The Case Against Idealising Control

4 European Data Protection Law Review 423 (2018)

10 Pages Posted: 31 Dec 2018 Last revised: 10 Jan 2019

See all articles by Woodrow Hartzog

Woodrow Hartzog

Boston University School of Law; Stanford Law School Center for Internet and Society

Date Written: December 12, 2018

Abstract

Seemingly everyone, from scholars, industry, and privacy advocates to lawmakers, regulators, and judges seems to have settled on the idea that the key to privacy is control over personal information. But in practice, there is only so much a person can do. Control is far too precious and finite of a concept to meaningfully scale. It will never work for personal data mediated by technology.

Now we have an entire empire of data protection built around the crumbling edifice of control. The idealisation of control in modern data protection regimes like the GDPR and the ePrivacy Directive creates a pursuit that is actually adversarial to safe and sustainable data practices. It deludes us about the efficacy of rules and dooms future regulatory proposals to walk down the same, misguided path. We should dislodge and minimise the concept of control as a goal of data protection.

In mediated environments, the control we users get is illusory, overwhelming, and myopic. Justifying control measures on privacy grounds requires so much justification and tying ourselves in knots that it feels like it’s merely serving as a proxy for some other protection goal that’s just out of reach. Lawmakers and companies should pursue more direct values like trust, obscurity, and autonomy. They should embrace more direct strategies like mandatory deletion, collection and purpose limitations, and non-waivable duties of care, loyalty, discretion. People's trust in companies should be protected regardless of the control they are given.

Keywords: control, privacy, data protection, GDPR, ePrivacy, privacy by design

Suggested Citation

Hartzog, Woodrow, The Case Against Idealising Control (December 12, 2018). 4 European Data Protection Law Review 423 (2018), Available at SSRN: https://ssrn.com/abstract=3299762

Woodrow Hartzog (Contact Author)

Boston University School of Law ( email )

765 Commonwealth Avenue
Boston, MA 02215
United States

HOME PAGE: http://https://www.bu.edu/law/profile/woodrow-hartzog/

Stanford Law School Center for Internet and Society ( email )

Palo Alto, CA
United States

HOME PAGE: http://cyberlaw.stanford.edu/profile/woodrow-hartzog

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Downloads
829
Abstract Views
3,143
Rank
58,250
PlumX Metrics