I have been a fan of Daniel Solove’s approach to privacy, where he foregrounds actual harms suffered by individuals rather than derive remedies from abstract principles. I have often said that the informed-consent model is of zero value when people find that their personally identifiable information stored by an organization has been stolen.
The US Federal Trade Commission has called for comments on informational harms or injuries. I am tempted to respond. Would if there were 28 hours in a day.
“Information flows of all kinds are vital to our economy, but the increased collection and use of consumers’ information carries some risk for consumers when that information is misused,” said Acting FTC Chairman Maureen K. Ohlhausen. “This workshop is aimed at helping us to better identify and measure the consumer injuries that may result from the misuse of information about consumers.”
To help assist the agency’s analysis of this topic, the FTC is seeking comment on a range of issues including:
What are the qualitatively different types of injuries from privacy and data security incidents?
What frameworks might we use to assess these different injuries? How do we quantify injuries?
How do businesses evaluate the benefits, costs, and risks of collecting and using consumer information in light of potential injuries? How do consumers evaluate the benefits, costs, and risks of sharing information in light of potential injuries?