Solove on the PII Problem: Privacy and a New Concept of Personally Identifiable Information
From Politico’s Morning Tech, January 4, 2012: HAPPENING TODAY: The first is the official release of a new paper by professors Paul Schwartz and Daniel Solove on “PII 2.0,” at Microsoft’s D.C. headquarters and featuring a panel discussion afterward with reps from the FTC, ACLU and others. That begins at 9 a.m. For more information, click here.
On SSRN: The PII Problem: Privacy and a New Concept of Personally Identifiable Information
by Paul M. Schwartz, University of California, Berkeley – School of Law, and Daniel J. Solove, George Washington University Law School
- New York University Law Review, Vol. 86, p. 1814, 2011
- UC Berkeley Public Law Research Paper No. 1909366
- GWU Legal Studies Research Paper No. 584
- GWU Law School Public Law Research Paper No. 584
Abstract: Personally identifiable information (PII) is one of the most central concepts in information privacy regulation. The scope of privacy laws typically turns on whether PII is involved. The basic assumption behind the applicable laws is that if PII is not involved, then there can be no privacy harm. At the same time, there is no uniform definition of PII in information privacy law. Moreover, computer science has shown that in many circumstances non-PII can be linked to individuals, and that de-identified data can be re-identified. PII and non-PII are thus not immutable categories, and there is a risk that information deemed non-PII at one time can be transformed into PII at a later juncture. Due to the malleable nature of what constitutes PII, some commentators have even suggested that PII be abandoned as the mechanism by which to define the boundaries of privacy law.
In this Article, we argue that although the current approaches to PII are flawed, the concept of PII should not be abandoned. We develop a new approach called “PII 2.0,” which accounts for PII’s malleability. Based upon a standard rather than a rule, PII 2.0 utilizes a continuum of risk of identification. PII 2.0 regulates information that relates to either an “identified” or “identifiable” individual, and it establishes different requirements for each category. To illustrate this theory, we use the example of regulating behavioral marketing to adults and children. We show how existing approaches to PII impede the effective regulation of behavioral marketing, and how PII 2.0 would resolve these problems.
For full text of the article, visit The PII Problem: Privacy and a New Concept of Personally Identifiable Information by Paul Schwartz, Daniel Solove :: SSRN.
Tags: Daniel J. Solove, Daniel Solove, education, Microsoft, Paul Schwartz, Personally Identifiable Informaiton, Personally identifiable information, PII, PII 20, Privacy, Social Science Research Network
Dr. Lea Shanley is the founder and former co-Chair of the Federal Community of Practice on Crowdsourcing and Citizen Science, a vibrant community of 200 federal employees from more than 35 agencies. She is also a co-founding member of the Citizen Science Association. Dr. Shanley recently served as a Presidential Innovation Fellow at NASA, where she helped to foster a culture of open innovation. Prior to this, she founded and directed the Commons Lab at the Wilson Center, served in the US Senate as a Congressional Science Fellow, and worked with local and tribal communities to develop GIS-based decision support systems for city planning, natural resource management, coastal management, and disaster response through the University of Wisconsin-Madison.
Disclaimer: This is a personal blog of links to relevant news, events, and reports, provided for educational purposes only. The opinions and views contained therein are those only of the authors of the original articles. These opinions do not necessarily reflect those of the editor of this blog or or associated organizations.
Error: Twitter did not respond. Please wait a few minutes and refresh this page.
- RT @BioCollectives: .@WIRED @m_e_rhodes Great Read on #SidewaysDictionary by #Google tech incubator - The price of using analogies? @TheWil… 1 year ago
- RT @BioCollectives: Don’t know what a honeypot is? This plug-in uses analogies to make security terms totally understandable https://t.co/4… 1 year ago
- 131,814 hits