Amid an outcry over Facebook’s privacy issues, a new legal framework is required across the spectrum to better identify what information is worthy of robust protection, researchers have stressed.
Facebook’s current data breach crisis and questions about how Google gathers, uses and stores our personal information demonstrate an urgent need to review and replace inadequate and outdated ways to regulate data and information, says the team from Indiana University’s Kelley School of Business.
“Existing information governance is haphazard and often limited by sector. Current regulation, or case law, fails to fully consider the nuisances of ubiquitous information flows,” said Anjanette “Angie” Raymond, Associate Professor of Business Law and Ethics in the Kelley School.
“Instead, the current system seeks to cram new data-related issues into existing legal frameworks, which are designed for paper and pencil and simple single-step technology,” she added in a paper in Washington and Lee Journal of Civil Rights and Social Justice.
Raymond offered an approach to managing data that includes ruling out the traditional use of privacy and property laws when it comes to digital information.
“We have to think about everything we share as containing tons of data and information that can be extracted and shared amongst a lot of different people. Regulation must reflect this reality,” Raymond added.
For example, there’s a lot of data associated with simply posting a picture to your profile.
Looking at the current Facebook crisis, Raymond said Cambridge Analytica’s use of data from various Facebook apps really isn’t much different; they just gathered the information into a single source.
“People are frustrated, feeling they were tricked to give away information as they engaged with activities on third-party apps,” she said.
“This sentiment is strong, yet everyone must understand that everything you post, click, like — everything you do — creates data that others can use.
“And scraping data is not extraordinarily difficult, so posting data at one place makes that data and information available to many.”
Instead of using privacy as a guiding principle, Raymond said that it’s more appropriate to use a model based upon the use of the data and the impact that using, sharing, re-sharing and potential loss will have on individuals.
“The existing gaps in legal regulation have led to industry attempting to fill the void, but these attempts are in their infancy and are often ineffective,” Raymond noted.