Changing privacy expectations?

As Miriam Simun from our Digital Natives team is off this morning to present our research findings on digital natives and their attitudes towards privacy at the Harvard CRCS Privacy and Security seminar series, news comes from Italy that the Agenzia delle Entrate – the department of revenue – has made available online for all to see citizens’ annual incomes, searchable by anyone with an Internet connection. After a few hours the site was up it got clogged with requests, while protests started to come in for the breach of tax payers’ privacy. The Garante della Privacy intervened later in the day to stop the data from being released online.

What’s interesting about this story is that one might expect general outrage at the revenue department’s initiative to make such highly personal data public. But a quick look at two online opinion polls published by two of the major national newspapers shows that the outrage is not as widespread as it might be believed. At the time of writing this, sixty four percent of the readers who replied to the poll answered that they saw nothing wrong with the initiative – while 34 percent of respondents replied that making data available online was too much (La Repubblica). A poll by another newspaper, il Corriere della Sera – shows slightly different results, with 52 percent of respondents agreeing with the initiative to make the data available online.

While these polls are in no way representative, they are nonetheless indicative of a shared feeling that if personal data is made available online in order to increase transparency, then loss of privacy should be seen as acceptable. I was surprised – but less so when I put these results in context of our findings from our Digital Natives project. We live increasingly in a surveillance society where data is constantly collected about us from different technologies without people being necessarily aware of it – at the same time, we are increasingly sharing details of our personal lives online. Amongst the young people we’ve interviewed for our project, there is some awareness that loss of privacy is the trade off for living increasingly connected lives online. Clearly the tide cannot be stopped – what’s needed is a concerted effort to address these issues from an educational, technical and legal architecture standpoint in order to educate people (and institutions) on how to navigate this new world.

Privacy concerns increasingly under the spotlight

In the last few weeks, a couple of initiatives in the UK have caught the eye of privacy advocates: first, the government proposal of making Internet Service Providers responsible for taking legal action against users who download music illegally over their accounts, thus making them actively responsible for monitoring the content which is passed through their networks. Second, the proposal of entering every child into an electronic database which will collect and permanently store students’ records so that these can be accessible to college admissions and prospective employers. Interestingly, these proposals are made just as users’ concerns are growing about social networking sites’ ability of making users’ personal data available to third parties, via Facebook’s applications for example, and about the permanence of such data once they are stored and archived on the site’s servers.

Frontline’s “Growing Up Online”: What about the digital dossier?

(by Corinna di Gennaro and Miriam Simun – cross-posted from Digital Natives blog and Berkman blog)

PBS recently aired “Growing Up Online” (and posted the entire episode on their website) – an inquisitive look into the lives of so-called Digital Natives. The program presented a world of young people spending much of their lives immersed in digital media – constantly connected to friends and others via mobile phones and web sites such as MySpace and YouTube. These are the lives of young people who are the first generation to grow up online, or those “born digital”, to borrow the term from John Palfrey’s and Urs Gasser’s forthcoming book of the same title. Frontline addressed several of the key issues the Digital Natives project is investigating, including education in the age of internet, online identity play, cyber-bullying, and online sexual predators.

While the documentary hinted at the types of creative expression and activity taking place online, the focus was very much on the risks associated with socializing on the internet. Discussion of young people’s private lives, which are increasingly taking place online, touched upon the shifting notions of privacy among youth raised with a mouse in-hand, and a number of the issues regarding the wide and unknown audience they present themselves to. Hats off to Frontline for taking a fair – and realistic – stance in addressing the sexual predator issue. Despite media portrayal of sexual predators lurking behind every corner of the internet – NBC’s “To Catch a Predator” has quite a good hand in this – research is beginning to show that this is a seriously, and dangerously, overblown threat. A Cal State study by Larry Rosen mentioned in the program found that young people on MySpace are rarely approached for sexual liaisons, and those that are tend to be seeking these types of interactions. Our research on the Digital Natives project has supported these findings – the overwhelming majority of teens are very aware of sexual predator concerns and are incredibly savvy at navigating the internet and avoiding contact with creepy strangers. In fact, most youth we spoke with largely avoid online contact with anyone they don’t know personally.

The risks associated with teens socializing online were further highlighted by Davina, a high school student interviewed who took part in a lunchroom fight that ended in chair-throwing and a video that proceeded to earn her YouTube fame. Davina is now legitimately concerned that this video – and her behavior – is now permanently available for all to see – including college admissions officers. While kids socialize in online spaces they often feel are out of the realm of adults, college admission officers and prospective employers are trolling sites like MySpace and Facebook, searching for evidence of illegal or unsavory hijinks to deny offers of admission or employment. A media blitz last spring highlighting stories of employers discriminating against college grads based on unsavory Facebook photos and police officers searching for evidence of underage drinking on MySpace, appears to have affected youth behavior, to a degree. We have found that youth, particularly those attending more elite high schools and universities, are increasingly becoming wise to these issues. They are taking charge of their social networking sites’ privacy settings, or removing all together those frat-party videos that seemed so funny last Saturday night. A serious issue is the inequality of awareness we have found among the students we talked to – in more affluent schools, college counselors and teachers are adamantly warning students from the start to be careful what they post online, while students from lower performing schools were more likely to hear the warnings from after-school programs they were involved with, or else, wait for the warnings to be passed down from friends.

One issue of a life online which was completely ignored by Frontline is the digital dossier: the accumulation of personal data collected as people use digital technology. In focusing the program so heavily on social networking sites, it is surprising that there was no discussion of the repercussions of the availability and permanence of online personal data – not to sexual predators or college counselors, but in mass form, to service providers and marketers. As teens socialize online they share photos, videos, blog posts and personal musings – all of this content is hosted by sites that wield enormous power over what they do with these data, and who they share them with. As children grow up online – starting with NeoPets at 4, to MySpace at 14, to Facebook at 24 – they document everything, and leave this documentation in the hands of companies that have profit, rather than kids’ best interest, at heart. For example, Facebook collects information about users and then reserves the right to share all the amassed information with third parties. When signed in to email or blogger, Google is keeping tabs on every search the user conducts. In twenty years, marketers may know a six-year-old’s interests and habits better than he knows them himself.

Our research has shown that while many young people are disinterested about data collection issues, they are also largely unaware of what is being collected, how it is being used, and what the repercussions may be. Some who are more aware, cite the inevitability of compromising their privacy if they are going to engage in the social world, which, for the 12-24 age group, has migrated online. As one student we talked to – a particularly thoughtful high school senior – said “… anyone can have access to your stuff. [..] do you accept that because you participate in using internet and technology like that or is there a way to fight that and create ways in which you can keep stuff private and keep stuff yours? [..] People Google everything because they just think to. They don’t know where this information goes. They don’t know that [..] when you log on to certain sites [..] they keep track of [..] when you log on and what you write. [..] It’s the fact that people don’t know. ..There’s not enough transparency for young people to know and they participate very unknowledgeably. That’s what scares me because you don’t know what that will end up looking at later on.” Perhaps rather than focusing efforts on bills like DOPA that limit access to social sites in response to sexual predator fear, congress should focus on protecting the mass amounts of information service providers like MySpace and Facebook amass from the millions of young people that live their lives on these sites.

In spite of the current lack of attention among US lawmakers to these concerns, issues of privacy stemming from the use of new technologies are becoming increasingly relevant not only for digital natives, but for all citizens living online. In Europe, stricter privacy laws are bringing more attention to these issues: the Council of Europe has organized the second annual “Data Protection Day” (January 28, 2008) marked by campaigns to raise awareness amongst middle school and high school students about how and why personal information is collected, and what is done with these data. As part of this initiative, the transatlantic privacy perspective will be discussed at Duke University Center for European Studies. Education about issues of privacy must be extended beyond fears of sexual predators and trolling college admission officers or potential employers. The reality and implications of the widespread and largely unregulated collection and dissemination of private data must be taught to youth that spend so much time living and sharing online. In order to be successful, this is an effort which must be undertaken by the many stakeholders involved – parents, schools, young people themselves, and policy makers. It is not only necessary to reform current laws in order to make service providers act responsibly in the collection and sharing of user data, but also to help young people understand the online world they inhabit, so that they may engage in knowledgeable and critical ways.

Educating the public about privacy

On 28 January 2008, the second annual Data Protection Day will take place, organized by the Council of Europe, with different events planned in the different member states. The aim of this initiative is to raise awareness amongst citizens about how personal data is collected about them, why, and what is done with these data. It also aims to help European citizens understand what are their rights when it comes to data protection issues in several fields of their everyday life: health care, work, their relations with public authorities and when using and surfing the Internet.

In Italy the day will be marked by an initiative by the Garante della Privacy (the Italian data protection authority) particularly aimed at schools, in order to educate high school children about the privacy risks and rights, as well as the opportunities, provided by new technologies, such as the Internet and mobile phones.

This initiative coincides with today’s decision by the Italian Garante della Privacy that mobile phone and Internet service providers will not be allowed anymore to store personal data on users’ online activities. In particular, ISPs will be obliged to delete within two months all information on IP addresses, i.e. the websites visited by users, and on users’ queries and search terms/strings entered in search engines. This is in order to prevent ISPs to be able to reconstruct profiles of users in terms of their political, sexual or religious preferences and health condition on the basis of their online activities.

* For initiatives on Data Privacy Day in North America the event “Data Privacy in Transatlantic Perspective: Conflict or Cooperation?” is being held at the Duke University Center for European Studies.