| | |
|
BrettJohnsonFirstPaper 3 - 16 Nov 2009 - Main.BrettJohnson
|
| |
| META TOPICPARENT | name="FirstPaper" |
|---|
I. INTRODUCTION | | | III. IMPLEMENTATION OF THE “OPT-IN” SYSTEM | |
<
< | I would propose legislation wherein the default rule provides that without consent in the form of “opting-in,” information gathered about a person over the internet may only be used as necessary to provide the service requested. The information gathered could not be disclosed or sold and it would need to be deleted within a reasonable amount of time. For example, if a person placed an order from WalMart? .com all information about the purchaser, including her personal information such as name, address, etc. and the product purchased, web pages visited, etc. would need to be deleted from WalMart? ’s database within a reasonable time after the product is received by the customer. See http://www.nytimes.com/2004/11/14/business/yourmoney/14wal.html?_r=1 (discussing Wal-Mart’s current use of personal information). Other entities, such as the Google search engine would not be able to store or disclose the information. See http://www.webmonkey.com/blog/Firefox_s_Private_Browsing__AKA__Porn_Mode__Arrives (private browsing available from Firefox). In the context of banking, information such as expenditures would need to be retained for record-keeping purposes but kept confidential and not used for purposes other than record-keeping and such information could not be shared with other entities or other departments within the same institution (such as where investment banks are allowed to merge with commercial depository banks after repeal of the Glass-Steagall Act). See http://en.wikipedia.org/wiki/Glass%E2%80%93Steagall_Act. | >
> | I would propose legislation wherein the default rule provides that without consent in the form of “opting-in,” information gathered about a person over the internet may only be used as necessary to provide the service requested. The information gathered could not be disclosed or sold and it would need to be deleted within a reasonable amount of time. For example, if a person placed an order from Wal-Mart.com all information about the purchaser, including her personal information such as name, address, etc. and the product purchased, web pages visited, etc. would need to be deleted from Wal-Mart’s database within a reasonable time after the product is received by the customer. See http://www.nytimes.com/2004/11/14/business/yourmoney/14wal.html?_r=1 (discussing Wal-Mart’s current use of personal information). Other entities, such as the Google search engine would not be able to store or disclose the information. See http://www.webmonkey.com/blog/Firefox_s_Private_Browsing__AKA__Porn_Mode__Arrives (private browsing available from Firefox). In the context of banking, information such as expenditures would need to be retained for record-keeping purposes but kept confidential and not used for purposes other than record-keeping and such information could not be shared with other entities or other departments within the same institution (such as where investment banks are allowed to merge with commercial depository banks after repeal of the Glass-Steagall Act). See http://en.wikipedia.org/wiki/Glass%E2%80%93Steagall_Act. | | | The legislation would, however, allow those private entities to mine data (purchase the ability to store, use, and sell the information) if after being fully informed a person believed that it was in her best interest to sell that information and opted-in. As previously mentioned, some people may desire to have special offers sent to them for future purchases of similar products. Other people may be persuaded by discounted prices or even cash payments for the information. The opt-in choice would perhaps require that to opt-in the person would be redirected to a federally maintained website that provided in understandable and brutally descriptive terms (drafted as part of the legislation) what the information could be collected, used for, by whom, and potential consequences thereof. Each entity that sought to mine data would need to obtain a consent from each person for which it gathered the information, based upon the user’s IP address. There would also be an option, each time referred to the “opt-in” website to register a single time to preclude all companies from making future offers to mine data from that IP address. See generally http://www.nytimes.com/library/tech/00/02/cyber/commerce/07commerce.html. |
|
|
|
|
This site is powered by the TWiki collaboration platform.
All material on this collaboration platform is the property of the contributing authors.
All material marked as authored by Eben Moglen is available under the license terms CC-BY-SA version 4.
|
|
| | |