This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
The Limits of Notice and Choice
March/April 2010 (vol. 8 no. 2)
pp. 59-62
Fred H. Cate, Indiana University
Modern data-protection systems rely heavily on notice and choice and often identify preserving individual choice as the goal they serve. Regulators, academics, privacy advocates, and industry leaders in the US and Europe are increasingly questioning notice and choice as inadequate, unworkable, and in some cases undesirable. The challenge now is to determine in what settings notice and choice have value, and what data protection tools should replace them where they do not.

1. J. Leibowitz introductory remarks, FTC Privacy Roundtable, 7 Dec. 2009; www.ftc.gov/speeches/leibowitz091207privacyremarks.pdf .
2. A.F. Westin, Privacy and Freedom, Atheneum, 1967.
3. Guidelines on the Protection of Privacy and Transborder Flows of Personal Data, Org. for Economic Cooperation and Development, 1 Oct. 1980, p. 7.
4. Directive 95/46/EC of the European Parliament and of the Council on the Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of Such Data, Oct. 1995, preamble, paragraph 25, articles 7(a), 8(2)(a), and 26(1)(a).
5. APEC Privacy Framework, Asia-Pacific Economic Cooperation, Nov. 2004, p. 12.
6. P.M. Schwartz, "Privacy and Democracy in Cyberspace," Vanderbilt Law Rev., vol. 52, 1999, p. 17.
7. Standards for Privacy of Individually Identifiable Health Information, Federal Register, vol. 65, 2000, p. 82,462, amended by Federal Register, vol. 67, 2002, p. 43,181 (codified in Code of Federal Regulations, vol. 45, sections 164.502, 164.506, 164.506(a), 164.508(a)(1), 164.510, and 164.514(b)(2)(i)).
8. K. Walker, "The Costs of Privacy," Harvard J. Law & Public Policy, vol. 25, 2001, pp. 87, 107, 108, 110, 111, and 112.
9. Gramm-Leach-Bliley Financial Services Modernization Act, Public Law No. 106–102, US Statutes at Large, vol. 113, 1999, p. 1338 and section 503(b).
10. J. Kirk, "EFF: Browsers Can Leave a Unique Trail on the Web," PC World, 29 Jan. 2010; www.pcworld.com/article/188134eff_browsers_can_leave_a_unique_trail_on_the_web.html .
11. T. Muris, "Protecting Consumers' Privacy: 2002 and Beyond," Privacy 2001 Conf., 4 Oct. 2001; www.ftc.gov/speeches/murisprivisp1002.shtm .
12. D. Casarett et al., "Bioethical Issues in Pharmacoepidemiologic Research," Pharmacoepidemiology, 4th ed., R.L. Strom ed., 2005, p. 594.
13. R. Thomas, and M. Walport, Data Sharing Rev. Report, 2008, p. 70; www.justice.gov.uk/reviews/docsdata-sharing-review-report.pdf .
14. Beyond the HIPAA Privacy Rule: Enhancing Privacy, Improving Health through Research, Inst. of Medicine, 2009, p. 6.
15. Int'l Standards for the Protection of Privacy and Personal Data, adopted by the 31st Int'l Conf. Data Protection and Privacy Commissioners, 2009; www.privacyconference2009.org/dpas_space/ Resolucionindex-iden-idphp.php.
16. The Future of Privacy: Joint Contribution to the Consultation of the European Commission on the Legal Framework for the Fundamental Right to Protection of Personal Data, Article 29 Working Party and the Working Party on Police and Justice, 1 Dec. 2009; http://ec.europa.eu/justice_home/fsj/privacy/ docs/wpdocs/2009wp168_en.pdf.

Index Terms:
privacy, data protection, policy, law
Citation:
Fred H. Cate, "The Limits of Notice and Choice," IEEE Security & Privacy, vol. 8, no. 2, pp. 59-62, March-April 2010, doi:10.1109/MSP.2010.84
Usage of this product signifies your acceptance of the Terms of Use.