Choice permeates nearly every facet of American life. We celebrate our freedom to voice a preference with every election and every episode of American Idol. We also want a choice in information privacy-- the power to dictate exactly how our personal data is collected and used.
In a recent Foreign Affairs note, Ann Cavoukian, former Information and Privacy Commissioner of Ontario, Canada, put it this way: "When it comes to regulating privacy, let the people decide." This concept of privacy as choice originated with Alan Westin, in his groundbreaking 1967 book Privacy and Freedom. He defined privacy as "...the claim of individuals, groups, or institutions to determine for themselves when, how, and to what extent information about them is communicated to others.
The reality, however, is that pervasive data gathering and analytical techniques fueled by advances in communication and information technology are rendering true data democracy obsolete.
The idea of letting the people decide is appealing. We each have different ideas of what should and should not be done with our information, and we all seek some level of protection from prying eyes. With that, policymakers developed a "notice and choice" framework, requiring people to decide at the point of data collection whether they accept the specified uses of their information.
The limitations on this approach are, by now, obvious. In practice, it means providing consumers with incomprehensible legalistic privacy policies, which no one reads, but that are treated as "informed consent" for companies to do as they please. One study estimated that if an average consumer read the privacy policies of all the websites they visited, it would take 224 hours a year.
The problem is only getting worse as the Internet of Things continues its rapid expansion. When refrigerators, automobiles, smartphones, and just about every object in daily life are all equipped with communications capabilities, it will be impossible to execute a privacy framework in which consumers can examine all the possible data uses before information is collected.
In today's world of pervasive data collection and use, this blind insistence on a data democracy provides only the illusion of individual control. It is a fake mechanism of autonomy, offering no real consumer protection.
There is an alternative. Years ago, former Obama Administration official Danny Weitzner put it this way: "Consumers should not have to agree in advance to complex policies with unpredictable outcomes Instead, they should be confident that there will be redress if they are harmed by improper use of the information they provide..."
A reform movement is gaining steam. The goal is to prevent consumer harm-to ensure that information is not used in a way that is adverse to an individual's legitimate interests. The basic concept is to make companies and institutions responsible for how they use collected data. There will clearly be some role for consumers in this regime, but they will not be the only, or even the primary, agent of enforcement.
Sign up for CIO Asia eNewsletters.