链环保密:一种新的网络隐私保护体制

本文是斯坦福大学法学院互联网与社会中心的一篇探讨互联网隐私保护的学术文章。


网络隐私保护的最大挑战在于,如何保护那些个人展现在别人面前的信息?通常来说,一旦一个人在互联网上公布了个人信息,他就失去了对这些信息的控制。人们不再像传统意义上那样“拥有”个人信息,因此,他们不得不依赖他们信息的接受者(例如网站)来保护个人信息的安全。

Woodrow Hartzog认为,目前的法律在保护互联网用户的个人信息方面收效甚微,目前有关隐私的法律在保护第三方使用个人信息方面很有限、主观且模糊,而且时常会与其他的法令如“言论自由”等发生冲突。研究者在本文中提出了“链环保密”(chain-link confidentiality)的体制,这个体制契约性地将个人信息的展露与对此信息的保护结合起来。其他在线隐私体制通常将关注焦点放在信息的私人属性上,链环保密聚焦于关系之间的义务,不仅在信息展露者与第一个接收者之间,还在于最初的接收者与后续接收者之间。传递双方所默认的保密信息包括(1)在使用展露信息时所应遵守的义务和限制;(2)要求未来的接受者遵守同样的义务和限制;(3)要求延续合同链。由此得以在信息传递的过程中清晰有意义地保护个人信息。亦即,这一体制的核心是对信息保密义务的传递

最初的信息接受方同意后,第三方接受者也必须遵守信息的保密义务。在线上数据分享的情境下,“链环保密”系统如何运作?本文将会有较为详细的探索。

INFORMATION PRIVACY

CHAIN-LINK CONFIDENTIALITY

Woodrow Hartzog*
Assistant Professor, Cumberland School of Law at Samford University; Affiliate Scholar, Center for Internet and Society at Stanford Law School.

Read more from CIS of Stanford University
微盘下载链接:http://vdisk.weibo.com/s/6CZnl

I. INTRODUCTION
One of the most difficult challenges to the preservation of online privacy is the protection of information once it is exposed to other  people. Generally, individuals lose control of their personal information once they disclose it on the Internet. People do not “own” personal information in the traditional sense. Consequently, they are forced to rely upon the recipients of their information, such as websites, to keep it safe. 

The law provides few meaningful opportunities for Internet users to protect their own personal information. The current privacy laws are too limited, subjective, or vague to effectively police the “downstream” use of information by third parties.1 Yet, there is a growing consensus that information privacy must be protected,2 including calls for a privacy “bill of rights.”3 The challenge is not just if—but how—to protect an individual’s privacy on the Internet. 

This Essay proposes a “chain-link confidentiality” approach to protecting online privacy. A chain-link confidentiality regime would contractually link the disclosure of personal information to obligations to protect that information as it is disclosed downstream. Unlike other online privacy regimes that focus on the private nature of information, this proposal focuses on specific obligations within the relationships, not only between the discloser of information and the initial recipient, but also between the initial recipient and subsequent recipients. 

Many have dismissed confidentiality law as a viable remedy for online privacy harms because they view it as a “one-off ” protection or as too restrictive in contexts where sharing information is encouraged or required.4 Even advocates of confidentiality law recognize that it is limited in that it typically only binds the initial recipient of information.5 The discloser of information usually has no remedy under confidentiality law against third parties that further disclose confidential information.6 At first glance, online information seems particularly ill-suited to be protected by confidentiality law because of the overwhelming amount of people who use the Internet and the ease with which information is distributed. After all, there are an estimated 1.97 billion Internet users worldwide visiting over 255 million websites.7 Yet, only directly connected parties can become confidants.

Confidentiality law need not be limited to the initial recipient of information, however. This Essay argues that the basic principles of confidentiality and contract law can create an attractive and broadly applicable remedy for protecting the personal information of Internet users. This remedy would allow the obligations of confidentiality to follow personal information downstream. Confidentiality doctrine could become more lenient by allowing for the limited disclosure of confidential information while also becoming more protective by having confidentiality obligations follow the information to third-party recipients. Courts and lawmakers could construct systems for confidentiality protections that follow the disclosed information in a chain-link fashion by requiring third-party recipients of confidential information to observe the same confidentiality obligations to which the initial recipient agreed.

Under a regime of chain-link confidentiality, Internet users could then pursue a remedy against anyone in the chain who either failed to abide by her obligation of confidentiality or failed to require confidentiality of a third-party recipient. Even if legislators decided not to create a private cause of action for Internet users, a statutory privacy bill of rights could breathe life into confidentiality doctrine by requiring obligations of confidentiality to follow the disclosure of personal information online. 

This Essay explores various methods that courts and lawmakers can use to create a system of chain-link confidentiality in online data-sharing contexts. Part II of this Essay briefly explores the challenges and desirability of maintaining privacy in the digital age. This Part focuses on the failure of traditional remedies to protect online privacy, which necessitates a new approach that is clear, workable, and in harmony with other laws and policy goals, including the First Amendment’s guarantee of freedom of speech. This part also responds to the critique that confidentiality law is of limited applicability. It explores the abundant opportunities for relationships and privity online and the concentration of disclosure of personal information to a surprisingly limited number of websites. 

Part III introduces the general theory of chain-link  confidentiality. A chain-link confidentiality approach would use contracts to link recipients of personal information. These contracts would contain at least three kinds of terms: (1) obligations and restrictions on the use of the disclosed information; (2) requirements to bind future recipients to the same obligations and restrictions; and (3) requirements to perpetuate the contractual chain. The chief benefit of a chain-link confidentiality regime is that it would protect the downstream use of information in a clear and meaningful way. This Part explores the potential statutory and contractual applications of chain-link confidentiality. 

This Essay concludes by highlighting how a chain-link confidentiality approach to protecting online privacy can be a flexible and effective compromise that protects the downstream use of information while accommodating the free flow of information. 

文章下载:CHAIN-LINK CONFIDENTIALITY_SSRN-id2045818


Comments are closed.



无觅相关文章插件