Abstract

  
 

Citations (1)



 


 



The PII Problem: Privacy and a New Concept of Personally Identifiable Information


Paul M. Schwartz


University of California, Berkeley - School of Law

Daniel J. Solove


George Washington University Law School
December 5, 2011

New York University Law Review, Vol. 86, p. 1814, 2011
UC Berkeley Public Law Research Paper No. 1909366
GWU Legal Studies Research Paper No. 584
GWU Law School Public Law Research Paper No. 584

Abstract:     
Personally identifiable information (PII) is one of the most central concepts in information privacy regulation. The scope of privacy laws typically turns on whether PII is involved. The basic assumption behind the applicable laws is that if PII is not involved, then there can be no privacy harm. At the same time, there is no uniform definition of PII in information privacy law. Moreover, computer science has shown that in many circumstances non-PII can be linked to individuals, and that de-identified data can be re-identified. PII and non-PII are thus not immutable categories, and there is a risk that information deemed non-PII at one time can be transformed into PII at a later juncture. Due to the malleable nature of what constitutes PII, some commentators have even suggested that PII be abandoned as the mechanism by which to define the boundaries of privacy law.

In this Article, we argue that although the current approaches to PII are flawed, the concept of PII should not be abandoned. We develop a new approach called “PII 2.0,” which accounts for PII’s malleability. Based upon a standard rather than a rule, PII 2.0 utilizes a continuum of risk of identification. PII 2.0 regulates information that relates to either an “identified” or “identifiable” individual, and it establishes different requirements for each category. To illustrate this theory, we use the example of regulating behavioral marketing to adults and children. We show how existing approaches to PII impede the effective regulation of behavioral marketing, and how PII 2.0 would resolve these problems.

Number of Pages in PDF File: 81

Keywords: personally identifiable information, behavioral marketing, privacy, FTC, de-identification, computer science, technology

JEL Classification: C80, D82, M31

Accepted Paper Series


Download This Paper

Date posted: August 15, 2011 ; Last revised: March 6, 2013

Suggested Citation

Schwartz, Paul M. and Solove, Daniel J., The PII Problem: Privacy and a New Concept of Personally Identifiable Information (December 5, 2011). New York University Law Review, Vol. 86, p. 1814, 2011; UC Berkeley Public Law Research Paper No. 1909366; GWU Legal Studies Research Paper No. 584; GWU Law School Public Law Research Paper No. 584. Available at SSRN: http://ssrn.com/abstract=1909366

Contact Information

Paul M. Schwartz
University of California, Berkeley - School of Law ( email )
Boalt Hall #7200
Berkeley, CA 94720-7200
United States
Daniel J. Solove (Contact Author)
George Washington University Law School ( email )
2000 H Street, N.W.
Washington, DC 20052
United States
202-994-9514 (Phone)
HOME PAGE: http://www.law.gwu.edu/facweb/dsolove/
Feedback to SSRN (Beta)


Paper statistics
Abstract Views: 8,923
Downloads: 1,603
Download Rank: 4,136
Citations:  1

© 2013 Social Science Electronic Publishing, Inc. All Rights Reserved.  FAQ   Terms of Use   Privacy Policy   Copyright
This page was processed by apollo5 in 0.859 seconds