Fixing the Broken Windows of Online Privacy Through Private Ordering: A Facebook Application

By: Andrew Jay McClurg
Published: October 2011
1 Wake Forest L. Rev. Online 74 (2011)
Fixing the Broken Windows of Online Privacy Through Private Ordering:  A Facebook Application

Building on a growing body of contract-based privacy scholarship,[1] Professor Patricia Sánchez Abril has advanced a creative, concededly ambitious proposal for people to privately order their online interpersonal privacy: a system of standardized click-wrap-type confidentiality agreements in which social network users would be required to accept a content provider’s personal privacy preferences to access their online information.[2]  The contracts would be legally binding, enforceable through traditional means, although Abril suggests that most breaches would be minor and could be addressed by a self-policed online complaint and/or an eBay-type rating system administered by the social network host.[3]  The central goal of her proposal is to enhance the overall context of online privacy.

I suggest that Facebook could avoid the most severe concerns raised by binding confidentiality contracts, while still significantly upgrading the context of online privacy, through a system of simple, non-binding privacy-preference icons, linked to short explanations, that would run with all posted content.

This is a short reply to Abril’s article.  Part I summarizes Abril’s theory and approach.  Part II imagines how her proposal might function, or be adapted to function, in a real-world context, using Facebook as an example.  Abril’s proposal is not limited to Facebook, but it is focused on online social networks.  The omnipresent force that is Facebook readily comes to mind when reading her article.  With more than 500 million members as of 2010,[4] Facebook is the undisputed heavyweight world champion of personal information-sharing.  Even my ninety-three-year-old dad is on Facebook, although at last check he had not posted his party pics.  If any single entity holds the power to change the context of online social network privacy, it’s Facebook.

Thinking about how Abril’s proposal might work with Facebook highlights obstacles to it, but also illustrates the great potential of her ideas.  In the end, modifying Abril’s idea, I suggest that Facebook[5] could avoid the most severe concerns raised by binding confidentiality contracts, while still significantly upgrading the context of online privacy, through a system of simple, non-binding privacy-preference icons, linked to short explanations, that would run with all posted content.  Part III is a brief conclusion.

I.  Summarizing Abril’s Private Ordering Thesis and Approach

Abril begins with the proposition that our online social environment is one in which disorder and disrespect for personal privacy run rampant.[6] Analogizing the situation to the “broken window theory” advanced by criminologists James Q. Wilson and George L. Kelling in the 1980s, she asserts that, by tolerating online privacy breaches, society has allowed a context to flourish that encourages, rather than deters, violations.  The broken window theory “posits that even the most minor evidence of communal abandonment (in the form of a broken window, graffiti, or an unchecked panhandler) creates a public perception of abandonment and lack of control, which in turn propagates antisocial behavior, disorder, and crime.”[7]  In the brick and mortar world, Wilson and Kelling theorized that if one broken window is left unrepaired on a building, it will not take long before all of the windows are broken.  Abril argues similarly that ignoring breaches of privacy in the virtual world encourages more of them.  As people see privacy breaches occurring on a repeated basis without anything being done to address them, they will (or already have) come to believe that society has abandoned concern about privacy.

Her proposal is designed to alter this context by conveying to people that society does still care about online privacy.  Society could accomplish this, she argues, by establishing a user-friendly system of legally enforceable, individualized online confidentiality agreements designed to address even minor privacy violations.[8]  In doing so, a new context of respect for privacy would be created that would avert more serious breaches.[9]

Specifically, she suggests that a system of online confidentiality agreements could be patterned after the Creative Commons non-profit copyright permission system founded in 2001.  The Creative Commons provides an infrastructure designed to enhance global access to copyrighted information by allowing copyright owners to license use of their works under rules less stringent than the default of “all rights reserved.”  Copyright holders can choose from a series of licenses of varying permissiveness.  These licenses are represented by icons and short phrases.[10]

Abril suggests that a similar system of icons and short explanatory phrases could be developed to indicate a person’s online privacy preferences.[11]  Each of the icons would be linked to the terms of the confidentiality contract.  Prospective recipients of a user’s online information would have to accept the confidentiality agreement to access the person’s information.[12]

While the confidentiality agreements called for in her proposal would be enforceable through traditional legal channels (i.e., litigation), Abril recognizes that traditional legal remedies would be practical only in the limited situations where substantial breaches result in significant economic damages.[13] Most violations would be in the nature of “pinpricks,”[14] small breaches that cause minor injury such as embarrassment or hurt feelings, not serious enough to warrant a lawsuit.

To remedy those, Abril recommends that social network hosts establish alternative dispute mechanisms such as a complaint and/or user rating system.  She points to the effectiveness of self-policing within online communities such as auction giant eBay and encyclopedia Wikipedia as examples of how leveraging reputation can transform loosely knit groups into tighter, interdependent groups.[15]

The big picture aim of the proposal is to create a new context in online communities in which even minor breaches of privacy can be addressed, less they serve as “broken windows” that lead to more, and worse, violations.

II.  Imagining a Facebook Application of Abril’s Proposal

Abril contemplates voluntary adoption of an online system of confidentiality contracts by social networking sites.[16] This part explores how Abril’s proposal might work using Facebook as an example.

A huge preliminary and perhaps unconquerable obstacle, of course, would be persuading Facebook (or other social networks) to adopt a contract-based privacy system for users.  Such a system could be expensive and time-consuming to develop, implement, and administer.  An even larger deterrent would be that, if a confidentiality-contract system proved to be effective, it could substantially restrict information sharing, which is exactly the opposite of what Facebook and other social networks want.

Facebook’s primary incentive for voluntarily adopting a privacy-contract system would be user demand.  Unfortunately, we—“we” being the collective universe of Facebook users—have, thus far, not shown sufficient concern about online privacy to stimulate the adoption of any bold means to protect it.  Abril cites survey evidence showing social media users are concerned about their lack of control over personal information online,[17] but it is one thing for people to tell surveyors that they care about privacy and quite another for them to take steps to protect it.

Large percentages of Facebook users never take the time to reset Facebook’s relatively open-sharing default privacy settings.  While reliable data is elusive, a report by the U.K. Office of Communications found that almost half of online social networkers use the default privacy settings.[18]  Another study showed 20-30 percent of college students do not understand how Facebook’s privacy controls work or how to change them.[19]

Complaints about Facebook for perceived privacy invasions are so common it is hard to remember or keep track of them.  Abril’s article centers on broken windows of online privacy in terms of individual user breaches, but these pale next to the cracked glass of online privacy infrastructure itself.  It seems like every other month that Facebook stirs up another privacy fracas with the announcement of a new feature: e.g., the Places feature that allows people to “check in” and disclose their physical movements, facial recognition software that could lead to the automatic tagging of photos, advertisements that use retransmitted info from friends who have “liked” a product or brand, and on and on.  (In the future, people may read the previous sentence and think “How quaint!” as new technology allows Facebook to post people’s thoughts without computer intervention.).

We squawk and harrumph, but continue signing up and logging on.  Backlashes against Facebook quickly lose their legs.  In 2010, a well-publicized “Quit Facebook Day” fizzled.  A reported 31,000 users quit on the appointed day, but millions of new members joined the same month.[20]  I’ve been writing and arguing about diminishing privacy for more than fifteen years.  Now, as a Facebook member with 593 “friends” as of this writing, I’m part of the problem.  We may not like Facebook,[21] but we take it.  We’re hooked.  We’re social information junkies and Facebook is the man in the shadows.

On the other hand, Facebook has responded to several user complaints about privacy[22] and it is not inconceivable that users could one day get so fed up that they really do start deserting Facebook in droves.  Meanwhile, recurring data breaches and general privacy concerns have once again ignited discussion of legislative action to regulate online privacy.[23]  Let’s assume hypothetically that, whether to bolster customer goodwill, ward off threatened legislative action,[24] or for other reasons, Facebook decided to adopt a contract-based confidentiality system along the lines of what Abril suggests.

Could it work?  I think so.  Facebook is uniquely positioned to make it work.  First, Facebook has the resources, both technical and financial, to develop and maintain the necessary infrastructure, including the capability to implement a privacy complaint and/or user-rating system as means of enforcement, as suggested by Abril.

Second, Facebook is an existing community within an existing system.  True, it’s a loose-knit community of a half-billion people, but the real communities for Facebookers are their networks of “Friends.”  Privacy settings exist to limit nearly all information sharing to “Friends only.”  Creating a context of respect for privacy among networks of friends seems doable.  Even without binding contracts, most friends would adhere to a user’s privacy preferences if they were aware of them.  More discussion of that below.

Third, precisely because Facebook is so ubiquitous, it is probably the only online social network that could successfully develop and implement a system of universally recognizable and understandable privacy icons, which would be essential to any effective system of widespread online private ordering of confidentiality.  Abril’s suggestion of an icon-based privacy-preference system is one of the highlights of her proposal.  Facebook’s penetration into global daily life and public consciousness makes it the prime candidate to create a system of functional privacy-preference icons.

But creating billions of legally enforceable confidentiality contracts raises daunting challenges.  If people took online confidentiality contracts seriously, a contract-based system could substantially infringe information-sharing on social networks, burdening speech.  Many people would not be willing to bind themselves to contracts simply to have a look at a person’s status reports or photos, at least not with respect to the many casual Facebook friends users tend to accumulate.  Some Facebook content is interesting, informative, and entertaining, but much of it is, shall we say, less-than-scintillating . . . .  I stopped writing to go check my Facebook news feed where I learned that one friend was “Off to buy a new coffee maker” while another opined that “Sweet tea is gross.”  A third friend had just posted a picture of his breakfast.[25]

Abril suggests a person’s confidentiality contract be accepted as a prerequisite to adding a person as a friend.[26] One could foresee a lot more friend rejections.  It wouldn’t be worth it to many people to enter into binding contracts for such little gain, particularly since it is predictable that many inadvertent contract breaches would occur in managing information-sharing within a large group of friends.  Strict liability is the standard for contract breaches.  Intent or negligence is not required.[27]

Of course, this could be viewed as an extremely positive development.  If users knew they were binding themselves to enforceable confidentiality contracts, they would be more selective both about whom they befriended and the types and amount of information they shared.  “Friend” would revert closer to its original meaning.  Privacy would be advanced.  Overall Facebook information-sharing might decline, but more meaningful sharing would increase.  Within smaller, trusted circles, more people would feel freer to exchange more intimate information than the standard Facebook fare.

Nevertheless, any privacy system that substantially burdened information-sharing would be rejected by social networks and probably the public at large.  Facebook is the primary communication portal for many, replacing e-mail (actual face-to-face speaking, of course, having long been rendered passé).  If it isn’t true already, barring major missteps (see myspace), one can foresee a day when Facebook is the dominant global communications medium.

But it is equally, if not more likely that people would not pay attention to or take the confidentiality agreements seriously, in which case the contracts would become like other click-wrap contracts: meaningless in the minds of most everyday computer users.  Most people do not read website privacy policies or online click-wrap agreements before accepting their terms.[28]  There is no reason to believe they would behave differently with respect to online confidentiality agreements.  One survey showed that a majority (fifty-five percent) of people who click “I Accept” on a click-wrap agreement don’t even realize they are entering into a binding contract.[29]

Enforcement is a related problem.  An absence of viable remedies for breaches of online interpersonal confidentiality agreements could quickly foster a lack of concern and regard for them.  If breaches were not remedied, contract law itself would become one more broken window in the virtual world.  Abril recognizes that traditional litigation would be reserved only for serious breaches, but her alternative suggestion of a privacy complaint and/or user-rating system run by the network host raises other questions.  How should Facebook respond to privacy complaints and violations?  Investigate?  Deactivate?  Some types of violations could be discovered only through monitoring by Facebook.  Needless to say, monitoring the thirty billion pieces of information shared each month on Facebook[30] would be difficult.  Monitoring could also, as Abril discusses, create liability issues.[31]  Most significantly in terms of privacy, it is highly questionable whether users would really want Facebook to be monitoring their interactions even more closely than is already occurring.  As for a user-rating system, it could be subject to abuse and itself an infringement of user privacy by publicly branding people as privacy invaders (although the risk of such exposure might be a more effective deterrent than a fear of being sued).

I suggest modifying her proposal by substituting in place of binding contracts an icon-based system of non-binding privacy preferences that would depend on conscience and loyalty to promote respect for online privacy.  My alternative would not be as protective of privacy as Abril’s approach, but it would be more feasible and less burdensome to speech.

The icons could assume many forms, but it would be essential that they be limited in number and easy to understand.  In the act-now, think-later world of social networking, the KISS principle (Keep It Simple and Stupid)[32] must govern here.  The icon-based Creative Commons copyright licensing system suggested as a model by Abril is ingenious, but the icons and explanatory phrases are complex and not intuitive.[33]  Facebook users interact spontaneously and often mindlessly with Facebook content, often posting or responding to dozens of pieces of information each day.  Many user status posts generate long lists of “Comments” and “Likes” within minutes.

It would be impossible to be too elementary in designing the privacy-preference icons.  Something as simple as High, Medium, and Low or No-Share, Medium-Share, and Open-Share—each linked to a short clear explanation of the privacy expectations represented by the icon—might work.  The privacy preferences and descriptions suggested by Abril would be a useful starting point to build upon.[34]  Another reason why simplicity would be essential is that, to be effective, the icons would have to be attached to and permanently travel with each item of posted information, including photos.  Given that the average Facebook user has 130 friends,[35] users could not be expected to remember individual privacy preferences accepted at the beginning of a friendship.

Some friends would betray people and violate their privacy preferences, of course, but I believe most people would honor them, again, assuming they were clearly displayed and easy to understand.  If friends indicated a preference, for example, not to have photos of them posted, be tagged in photos, or have their own photos shared with others, most friends presumably would abide by those preferences.

Compliance would occur primarily because of interpersonal loyalty.[36] Because loyalty to friends and intimates is such a highly valued trait, being disloyal should cause cognitive dissonance, an unpleasant feeling that humans strive to avoid.[37]  Group loyalty is implicated as well.  While it obviously varies by person, I believe a certain sense of group identification does exist among groups of Facebook friends.[38]  Because people know that Facebook users limit their circle of friends (albeit to varying degrees), being accepted as a friend enhances self-esteem, just as being rejected as a friend wounds self-esteem.  Group identification promotes group loyalty.  This has been shown to be true even with respect to artificially created groups.[39]  Breaching the privacy preferences of a friend or acquaintance who has accepted one into his or her online friendship circle would show disloyalty not only to the individual, but to the group that the violator has been allowed to join.  Violations of group loyalty should also cause dissonance and negative feelings about self.[40]

Over time, ubiquitously present privacy-preference icons should help promote respect for online privacy as a personal norm by serving as continual reminders that people still care about it.  The greater the awareness that social network friends are concerned with privacy, the greater the likelihood that internal voices would lead to privacy-respecting behavior even in the absence of possible external consequences.

Conclusion

Professor Abril’s excellent article stimulated me to think outside the parameters of traditional doctrinal legal responses to diminishing information privacy.  My suggested alternative proposal of a system of non-binding privacy-preference icons tied to short explanations falls short of the confidentiality protection that would be afforded by her binding-contract proposal, but it perhaps holds other advantages, such as being more feasible to implement and less burdensome to speech.  Whether Facebook or other online social networks ever would be willing to voluntarily adopt even my “confidentiality-lite” idea is questionable, of course.  As Abril noted in an email exchange, Facebook “is king” and can do as it chooses.

While we wait to see, online social network users should fix their own broken windows of online privacy by accepting more responsibility for it.  Follow the only rule for controlling the dissemination of personal information on social networks known to be full proof: Never post anything online you wouldn’t feel comfortable sharing with the entire world.

 

 


* Professor and Herbert Herff Chair of Excellence in Law, University of Memphis Cecil C. Humphreys School of Law.  Thanks to my excellent research assistants: Russell Hayes, Sally Monteith Joyner, Jonathan A. Lindsey, and Meredith Blake Stewart.  Thanks also to Professor Lee Harris for his comments on a draft, the Wake Forest Law Review, and especially Professor Abril for her ingenious, well-written article.

Footnotes    (↵ returns to text)
  1. In the past decade, several scholars, including Abril and myself, have pointed to contract law as a potential legal avenue for protecting information privacy.  See, e.g., Patricia Sánchez Abril & Anita Cava, Health Privacy in a Techno-Social World: A Cyber-Patient’s Bill of Rights, 6 Nw. J. Tech. & Intell. Prop. 244, 267–68 (2008) (advocating for the use of contracts to enforce confidentiality in the context of online health networks); Andrew J. McClurg, Kiss and Tell: Protecting Intimate Relationship Privacy Through Implied Contracts of Confidentiality, 74 U. Cin. L. Rev. 887, 908–29 (2006) (asserting that implied contracts of confidentiality arise in intimate relationships to not mass disseminate highly private and embarrassing information); Neil M. Richards & Daniel J. Solove, Privacy’s Other Path: Recovering the Law of Confidentiality, 96 Geo. L.J. 123, 179 (2007) (“There is additional support for the proposition that existing First Amendment law is far more comfortable with enforcing nondisclosure rules in the context of relationships, even those involving the press.”); Pamela Samuelson, Privacy as Intellectual Property?, 52 Stan. L. Rev. 1125, 1172 (2000) (asserting that a contractual approach to protecting information privacy “is a flexible, adaptable, market-oriented way to allow individuals to control uses of personal data”); Eugene Volokh, Freedom of Speech and Information Privacy: The Troubling Implications of a Right to Stop People from Speaking About You, 52 Stan. L. Rev. 1049, 1062 (2000) (arguing that a contractual approach to information privacy may be the only constitutional avenue for information privacy advocates).
  2. Patricia Sánchez Abril, Private Ordering: A Contractual Approach to Online Interpersonal Privacy, 45 Wake Forest L. Rev. 689, 720–26 (2010).
  3. It should be noted that Abril did not set out to offer a definitive blueprint for implementing her proposal.  Her suggestions for how it might function were offered merely as possibilities.  See id.
  4. As of June 2011, Facebook reported 500 million members and that: users spend more than 700 billion minutes on Facebook each month, half of users log on to Facebook daily, and more than thirty billion pieces of information are shared each month.  Facebook Press Room: Statistics, Facebook, http://www.facebook.com/press/info.php?statistics (last visited June 21, 2011).  The average user has 130 friends, creates ninety items of content each month, and is connected to eighty community pages, groups, and events.  Id.
  5. While this Essay is directed at Facebook, many of the points would apply to other electronic social networks such as Twitter, LinkedIn, etc.
  6. Abril, supra note 2, at 692.
  7.  Id. at 690.
  8.  See id. at 694.
  9.  Id.
  10. For an example, see infra note 33.
  11. Abril, supra note 2, at 721–22.
  12.  Id. at 722.
  13.  See id. at 716–19.  In addition to the high cost and unwieldiness of litigation, a significant obstacle to relying on breach of confidentiality contracts to enforce personal privacy is that contract law generally does not allow for recovery for intangible emotional harm, which is the type of harm most likely to result from breaches of confidence.  See McClurg, supra note 1, at 934–37 (explaining this restriction but also explaining potential ways around it).
  14. Abril borrowed this term from Professor Jay Weiser.  Abril, supra note 2, at 706 n.123.
  15.  Id. at 724.
  16.  Id. at 725–26.  She does not call for legislation mandating such a system, a good choice given the global nature of the issue.  Facebook reports that 70 percent of users live outside the United States.  Facebook Press Room: Statistics, supra note 4.  Additionally, legislators in the United States have shown little concern for privacy as compared, for example, to European countries, which impose strong restrictions on the nonconsensual sharing of personal data.  See Robert Terenzi, Jr., Friending Privacy: Toward Self-Regulation of Second Generation Social Networks, 20 Fordham Intell. Prop. Media & Ent. L.J. 1049, 1097 (2010) (“[C]ompared to the United States privacy law regime, the European Union’s efforts and legislative scheme is an aggressive, comprehensive attempt to both reign in social networking sites’ use of their users’ personal information and protect the European citizenry.”).
  17. Abril, supra note 2, at 693.
  18. James Grimmelmann, Saving Facebook, 94 Iowa L. Rev. 1137, 1185 (2009) (citing Office of Commc’ns, Social Networking: A Quantitative and Qualitative Research Report into Attitudes, Behaviors, and Use, 8 (2008), http://www.ofcom.org.uk/advice/media_literacy/medlitpub/medlitpubrss/socialnetworking/report.pdf).
  19. Alessandro Acquisti & Ralph Gross, Imagined Communities: Awareness, Information Sharing, and Privacy on the Facebook, in Privacy Enhancing Technologies: Sixth International Workshop 36, 51–52 (George Danezis & Philippe Golle eds., 2006), http://privacy.cs.cmu.edu/dataprivacy
    /projects/facebook/facebook2.pdf (showing that 22 percent of participants of a study did not know their Facebook privacy settings or remember whether they had ever changed them; 30 percent did not know whether Facebook allows users to control who can search for them or believed they had no such control; 18 percent did not know whether they could manage who is able to view their profiles or believed they had no such control).  In the rapidly changing landscape of online social networking, these figures, from 2006, are admittedly dated.
  20. Matthew Shaer, Why Facebook Enjoys Explosive Growth—Despite its Many Stumbles: Facebook’s Staggering Growth Rolls Over Critics on Issues from Ease of Use to User Privacy, Christian Sci. Monitor (Aug. 19, 2010, 4:27 PM), http://www.csmonitor.com/Innovation/Tech/2010/0819/Why‑Facebook‑enjoys‑explosive-growth-despite-its-many-stumbles (discussing the “Quit Facebook Day” that occurred on May 31, 2010, and reporting these figures).
  21.  Id.  In 2010, the American Consumer Satisfaction Index, based on interviews with seventy thousand consumers, ranked Facebook in the bottom 5 percent of all privately held U.S. companies, making Facebook less liked than property and casualty insurance companies.  Id.
  22.  See, e.g., Barbara Ortutay, Facebook to Simplify its Privacy Settings, Deseret Morning News, July 2, 2009, at A10 (explaining that Facebook streamlined its increasingly complex privacy controls to “prevent another backlash”); Laurie Segall, Facebook Halts Phone Number Sharing Feature, CNNMoney.com (Jan. 18, 2011, 10:33 AM), http://money.cnn.com/2011/01/18
    /technology/facebook_privacy/index.htm (stating that a feature allowing applications access to users’ addresses and phone numbers was disabled temporarily because Facebook failed to adequately explain the changes to quell users’ concerns); Louise Story, Apologetic, Facebook Changes Ad Program, N.Y. Times, Dec. 6, 2007, at C4 (claiming public outrage prompted Facebook to modify a feature that advertised users’ Internet purchases on the site); Jessica E. Vascellaro, Facebook Performs About-Face on Data, Wall St. J., Feb. 19, 2009, at B8 (revealing that Facebook halted plans to change its terms of service after privacy advocates prepared to file a complaint with the FTC); Wailin Wong, Intersection of Personal, Private Keeps Shifting, The Morning Call, May 27, 2010, at C25 (describing how Facebook simplified privacy settings and reduced the amount of profile information available to the public in response to complaints from users concerned that Facebook was “pushing for too much personal information to be made public”).
  23.  See Jon Swartz, Facebook Changes its Status in Washington: Social-Media Company Spends More to Protect its Interests, USA Today, Jan. 13, 2011, at 1B (discussing Rep. Ed Markey’s (D-MA) plan to introduce a bill that would require a “do-not-track” option for children).
  24.  Id. (stating that Facebook is bolstering its lobbying presence on Capitol Hill “[a]s lawmakers and regulators ponder sweeping changes to online privacy law”).
  25. It’s easy and popular to bash Facebook, but one should not overlook the extraordinary utility of Facebook to allow users to stay connected to people they genuinely care about but who, because of spatial or temporal distance, they would not otherwise maintain regular contact with.  Through Facebook, I’ve been able to, albeit remotely, celebrate friends’ marriages, new parenthood, and job triumphs, as well as sympathize with their divorces, illnesses, and deaths of loved ones.
  26. Abril, supra note 2, at 725.
  27.  See John D. Calamari & Joseph M. Perillo, The Law of Contracts § 12-1, at 513 (3d ed. 1987) (stating that “[a]ny failure to perform a contractual duty which has arisen constitutes a breach”).
  28. Reliable, current data on this point is surprisingly sparse.  One survey found that 40 percent of people never read online agreements while 50 percent sometimes do; 64 percent always click the Accept button, while 35 percent sometimes do; and 79 percent have never kept a copy of a click-wrap agreement that they had accepted.  Adam Gatt, Electronic Commerce—Click-Wrap Agreements: The Enforceability of Click-Wrap Agreements, 18 Computer L. & Sec. Rev. 404, 408 (2002).  The survey may overstate the percentage of the general public who pay attention to online agreements given that 38 percent of the respondents were in the IT, Internet, and e-commerce fields.  Id. at 407.  Anecdotally, on April Fool’s Day 2010, GameStation, a U.K.-based online gaming store, slipped a provision into its website privacy policy stating that persons placing an order transferred their “immortal souls” to the company.  Eighty-eight percent of customers, 7500 of them, transferred their souls to GameStation.  Only 12 percent opted out.  See Rob Manker, Small Talk, Chi. Trib., Apr. 21, 2010, at 3, available at http://articles.chicagotribune.com/2010
    -04-20/news/ct-talk-small-talk-0421-20100419_1_iphone-british-woman-china
    -speech; Catharine Smith, 7,500 Online Shoppers Accidentally Sold Their Souls To Gamestation, Huffington Post (Apr. 19, 2010, 11:57 AM), http://www.huffingtonpost.com/2010/04/17/gamestation‑grabs‑souls‑o_n_541549.html.
  29. Gatt, supra note 28, at 408.
  30.  See supra note 4 and accompanying text.
  31. Abril, supra note 2, at 702–03, 725–26 (discussing the potential of liability exposure for online providers that monitor/edit online content).
  32. This is a slight modification of the original KISS principle, “Keep It Simple, Stupid,” which can be misinterpreted as an insult.
  33. Here is a sample of a Creative Commons icon and short phrase option: you, as a copyright holder, could choose among the offered copyright options to give permission to others to “remix, tweak, and build upon your work non-commercially, as long as they credit you and license their new creations under the identical terms.” Such a license would be indicated by this icon and phrase:

    Attribution-NonCommercial-ShareAlike
    CC BY-NC-SA

    About the Licenses, Creative Commons, http://creativecommons.org/licenses/ (last visited Feb. 11, 2011).

  34. She suggested the following categories:

    “Unlimited Share” (permission to view, disclose, disseminate, download, and print); “Share Only Within My Network” (permission to share and disclose within a group predefined by the privacy proponent); “View Only” (permission to view but not to share, forward, disseminate, download, or print); and “Confidential” (permission to access information, but recipient may not disseminate, disclose, or discuss its contents).

    Abril, supra note 2, at 721–22.

  35.  See supra note 4 and accompanying text.
  36. Most Facebook friendships arise from offline relationships, but interpersonal loyalty can also arise in purely online relationships.  Research suggests that friendships formed online function similarly to those formed offline, and, like offline relationships, include trust as a component.  See Denise Carter, Living in Virtual Communities: An Ethnography of Human Relationships in Cyberspace, 8 Info. Comm. & Soc’y 148, 164–65 (2005) (studying relationships formed in virtual community Cybercity and concluding, among other things, that relationships develop in online communities much the way they do offline and that “it is clear that mutual trust is an important element in this”).
  37. Cognitive dissonance is the tension that arises when one holds two conflicting beliefs or believes one way and then acts another.  See generally Andrew J. McClurg, Good Cop, Bad Cop: Using Cognitive Dissonance Theory to Reduce Police Lying, 32 U.C. Davis L. Rev. 389, 393–94, 414–15, 424–28 (1999) (explaining cognitive dissonance theory).
  38. Here, I’m using “group” generically to refer to a circle of Facebook friends, but the same principles would apply to formal Facebook “Groups,” less strongly on the individual loyalty front in Groups not grounded in interpersonal ties, but perhaps more strongly on the group loyalty front because members of many Facebook Groups are bonded by a common interest important to the members.
  39.  See Andrew Beer & David Watson, The Individual and Group Loyalty Scales (IGLS): Construction and Preliminary Validation, 91 J. Personality Assessment 277, 278 (2009) (discussing a study of loyalty in artificially created groups).
  40.  Cf. Keith James & Russell Cropanzano, Dispositional Group Loyalty and Individual Action for the Benefit of an Ingroup: Experimental and Correlational Evidence, 60 Organizational Behav. & Hum. Decision Processes 179, 181 (1994) (discussing concept that status within groups has an impact on self-esteem, and because negative feelings about self are aversive, group membership can motivate loyalty to act for the group’s benefit to avoid those negative feelings).



Leave a Comment

You must be logged in to post a comment.