Contemporary consumer privacy law in the United States is largely based on the Fair Information Practice Principles (FIPPs) which have instituted the popular “notice and choice” model of Internet consumer privacy protection. But, besides the overwhelming evidence of the failure of the notice and choice model, the FIPPs are conceptually challenged by the Internet of Things. If consumer privacy law is to survive in the twenty-first century, either the conflict between FIPPs and the Internet of Things must be resolved or an entirely new approach to consumer privacy must be devised.
If privacy policies are meant to secure informed consent from consumers before their personal data is collected, several studies have shown that they have failed. Consumers do not know what privacy policies are, often because they either do not read them or they cannot understand them. How should consumer privacy regulators address this failure? Drawing on lessons from current failures, some researchers are advocating a “nutrition label” approach to privacy policies.
[Excerpt] Aadhaar’s vast database of biometric information is another pillar of India’s national security state. India is currently engaged in technological projects of astonishing dimensions, a colossally wide array of information collection, communications monitoring, and identity profiling. Biometrics have long been associated with biopower, a Foucauldian concept that is being frequently revisited as the world negotiates pervasive surveillance. The Aadhaar project is a new frontier in biopower: unparalleled in scale and unchecked by law, it is obliterating privacy.
In late September 2015, the Indian government published an ill-conceived and poorly drafted national encryption policy which would have had severely detrimental impacts on privacy, freedom of speech, national security, foreign investment, and the regular business of the telecommunications and Internet industry in India. After public uproar and international ridicule, the policy was withdrawn on the eve of Prime Minister Modi’s visit to Silicon Valley to invite investment in his Digital India project. This post simply breaks down encryption and examines the motives and implications of the policy. Click the title to read more.
[Excerpt] Because of its disjointed development, the constitutional basis of the right to privacy in India remains muddy. Indian courts have yet to craft a privacy rights jurisprudence that responds to surveillance, morals-based denials of personal choices, and forcible collections of bodily information. There are wide gaps in the right to privacy through which the collection of biometric information for the Aadhar project could easily slip through, perhaps even be made compulsory.