Please click HERE to download the full dissertation

By Rachel Gabrielle

Introduction

Due to recent developments in digital technology, much of human interaction has migrated to the virtual world. Actions carried out in the technological sphere generate data; this data has become transformed into a valuable commodity, predominantly by large corporations operating in a capitalist environment. The actions of these corporations are typically opaque; thus many ostensibly harmless, entrancing benefits render consumers oblivious to the dubious practices beneath the surface of Internet use.

Parallel to innovation, issues have arisen. The financial worth of personal data has resulted in its exponential dissemination worldwide, representing a significant departure from earlier technological capabilities, in a manner that has created somewhat of a pandemonium for legal discourse. Triggered at most instances of a data-technology relationship are privacy complications. These can range significantly in scope, for there are many potential uses - and misuses - for personal data. Before the aims of this dissertation are expressed, it is necessary to narrow the breadth of its focus. To do so, certain terms must be examined and defined.

Privacy is widely and frequently recognized as a fundamental human right. Yet beyond this general consensus of importance, uncertainty lurks. Privacy is difficult to acutely define. Violations thereof include a myriad of activities, from releasing names of criminal suspects to trading personal information despite promising otherwise. These prima facie appear unrelated; conflating them in attempt to create an all- encompassing definition of privacy may cause harm in the form of inconsistent recognition or gross misconstruction. Thus, lack of clarity often places privacy at a lower position of importance than issues more easily articulated, such as free speech and commercial efficiency, and consequently, privacy is disproportionately undervalued against countervailing interests.

Legal scholar Daniel Solove argues for viewing privacy as a taxonomy, focusing on “privacy problems”, utilising a bottom-up approach which initially identifies an issue, then operates from that point forward. This taxonomic framework is constituted of four essential categories: information collection, information processing, information dissemination, and invasion. These manifest in countless forms, ranging to and from security, confidentiality, integrity, and beyond. Alas, evaluating every incarnation in this ontology is not the purpose of this dissertation, as such would be too broad an undertaking. Matters of security, in protection from hackers and data breaches, will not be discussed.

Data protection, as a term, is fairly self-explanatory, yet also encompasses a broad range of potential issues that may be triggered within its remit, which muddle clarity. There exists a complex relationship between privacy and data protection. Both can be seen to derive from and engage each other; there is also a significant degree of overlap between the two. A fusion of the concepts has occurred, which envisions “privacy in terms of management of personal information” (Banisar & Davis 1998). Privacy principles give rise to data protection, and privacy is a right often engaged in circumstances regarding data protection, as a key objective of data protection is to safeguard privacy. An extensive amount of the normative basis for data protection policy and legislation is provided by human rights and privacy legal codification, and the right to lead a private life is most widely regarded as crafting its core tenets. The Human Rights Committee has stated that Article 17 of the International Covenant on Civil and Political Rights, a central United nations treaty, “requires legal implementation of essential data protection guarantees in both the public and private sectors”. Thus, data protection can indirectly be read and interpreted as a human right. When references are made to privacy or data protection in this dissertation, it can be inferred in most instances that both are encompassed.

This dissertation will, focusing on the United States (‘US’), delve into the commodification of personal data by entities in the private (non-governmental) sector in relation to collection, utilisation, and dissemination. The means of collection (in general and specifically), the modes and situations in which personal data is used, as well as trading to third parties will foremost be evaluated and concluded as impinging upon salient privacy and data protection principles. Solove’s bottom-up approach will be adopted of unearthing specific issues and analysing overall effects of the actions taken by corporations in light of their consumers’ personal data.

The first chapter of this dissertation, The Online Journey of Data, will establish a background for understanding the practices that take place. Data collection, usage, and trading practices will be scrutinized with a critical eye. The second chapter, Law in the United States, aims to provide a background to the current legal structure surrounding privacy and data protection existing in the US, including both statutory and case law. The third chapter, Comparing United States Law, evaluates principles and structures in other developed nations, affording for deeper analysis of issues within the US system by highlighting its deficiencies. The fourth chapter, Privacy as an Enterprise, will outline and explore the importance of privacy and data protection, from both philosophical and human rights perspectives. The fifth chapter, Moving Forward, considers potential solutions to current issues. Avoidance, resistance, and law reform are outlined, and their practicality, usefulness, and likelihood for positive effects are analysed.