from the behold-the-information-fiduciaries dept
Digital privacy and the control of personal data have emerged as two of the main online battlegrounds in recent years, as the flood of Techdirt posts on the subject attests. One of the central questions is how we can use global online services like Facebook and Google without surrendering control of the information we provide them. The US and the EU take contrasting approaches here, both of which have attracted plenty of supporters and detractors.
But what about alternatives: might there be another way to tackle this crucial subject that is effective and reasonably fair to all? Jack M. Balkin and Jonathan Zittrain, respectively professors at the law schools of Yale and Harvard, believe there is. Together, they've written an article that appears in The Atlantic, entitled "A Grand Bargain to Make Tech Companies Trustworthy," while Balkin has published a more rigorous 52-page version for UC Davis Law Review (pdf). Their starting point is the fact that many of the problems encountered with digital privacy have already been solved in the analog world:
Doctors, lawyers, and accountants ... have to keep our secrets and they can't use the information they collect about us against our interests. Because doctors, lawyers, and accountants know so much about us, and because we have to depend on them, the law requires them to act in good faith -- on pain of loss of their license to practice, and a lawsuit by their clients. The law even protects them to various degrees from being compelled to release the private information they have learned.
These are examples of "fiduciaries", "a person or business with an obligation to act in a trustworthy manner in the interest of another." The idea of Balkin and Zittrain is to create a new class of "information fiduciaries" who are similarly permitted to work with our personal data, on the condition that they do not use it against our interests. For example:
Google Maps shouldn't recommend a drive past an IHOP as the "best route" on your way to a meeting from an airport simply because IHOP gave it $20. And if Mark Zuckerberg supports the Democrat in a particular election, Facebook shouldn't be able to use its data analysis to remind its Democratic users that it's election day -- while neglecting to remind, or actively discouraging, people it thinks will vote for Republicans.
That sounds an interesting approach, but the tricky part, of course, is drawing up what exactly the responsibilities of these new information fiduciaries should be -- and what they should get in return. Balkin and Zittrain propose something they dub a "grand bargain". Here's what the online services gathering our data would promise:
They would agree to a set of fair information practices, including security and privacy guarantees, and disclosure of breaches. They would promise not to leverage personal data to unfairly discriminate against or abuse the trust of end users. And they would not sell or distribute consumer information except to those who agreed to similar rules. In return, the federal government would preempt a wide range of state and local laws.
And here's something else that those signing up to this code would get by way of recompense:
Congress could respond with a "Digital Millennium Privacy Act" that offers a parallel trade-off to that of the DMCA: accept the federal government's rules of fair dealing and gain a safe harbor from uncertain legal liability, or stand pat with the status quo.
In other words, alongside the DMCA, a new DMPA. So what do Techdirt readers think: is that a bargain you'd accept?