accentuates the problem. trust. Instead of binary consent decisions whereby
96
consumers either grant access to all of their data or
Privacy in context they cannot enjoy the service, there may be ways to
Some have suggested that one approach is to recog- allow graduated consent according to preferences
nise that privacy is generally very context-specific, for sharing and storing personal data.
relating to the expectations that a person would Making this possible on a large scale may require
reasonably have in light of the nature of the situation use of algorithmic tools acting as an agent, guard-
97
or transaction. An individual might expect high levels ian or fiduciary – “algorithmic angels” – on behalf of
98
of privacy (confidential treatment) when dealing the consumer. Some have suggested that providers
with medical, financial or other personal matters, but of such personal data management services could
be quite relaxed about being overheard in a public inform and educate individual consumers and “nego-
square, or being offered assistance in searching for tiate” on their behalf, suggesting how requested data
products in a shop. One might have different expec- could be combined with other previously provided
tations regarding privacy when carrying out research data, inform the consumer if data is being used in
depending on the context, including the subject a manner that was not authorised, or make recom-
matter or purpose of the research. Similarly, whether mendations to the consumer based on their profile.
99
one might expect to be able to enjoy entertainment Such a process could even involve setting terms for
in private may depend on the nature of the content. the sharing of data, including payment to the con-
It has been suggested, therefore, that “contexts, sumer, or retraction of previously granted consent if
not political economy, should determine constraints the conditions of such consent were breached. 100
on the flow of information,” so that privacy protec- There appears to be a genuine commercial oppor-
tions online should be aligned with such expecta- tunity for investment and innovation to improve man-
tions. This might mean tighter restrictions on col- agement of such consumer consent. Firms like Sudo
92
100
lection, use and sharing of personal data in some allow consumers to make easy use of a pseudonym
situations even if notice and consent are provided. for a variety of digital interactions, from telephone
The Consumer Privacy Bill of Rights proposed by calls to e-commerce and online dating. Apple plans
President Obama’s White House in 2012 sought to to introduce an anonymous sign-in facility for mobile
93
take this approach, adopting as its third principle, apps using randomly generated email addresses as
“Respect for Context,” which was explained as the an alternative to apps that offer sign-ups through
expectation that “companies will collect, use, and dis- third-party social media accounts like Facebook in
close personal data in ways that are consistent with order to reduce dependency on providers that track
the context in which consumers provide the data.” 94 users and sell ads based on their habits. 101
To the extent that user consent continues to be Related ideas involve the consumer generally
viewed as a legitimate basis for collecting and using having greater control over their data. For instance,
data, improvements may be made to the means by India’s “Digital Locker,” which is part of the India
which consent is obtained. In addition to improving Stack, enables individuals to have greater control
the plain language of notifications, such improve- over who may access their data, including creating an
ments may include using tiered consent which dif- auditable record of when their records are accessed.
ferentiates between types of data according to the Other ideas include conceiving of a property right
types of purpose for which it may be used or which of ownership over personal data, although this has
types of organisation may use it. Sunset clauses for approach not yet gathered steam.
consent to expire may also be appropriate. 95 All of these suggestions aim to enhance consum-
er control over personal data, reducing the currently
Technologies of consent management prevailing asymmetries. There may even be benefits
Efforts are also being made to develop technologies to the quality of data that is gathered as a result.
and services to manage consent better. This relies on Some have suggested that allowing individuals to
using forms of digital rights management, attaching set their preferred level of anonymity when respond-
permissions to personal data, and enabling auto- ing to requests for data gathering (e.g., for post-pur-
mated negotiations between individuals and those chase consumer feedback or in health surveys) may
who receive their data concerning its collection, improve the reliability of data submitted. 102
use and sharing. Such approaches seek to improve
22 Big data, machine learning, consumer protection and privacy