As previewed here, a report on this morning’s privacy-and-the-Web jamboree. Lawyer Caroline Campbell introduced the symposium on “Letting it all hang out”, sponsored by Digital Media Forum and taking place as part of the Darklight festival, and handed things over to Prof. Daniel Solove (website), the special guest. (And I discovered that it’s pronounced So-Love, whereas I’ve always said it So-Low-Vay in my head. Oops).

Unless otherwise indicated, what follows is a non-verbatim approximation of what was said. Please correct any errors if you spoke and spot them. Things in [square brackets] are entirely my own views or additions and weren’t said at the symposium. Prior posts on privacy on this blog are here.

Daniel Solove’s presentation

Solove gave a quick overview of the context of Internet privacy, and discussed a number of specific cases that illustrated the changing nature of privacy:

  • Dog Poop Girl – a cellphone picture of a dog doing what dogs do on train, published, the owner identified (as being irresponsible for not cleaning up), personal info published; it ended up on BoingBoing, media, posters and much more. “The Internet allows a cyber-posse to amass from around the world in an instant”.
  • Personal blogging is in a way like diaries, containing intimate details of your personal life – but also the lives of others! But it’s very pervasive…will parents say to their child: “Well yes we could read your blog .. or you could just tell us about your school day“? (Solove displayed this cartoon or a version of it)
  • 40% of blogs are written by under 19s…this is ‘Generation Google’, entire lives chronicled online [lots of things in common with Digital Natives here]
  • Star Wars Kid – put up on site by friends and in just a few weeks, millions of views, went viral, embellished by others, mashups (loads of ’em). Now he’s extremely well-known. Is this a good thing?
  • Washingtonienne (Jessica Cutler) – anonymous blog which was personal, including lots of stuff about sexual partners – highlighted by Wonkette, followed by significant magazine coverage, a book deal, etc. One partner sued her for invasion of privacy … though she has now declared bankruptcy.

But maybe this sort of scrutiny of reputation is a good thing? Yes, but information out of context leads to hasty judgements that don’t really capture the truth of a character. And the libertarian norms which are generally good can actually lead to the opposite, people can be “shackled to their past”.

What can the law do? A little bit, but not a lot. A solution must deal with education, social attitudes, etc. So he analyses three “paths” – libertarian (hands off – things will get worse if you bring the law in; problem is that the norms may not develop the way we want to), authoritarian (censor and restrict – increasing willingness to do this in the US, too reactive, chills speech), middle ground (threat of lawsuit forces responsibility and accountability -recommended approach, but doesn’t want too many cases as it’s expensive) [again, this is a trend in the current phase of cyberlaw, so Solove is in very good company]

He then discussed the ‘Warren and Brandeis‘ privacy tort in the US, where you can sue for spreading private information not of legitimate concern. In the UK, it’s the modified breach of confidence tort, expanded post-HRA to be similar to US. [In Ireland, we have neither as such (breach of confidence exists but not as it now does in the UK), although we do have a small number of cases where a suit for breach of the constitutional right of privacy has been successful, a proposed tort in the stalled Privacy Bill, and a presumptive requirement under international law (ECHR) and domestic remedy (ECHR Act) to deal with the Von Hannover approach to Article 8 of the Convention on privacy]

Often, we have a binary understanding of privacy – places are private (home) vs public (the county fair). But we do have expectations of privacy in public place, and it’s so easy to capture (cellphone, CCTV, etc). The breach of confidence remedy in the UK is extensive and includes information between friends.

It’s also about control. Dr Laura Schlessinger, a conservative commentator, was not impressed when nude photos of her (taken in her wild past) were circulated. [I’m passing on looking them up] She sued the website to get the photos taken down, but lost due to free speech concerns. Then the ‘voyeur’ website that published them won cases against other sites for stealing their pictures! This shows that the idea that there’s nothing that the law can do to restrict information is false – in this case, there was copyright protection. “If you have a choice between copyright and privacy, choose copyright”, as the protections are more powerful.

And then there’s speech. Solove thinks that US law overprotects speech and underprotects privacy. Section 230 of the CDA immunises websites, ISPs etc for content supplied by others…and it’s complete immunity, which goes way too far. is an example. This illustrates how the law is “getting the balance wrong, encouraging irresponsibility rather than responsibility”. Small legal changes would nudge norms in the right direction.

Panel Discussion

Caroline (CarC) and Daniel (DS) were joined by Damien Mulley (DM), Jim Carroll (JC), Cormac Callinan (CorC) and Niall Larkin (NL). I didn’t get every point, I’m afraid, but I’ve tried to capture as much as I could (in almost all cases, summary rather than verbatim). ?? means a question or point from the floor.

We started with a general question to the panel on social networking and privacy. NL: People are sharing, learning to express themselves, “growing up online”. If it goes on the Internet, it stays on the Internet. DM: everything you do on Facebook is logged, i.e profile visits. They got in trouble last year, because even when you closed an account, info was still stored. Profile built up to sell on to advertisers, understanding behaviour. And they will hand to law enforcement without subpoenas. (full-time members of staff just doing this). There’s also profiling by companies etc, though people don’t really know this is happening. JC: it’s already happening with loyalty cards, though it’s now easier again for the marketers. It comes down to how much you care about it. DS: ubiquity of information collection. Mentions cloud computing – they have all your documents. Popular for marketers and for governments. Analysis tools are getting more sophisticated too. Terrorist profiling too (it works for Amazon, will it work for government?)

DM asks the audience – do you care that your data is being stored and used? [I think about half put their hands up]

??: a debt collector friend has been told to use Bebo in their work. This is a sign of how much awareness there is of the potential of such sites for data collection.

??: what about problems of international law, when content is hosted in a different country? Corc: it’s very difficult, there’s lots of international cooperation, there’s most in child protection, but data protection as an example of where it doesn’t work, there’s virtually no protection in US, despite safe harbour (between EU and US) which controls only certain aspects and is very limited.

??: is there ‘decentralised responsibility’, i.e. the user has agreed to terms and conditions when they signed up? DS: how many people read the privacy policies? They can change them unilaterally at any time. And for Facebook, there’s a policy, there’s privacy settings, and a 6000-word TOS. “No-one reads these things”.

??: Creative Commons has simplified IP contracting, could you do this for privacy? DS: sceptical, you use so many sites in a day and it’s very difficult to keep up with. A FTC commissioner he met confessed to not reading Facebook’s privacy policy. CarC: lawyers work very hard to make things “simple” but they are often hiding stuff! NL: as danah boyd says, as a citizen of the Internet you should have some basic rights.

??: There’s a naivety that people think social networking sites are there for their benefit, but they are ultimately commercial enterprises. DS: people are fine with it until something bad happens. They can want certain uses of data but not others….how do you know in advance? JC: when it’s taken out of context, there is trouble: i.e. publication of Bebo photographs in a newspaper. CorC: yes, but there’s also a lot of misunderstanding, i.e. ‘if you turn off your phone you can’t be tracked’ (not true – it’s effectively personal GPS), even possible to have remote activation of microphone. If someone had said 10 years ago that you’d carry a GPS tracker you’d say they were insane but now you pay €35 a month for the pleasure! DS: there was a backlash against bank accounts in the US in the early days of banking – but people chose to give up some privacy in return for value. But when does data mining turn into surveillance?

??: What can we get our government to do to protect against privacy infringement? And teenagers liked the idea of the mobile phone tracking – is this another generation gap? CorC: mentioned “phonewalking” services (bringing the tracked phone to where you ‘should’ be – big business of the future! Copyright law is very effective because of lobbying power; businesses of course are there to make money, you should always assume this, and also – distinguish between privacy and data protection. Asking Bebo and Facebook to protect you is not feasible, it’s not their job to do it as they can always see and know everything, and their motive is profit. DM – I want to be told when people access my information, i.e. what the companies or their allies do, and including government information too (e.g. social welfare).

DS – there is an “optimism bias”. And it’s hard to visualise all the people reading your blog as compared to that of an true audience. In one study, 70% of people agreed that a privacy policy means no 3rd party sharing (this is not). NL: visualisation is concealed in some (social networks encourage to share with ‘friends’) but not others like YouTube (‘broadcast yourself’ makes it very clear)

?? – Big Brother is important but we are also contributing to this – “we are BB”. Balance between rights and responsibilities – i.e. as a blogger, what am I putting out there?

?? – what about Gmail turning information over to Government without telling you. The government that would legislate to protect us has a particular role too as being a threat to privacy. DS: yes, an see in particular the discussion of FISA in the US.

?? is there a catch 22, you need unique ID of some sort in order to make Internet services and presence work. I like my anonymity, which is compromised. And these issues are nothing compared to Yahoo turning over information to China. CorC – you don’t really have anonymity, Irish ISPs share your information across the world. And you leave a significant footprint. [Cormac was very honest and direct in these contributions, which is appreciated].

??: there are two separate privacy debates happening, one about the protection of public figures against ‘media intrusion’ that is happening in the political and legal arena and a separate one that we are hearing here about privacy policies, commercial exploitation, Government surveillance that is not being legislated for. [That was me]

?? can there be a realistic remedy, very hard to deal with violations as not everyone can go to the High Court.

CorC – remember in Europe we don’t have immunisation of ISPs and hosts as with the CDA in the US (it’s about knowledge). DS: that’s interesting, when I say that in the US I’m told that it would lead to the total shutdown of the Internet and no free speech.


Three quick observations. If you were there, please add your own, including issues that you might not have had time to raise in the Q&A.

A very interesting symposium, with a particular need to note the strength of contributions from the floor. Although I wondered (like Justin) about how it related to the festival as a whole, I think the fact that the vast majority of those present were ‘active’ in various types of media, digital culture, etc meant that there was a lot that did not need to be reiterated (I’ve given talks about Facebook where the basic concept has to be explained, which while important, leads to a different type of question), and also a very informed line of questioning to what was an extremely heavy-hitting panel, with some of the best-known local bloggers and journalists, a leading international privacy scholar, and two important practitioner perspectives from Callinan and Campbell).

I hadn’t heard Daniel Solove speak before, though I’ve read his books and cited his blog posts in papers. He explained the issues very clearly to what was clearly not a legal audience, but managed to do so without leaving out crucial details like US-Europe differences in the relevant areas of law. And he talked about Warren and Brandeis at 10am in a basement full of film producers, and everyone followed what he was on about.

An audience member did raise the issue of gender balance, although in defence of the organisers, both Rachel O’Connell (Bebo) and Karlin Lillington (Irish Times) were invited but unable to attend.