Non-U.S. View of Workplace Privacy

In the typical U.S. workplace the employer owns the computer network, which it supplies to employees exclusively or primarily for work-related purposes. Employees generally receive little privacy protection in their workplace email and Internet activity. This article from The Privacy Advisor discusses a recent decision by the Israeli National Labor Court that expands employee privacy in the workplace and establishes a nuanced framework to guide future cases. The article’s author says the decision demonstrates “a general trend of increased sensitivity by the courts outside the U.S. to e-mail privacy.” The decision obviously does not bind any U.S. court, but it does provide a lens through which to evaluate our blunt-instrument approach to these issues.

While not long the article’s description of the National Labor Court decision contains too much information to describe here in detail. Briefly, the decision defines four different types of employee mailboxes and establishes monitoring and reviewing rules for each: “‘professional mailbox[es]’  . . . provided by employers for professional purposes only,” “‘mixed mailbox[es]’ . . . provided by the employer for both professional and personal purposes, ” “employer-provided personal mailbox[es],” and “employees’ private mailbox[es].”  Employers must inform employees of their limited rights to use professional mailboxes and employers right to monitor such mailboxes, must obtain employees’ general consent to monitor such mailboxes, and yet “is nevertheless prevented from reviewing [professional mailboxes’] content without the employee’s specific consent,” even though “the employee is not authorized to engage in [personal] correspondence.” In contrast, U.S. law does not constrain employers’ rights to review the contents of such professional mailboxes. The decision imposes greater restrictions on employers’ power to monitor and review the contents of the other types of mailboxes, ending here: ‘[m]onitoring of [] private mailbox[es] by the employer is prohibited without a court order.”

We will see whether U.S. courts join this general trend.

If You Are Totally Shameless You Have Nothing To Be Ashamed Of

Last week in privacy law we discussed Daniel J. Solove’s excellent article “Why Privacy Matters Even If You Have ‘Nothing to Hide.'” Solove addresses the tension between government security-related policies and practices and privacy rights, a tension many resolve by saying “I don’t care if the government listens to my calls/reads my email/attaches a GPS to my car because I have done nothing wrong, have nothing to be ashamed of, and therefor have nothing to hide.” Such a position equates privacy with secrecy, and nothing more. Solove’s point is that privacy

is too complex a concept to be reduced to a singular essence. It is a plurality of different things that do not share any one element but nevertheless bear a resemblance to one another. For example, privacy can be invaded by the disclosure of your deepest secrets. It might also be invaded if you’re watched by a peeping Tom, even if no secrets are ever revealed. With the disclosure of secrets, the harm is that your concealed information is spread to others. With the peeping Tom, the harm is that you’re being watched. You’d probably find that creepy regardless of whether the peeper finds out anything sensitive or discloses any information to others.

Solove goes on to discuss other privacy-related harms that can occur from government information-gathering programs and concludes that we should conceive of privacy as concept that embraces many interests, not secrecy alone.

The article by Cindy Gallop titled “Should we do away with privacy?” presents the “I’ve got nothing to hide perspective” so extremely that on first reading I thought it a parody:

If you identify exactly who you are and what you stand for, what you believe in, what you value, and if you then only ever behave, act and communicate in a way that is true to you, then you never have to worry about where anybody comes across you or what you’re found doing.  By definition you are never caught doing anything to be ashamed of.

What Gallop fails to acknowledge is that humans have an innate right to choose whether, how, and not to share personal information with others. (Gallop is an advertising consultant. Quelle surprise.) After suggesting how to implement this concept Gallop says

Now in a world of transparency, I am essentially unblackmail-able. I’m unblackmail-able because I have a secondary venture called Make Love Not Porn, and I launched it at the TED conference [organisation that promotes ideas] in 2009.

Once you have stood up on the stage at TED and announced that you have sex with younger men, no-one can ever shame or embarrass you ever again. So I live my life completely in the open, and that is an enormously stress free and relaxing way to be.

And by the way I realise that I am quite an extreme example of this, but the principles are the same for everybody.

Maybe this is a parody after all.

Unspoken Agendas

Recently the WSJ conducted a panel discussion about online privacy. Panelist Christopher Soghoian’s perspective on Facebook resonates for me:

Although consumers knowingly share information via Facebook, the privacy issues associated with that company are not related to the way consumers use it, but rather the other things the company does. These include the tricks the company has pulled to expose users’ private data to third-party app developers, the changing privacy defaults for profile data, as well as Facebook’s covert surveillance of your browsing activities on non-Facebook websites, as long as a “Like” button is present (even if you don’t click on it).

The dirty secret of the Web is that the “free” content and services that consumers enjoy come with a hidden price: their own private data. Many of the major online advertising companies are not interested in the data that we knowingly and willingly share. Instead, these parasitic firms covertly track our web-browsing activities, search behavior and geolocation information. Once collected, this mountain of data is analyzed to build digital dossiers on millions of consumers, in some cases identifying us by name, gender, age as well as the medical conditions and political issues we have researched online.

Although we now regularly trade our most private information for access to social-networking sites and free content, the terms of this exchange were never clearly communicated to consumers.

(emphasis mine)

No One Cares But DoubleClick

In his CNN Tech article “With ‘real-time’ apps, Facebook is always watching” John D. Sutter explains the effects of real-time apps:

In the old world of Facebook, I would have to click that I “liked” a song for it to show up on my Facebook profile page. That’s something you have to think about: “OK, I really like this song, and I really want all of my friends to know that I’m listening to it right now.” Now, sharing is both passive and automatic. It’s a choice you make in advance — one time — and never again.

And so it goes with all kinds of the new “real-time” apps.

Since I’ve logged in to Yahoo! News with Facebook, every time I read an article on that site, it goes to my Timeline.

The same is true for Hulu and TV shows.

And for the Internet game “Words with Friends.” When I play a Scrabble-style word in that game, it will show up on Facebook, along with an image of the current playing board.

Which raises an obvious question: who could possibly want to receive such a constant stream of mundane information about one’s friends, or especially about one’s “friends?” One obvious answer is “no one with a life of their own.”  My spouse does not want to follow every Scrabble hand I play with my son. I do not want to know every song she plays while hanging out in the kitchen. I see a group of friends just about every day for coffee, we talk about everything that captures our brief attention spans, yet being notified of every video they watched online is TMI.  We filter our experiences, we decide which of our friends might be interested in which stories, we curate.  This word is five minutes from overuse but its prevalence evidences our response to the problem of too much information.

To the question “who could possibly want to receive such a constant stream of mundane information” the other obvious, more relevant, and more truthful answer is “anyone who can use that information stream to sell me stuff.” One’s virtual and actual friends will tune it out as the background data buzz that surrounds every Facebook user like a thick cloud of noisy midges. Advertisers will collect, collate, examine, and evaluate each vibrating data point to construct interest and activity profiles. Then they will market to the midges.

This is no great insight. Sutter’s article makes the same point. What moves me is the breathtaking transparency of Facebook’s game. Facebook’s interest in serving its users is overwhelmed by its interest in users as data generators. Real-time apps provide a means to calibrate with unparalleled precision the relationship between user data and vendors of stuff. Facebooko ergo sum:  I Facebook therefore I am–a consumer first, last, and always.

Why I Like Google+ More than Facebook

A brief story about a recent interview with Vic Gundotra, Google’s Senior Vice President of Social Business, reported that Google is “continuing to work on how Google+ shares information to the world. Google’s social lead seems to be less inclined [than Facebook] to create tools that automatically push data public than Facebook does. ‘There’s a reason every thought in your head does not come out of your mouth,’ Gundotra said, adding that there’s a value in curation.” (Emphasis added)

IMDb Sued for Age Disclosure

An unidentified actress has sued Amazon because IMDb, the motion picture industry database owned by Amazon, revealed the actress’s birth date, showing that she is over 40 years old.  The actress–“a Texas resident of Asian descent”–created the profile without her birth date in IMDb Pro, a service created for industry professionals.  According to the lawsuit she filed in federal court in Seattle IMDb used other personal information she provided “to uncover her date of birth” and add it to her profile, “revealing to the public that Plaintiff is many years older than she looks.” Amazon says it obtained the actress’s age from her agent.  The actress denies this assertion.

The article doesn’t specify the specific claim the lawsuit asserts.  The facts don’t support a claim for public disclosure of private facts–her age would likely be considered newsworthy. It appears her claim is that IMDb violated its terms of service by using her personal information for purposes she did not authorize, but the article doesn’t point to any specific TOS provision that addresses the site’s use of personal information.

You, Starring in Your Own Commercial

Why Facebook is After Your Kids in today’s NY Times reports that Facebook is lobbying to change the Children’s Online Privacy Protection Ace (COPPA), the 1998 law that bars websites from obtaining personal information for children 12 or younger without parental consent.  Facebook wants more freedom to accept younger users–and there are already 7.5 million Facebook users under 13.  The Times states:

We don’t really know yet how joining Facebook at a tender age affects kids socially and emotionally. There’s the fun and freedom of Facebook, and then there’s the Consumer Reports finding that the site exposed a million teenagers to bullying and harassment last year. What is clear is that Facebook thinks it needs access to kids’ lives in order to continue to dominate its industry. The younger the child, the greater the opportunity to build brand loyalty that might transcend the next social-media trend. And crucially, signing up kids early can accustom them to “sharing” with the big audiences that are at their small fingertips.

The article quotes Mark Zuckerberg about the benefits of “frictionless” sharing on Facebook:

“We help you share information, and when you do that, you’re more engaged on the site, and then there are ads on the side of the page. The more you’re sharing, the more — the model all just works out.” 

The younger the age at which you become accustomed to Facebook’s view of your relationship to your personal information–you exist and share in order to generate advertisements tailored precisely to your demonstrated interests–the deeper Facebook’s hold on the details of your life.

Facebook + Halloween + Privacy Invasion = Creepy

Go to Take This Lollipop, allow it to use your Facebook information, and then watch a horror movie featuring you.  I learned about the site from both the New York Times and the daily news email from the International Association of Privacy Professionals and I don’t believe the site will do anything nefarious with your Facebook info.  Even without that concern the site is decidedly creepy.