opinion

Privacy suffers when Internet laws become obscure

Privacy is often thought of as the right to be left alone. Yet, our lives are embedded in relationships — with people, with corporations, with the government and with our technological devices.

Our relationships drive the obscurity of information privacy. Donald Sterling thought he was having a private conversation. Edward Snowden unveiled the government’s corporate trove of data. And our everyday tech devices will soon be ubiquitous — with analysts predicting 2.5 billion global smartphone users by 2015.

Consumers, as well, wish for their data to be left alone — albeit only sometimes. The New Yorker recently published a story about an artist who gave out several hundred cookies during an arts festival in Brooklyn in exchange for personal information, such as a mother’s maiden name, home address, the last four digits of a Social Security number, or even fingerprints.

If our own relationships and our own behavior undermine the right to be left alone, how can we expect privacy laws to be effective? This is especially problematic for consumer privacy laws that seek to balance society’s interest in analyzing big data with an individual’s right to information privacy.

The rules, regulations and best practices for companies that want to balance user privacy with data commercialization, however, are no less ambiguous than a consumer’s desire to be left alone.

Take for example California’s new Privacy Rights for Minors in the Digital World law, which took effect on Jan. 1. This law applies to any company, even those outside of California, that owns a website, an online service, an online application or a mobile application that: (i) is directed to minors who reside in California; or (ii) has actual knowledge that a minor who resides in California is using its website, its online service, its online application or its mobile application.

Under the new law, these companies must allow minors who are registered users to remove content or information from the companies’ website, online service, online application or mobile application. This new law, which effectively mandates, except in limited circumstances, an “erasure service for minors,” also requires that companies provide notice to minors that the removal service is available and give clear instructions on how to use it.

Sounds straightforward — yet it’s not.

Longstanding privacy rules and regulations, such as the 1998 federal Children’s Online Privacy Protection Act (COPPA), have been designed to protect the privacy of minors within a certain age group — those under age 13. While the new California erasure law and COPPA apply to the same type of websites and mobile applications (those directed at users under the age of 13 and those with knowledge that users under the age of 13 are using the websites or applications), California’s new erasure law also protects the privacy of minors within a much broader age group — anyone under the age of 18.

So beginning Jan.1, select users under age 18 now have erasure rights, but not adults. Not Donald Sterling. Not Edward Snowden. Not most of us.

Information privacy laws have long been based on a patchwork of varying federal and state rules and regulations, but the new California law, which applies to any company, not just those in California, elevates this existing patchwork to a new level of obscurity.

Companies must comply with COPPA for users under the age of 13, yet have a different privacy regime for content removal for certain California users under the age of 18. In addition, select consumers will have enhanced privacy rights to remove content from the online world, while others will not.

The right to be left alone does not disappear with the advent of online and mobile technologies, and California is certainly entitled to provide enhanced privacy rights to users between the ages of 13 and 18. However, when rules, regulations and best practices for companies that want to balance user privacy with data commercialization become increasingly obscure, privacy rights for consumers are compromised — even for those who only sometimes want to be left alone.

Lydia Jones is an adjunct professor at Vanderbilt Law School, teaching information privacy law. She is also one of the first civil lawyers in the country to practice in the fields of Internet law and online privacy.