About | HeinOnline Law Journal Library | HeinOnline Law Journal Library | HeinOnline

10 J. on Telecomm. & High Tech. L. 273 (2012)
Necessary but Not Sufficient: Standardized Mechanisms for Privacy Notice and Choice

handle is hein.journals/jtelhtel10 and id is 291 raw text is: NECESSARY BUT NOT SUFFICIENT:
STANDARDIZED MECHANISMS FOR
PRIVACY NOTICE AND CHOICE
LORRIE FAITH CRANOR*
I.     N OTICE  AND  CHOICE .................................................................. 277
II.    PLATFORM FOR PRIVACY PREFERENCES ................................... 279
III.   A  PRIVACY   TAXONOM    Y  ............................................................. 282
IV.    PRIVACY NUTRITION LABELS AND PRIVACY ICONS .................. 286
V.     ADOPTION AND ENFORCEMENT ................................................. 295
VI.    OPTING OUT OF ONLINE BEHAVIORAL ADVERTISING ............... 299
V II.  C ON CLU  SION S  ............................................................................ 304
For several decades, notice and choice have been key principles
of information privacy protection.' Conceptions of privacy that involve
the notion of individual control require a mechanism for individuals to
understand where and under what conditions their personal information
may flow and to exercise control over that flow. Thus, the various sets
of fair information practice principles and the privacy laws based on
these principles include requirements for providing notice about data
practices and allowing individuals to exercise control over those
practices. Privacy policies and opt-out mechanisms have become the
predominant tools of notice and choice. However, a consensus has
emerged that privacy policies are poor mechanisms for communicating
* Associate Professor, Computer Science and Engineering & Public Policy and
Director, CyLab Usable Privacy and Security Laboratory at Carnegie Mellon University.
lorrie@cmu.edu. I presented a very preliminary draft of this paper at Berkeley Law as part of
the 4th Annual Privacy Lecture in February 2011. Thanks to respondents Thomas Fetzer and
Jennifer Gove, as well as Paul Schwartz and Deirdre Mulligan for their feedback and
suggestions. I presented a later draft at the Silicon Flatirons The Economics of Privacy
Symposium in December 2011. Discussions with conference participants, several former P3P
working group members, and members of the Carnegie Mellon CyLab Usable Privacy and
Security Laboratory further informed this paper.
1. See Memorandum from Paul M. Schwartz & Daniel Solove on Notice and Choice:
Implications for Digital Marketing to Youth prepared for the Second NPLAN/BMSG Meeting
on   Digital  Media    and   Marketing   to   Children  (June   29-30,  2009),
http://digitalads.org/docurnments/Schwartz-Solove-Notice-Choice-NPLAN-BMSG-memo.pdf

What Is HeinOnline?

HeinOnline is a subscription-based resource containing nearly 3,000 academic and legal journals from inception; complete coverage of government documents such as U.S. Statutes at Large, U.S. Code, Federal Register, Code of Federal Regulations, U.S. Reports, and much more. Documents are image-based, fully searchable PDFs with the authority of print combined with the accessibility of a user-friendly and powerful database. For more information, request a quote or trial for your organization below.



Short-term subscription options include 24 hours, 48 hours, or 1 week to HeinOnline with pricing starting as low as $29.95

Contact us for annual subscription options:

Already a HeinOnline Subscriber?

profiles profiles most