Skip to content

Commit

Permalink
Draft Assumptions
Browse files Browse the repository at this point in the history
Shorten privacy labour (#422) and FIPS (#347)
  • Loading branch information
rhiaro committed Jun 4, 2024
1 parent 847d209 commit bb1661f
Showing 1 changed file with 32 additions and 26 deletions.
58 changes: 32 additions & 26 deletions index.html
Original file line number Diff line number Diff line change
Expand Up @@ -653,6 +653,28 @@
is not merely an implementation of a particular legal privacy regime; it has distinct features and
guarantees driven by shared values that often exceed legal requirements for privacy.

## Assumptions

* for everyone
* limited time/headspace for decisions
* vulnerable
* vary from context to context
* User agents should balance a benevolent guardian's need to protect their ward from dangers, against a ward's need to protect themself if they have a malicious guardian.
* Governance will often struggle to achieve its goals if it works primarily by increasing individual control instead of by collective action.
* user agents serve the user
* privacy is contested because of economic incentives to exploit and take advantage people, and power hierarchies that desire to maintain the status quo
* power asymmetries exist and we must work to mitigate the threats that arise from this

One notable issue with procedural approaches to privacy is that they tend to have the same
requirements in situations where people find themselves in a significant asymmetry of
power with another [=actor=] — for instance a [=person=] using an essential service provided by a
monopolistic platform — and those where a person and the other [=actor=] are very much on equal
footing, or even where the [=person=] may have greater power, as is the case with small
businesses operating in a competitive environment. They also do not consider cases in
which one [=actor=] may coerce other [=actors=] into facilitating its [=inappropriate=]
practices, as is often the case with dominant players in advertising or in content aggregation
([[?Consent-Lackeys]], [[?CAT]]).

# Principles for Privacy on the Web

This section describes a set of principles designed to apply to the web
Expand Down Expand Up @@ -1727,35 +1749,19 @@

### Privacy Labour {#privacy-labour}

<dfn data-lt="privacy labor|labour|labor">Privacy labour</dfn> is the practice of having a [=person=] do
the work of ensuring [=data processing=] of which they are the subject or recipient is
[=appropriate=], instead of putting the responsibility on the [=actors=] who are doing the processing.
<dfn data-lt="privacy labor|labour|labor">Privacy labour</dfn> when a [=person=] is required to do
the work to make sure [=data processing=] of which they are the subject or recipient is
[=appropriate=], instead of the [=actors=] who are doing the processing.
Data systems that are based on asking [=people=] for their [=consent=] tend to increase
[=privacy labour=].

More generally, implementations of [=privacy=] often offload [=labour=] to [=people=]. This is
notably true of the regimes descended from the <dfn data-lt="FIPs">Fair Information Practices</dfn>
([=FIPs=]), a loose set of principles initially elaborated in the 1970s in support of individual
[=autonomy=] in the face of growing concerns with databases. The [=FIPs=] generally assume that
there is sufficiently little [=data processing=] taking place that any [=person=] will be able to
carry out sufficient diligence to be [=autonomous=] in their decision-making. Since they offload
the [=privacy labour=] to people and assume perfect, unlimited [=autonomy=], the [=FIPs=] do not
forbid specific types of [=data processing=] but only place them under different procedural
requirements. This approach is no longer [=appropriate=].

One notable issue with procedural approaches to privacy is that they tend to have the same
requirements in situations where people find themselves in a significant asymmetry of
power with another [=actor=] — for instance a [=person=] using an essential service provided by a
monopolistic platform — and those where a person and the other [=actor=] are very much on equal
footing, or even where the [=person=] may have greater power, as is the case with small
businesses operating in a competitive environment. They also do not consider cases in
which one [=actor=] may coerce other [=actors=] into facilitating its [=inappropriate=]
practices, as is often the case with dominant players in advertising or in content aggregation
([[?Consent-Lackeys]], [[?CAT]]).

Reference to the [=FIPs=] survives to this day. They are often referenced as "<i>transparency
and choice</i>", which, in today's digital environment, is often an indication that
[=inappropriate=] [=processing=] is being described.
Compliance requirements based on the <dfn data-lt="FIPs">Fair Information Practices</dfn> ([=FIPs=])
often increase [=privacy labour=] as they
do not forbid specific types of [=data processing=]
and assume perfect, unlimited [=autonomy=].
The volume of [=data processing=] taking place is now
much higher than when the [=FIPS=] were written,
so this approach is no longer [=appropriate=]

## Vulnerability {#vulnerability}

Expand Down

0 comments on commit bb1661f

Please sign in to comment.