BLOOMINGTON, Ind. -- Facebook's current privacy crisis and questions about how Google gathers, uses and stores our personal information demonstrate an urgent need to review and replace inadequate and outdated ways to regulate data and information, according to research from Indiana University's Kelley School of Business.
In a forthcoming paper in Washington and Lee Journal of Civil Rights and Social Justice, Anjanette "Angie" Raymond, an associate professor of business law and ethics in the Kelley School, recommends a new legal framework to better identify what information is worthy of robust protection.
"Existing information governance is haphazard and often limited by sector," said Raymond, who directs IU's Ostrom Workshop Program on Data Management and Information Governance and is an adjunct associate professor in the IU Maurer School of Law.
"Current regulation, or case law, fails to fully consider the nuisances of ubiquitous information flows," she said. "Instead, the current system seeks to cram new data-related issues into existing legal frameworks, which are designed for paper and pencil and simple single-step technology."
Raymond offers an approach to managing data that includes ruling out the traditional use of privacy and property laws when it comes to digital information.
"It's almost silly to argue for privacy protections when you're posting stuff to the public on Facebook and other social media outlets," she said. "We have to think about everything we share as containing tons of data and information that can be extracted and shared amongst a lot of different people. Regulation must reflect this reality"
For example, there's a lot of data associated with simply posting a picture to your profile. Looking at the current Facebook crisis, Raymond said Cambridge Analytica's use of data from various Facebook apps really isn't much different; they just gathered the information into a single source.
"People are frustrated, feeling they were tricked to give away information as they engaged with activities on third-party apps," she said. "This sentiment is strong, yet everyone must understand that everything you post, click, like -- everything you do -- creates data that others can use. And scraping data is not extraordinarily difficult, so posting data at one place makes that data and information available to many."
Instead of using privacy as a guiding principle, Raymond said it's more appropriate to use a model based upon the use of the data and the impact that using, sharing, re-sharing and potential loss will have on individuals.
She said it's important to keep in mind that much of the data at issue is information that social media sites require to verify users' identity. They require users to provide key and often sensitive information, and users don't have an option to opt-out.
While these situations may upset users, the law presently provides few clear guiding principles on how information should be shared.
"The existing gaps in legal regulation have led to industry attempting to fill the void, but these attempts are in their infancy and are often ineffective," Raymond said.
"We're not going to have the answers," she added. Until a more appropriate means of addressing these issues is established, "we need to accept the fact that we are currently standing with uncertain footing."
The article, "Information and the Regulatory Landscape: A Growing Need to Reconsider Existing Legal Frameworks," will appear in the spring issue of Washington and Lee Journal of Civil Rights and Social Justice.