Abstract

http://ssrn.com/abstract=2171018
 
 

Footnotes (88)



 


 



Privacy Self-Management and the Consent Dilemma


Daniel J. Solove


George Washington University Law School

November 4, 2012

126 Harvard Law Review 1880 (2013)
GWU Legal Studies Research Paper No. 2012-141
GWU Law School Public Law Research Paper No. 2012-141

Abstract:     
The current regulatory approach for protecting privacy involves what I refer to as “privacy self-management” — the law provides people with a set of rights to enable them to decide how to weigh the costs and benefits of the collection, use, or disclosure of their information. People’s consent legitimizes nearly any form of collection, use, and disclosure of personal data.

Although privacy self-management is certainly a necessary component of any regulatory regime, I contend in this Article that it is being asked to do work beyond its capabilities. Privacy self-management does not provide meaningful control. Empirical and social science research has undermined key assumptions about how people make decisions regarding their data, assumptions that underpin and legitimize the privacy self-management model.

Moreover, people cannot appropriately self-manage their privacy due to a series of structural problems. There are too many entities collecting and using personal data to make it feasible for people to manage their privacy separately with each entity. Moreover, many privacy harms are the result of an aggregation of pieces of data over a period of time by different entities. It is virtually impossible for people to weigh the costs and benefits of revealing information or permitting its use or transfer without an understanding of the potential downstream uses, further limiting the effectiveness of the privacy self-management framework. In addition, privacy self-management addresses privacy in a series of isolated transactions guided by particular individuals. Privacy costs and benefits, however, are more appropriately assessed cumulatively and holistically — not merely at the individual level.

In order to advance, privacy law and policy must confront a complex and confounding dilemma with consent. Consent to collection, use, and disclosure of personal data is often not meaningful, and the most apparent solution — paternalistic measures — even more directly denies people the freedom to make consensual choices about their data. In this Article, I propose several ways privacy law can grapple with the consent dilemma and move beyond relying too heavily on privacy self-management.

Number of Pages in PDF File: 24

Keywords: privacy, Fair Information Practice Principles, FTC

Accepted Paper Series





Download This Paper

Date posted: November 4, 2012 ; Last revised: May 21, 2013

Suggested Citation

Solove, Daniel J., Privacy Self-Management and the Consent Dilemma (November 4, 2012). 126 Harvard Law Review 1880 (2013); GWU Legal Studies Research Paper No. 2012-141; GWU Law School Public Law Research Paper No. 2012-141. Available at SSRN: http://ssrn.com/abstract=2171018

Contact Information

Daniel J. Solove (Contact Author)
George Washington University Law School ( email )
2000 H Street, N.W.
Washington, DC 20052
United States
202-994-9514 (Phone)
HOME PAGE: http://www.law.gwu.edu/facweb/dsolove/
Feedback to SSRN


Paper statistics
Abstract Views: 8,713
Downloads: 2,058
Download Rank: 3,376
Footnotes:  88

© 2014 Social Science Electronic Publishing, Inc. All Rights Reserved.  FAQ   Terms of Use   Privacy Policy   Copyright   Contact Us
This page was processed by apollo8 in 0.281 seconds