Winter 2018 PRIVACY, NOTICE, AND DESIGN 97
have shown that we do not make perfectly rational disclosure decisions.
Rather, we make them in context, influenced by those around us and the design of
online built environments.
The law of notice and choice today ignores such
contextual factors.
Therefore, it does not correspond to how we make
decisions in the real world, it is inconsistent with what we know about the
propensity to disclose, and it satisfies no one.
III. CONSTRAINED BY DESIGN
Notice and choice today is focused primarily on the content of privacy
policies and is manifested in long and impractical notices. It is also built on the
foundation of the perfectly rational user. But, as Julie Cohen notes, “cyberspace is
not, and never could be, the kingdom of the mind; minds are attached to bodies
and bodies exist in the space of the world.”
Laws and norms regulating internet
social life, therefore, cannot ignore our embodied experiences.
And those
embodied experiences are constrained by the design of the built environments
around us, both offline and online. In other words, the law of privacy notices
must both recognize that we can be constrained and manipulated by policy design
and, therefore, protect us from design’s potentially coercive effects.
. See Alessandro Acquisti & Jens Grossklags, What Can Behavioral Economics Teach Us
About Privacy, in DIGITAL PRIVACY: THEORY, TECHNOLOGIES, AND PRACTICES 363-64 (Alessandro
Acquisti, Stefanos Gritzalis, Costos Lambrinoudakis & Sabrina di Vimercati eds., 2007); Ales-
sandro Acquisti & Jens Grossklags, Privacy and Rationality in Individual Decision Making, IEEE
SEC. & PRIVACY Jan.-Feb. 2005, https://www.dtc.umn.edu/weis2004/acquisti.pdf
[https://perma.cc/BSU7-Y7WD].
. For example, Alessandro Acquisti, Leslie John, and George Loewenstein have found
that disclosure behavior is based on comparative judgments: if we perceive that others are will-
ing to disclose, we are more likely to disclose; if we perceive that the information asked of us is
particularly intrusive, we are less likely to disclose. See Alessandro Acquisti et al., The Impact of
Relative Standards on the Propensity to Disclose, 49 J. MARKETING RES. 160, 160, 165, 171, 172
(2012), https://www.cmu.edu/dietrich/sds/docs/loewenstein/ImpactRelStandards.pdf
[https://perma.cc/QP7C-L4W8]. Leslie John found that individuals are, perhaps counter-
intuitively, more willing to admit to bad behavior on unprofessional-looking websites. These
platforms were perceived to be more casual, relaxed, and informal, rather than less secure. See
John, Acquisti & Loewenstein, supra note 11. Moreover, other scholars have found that disclo-
sure can be emotionally manipulated: positive emotions about a website, inspired by website
design, the type of information requested, and the presence of a privacy policy, correlate with a
higher willingness to disclose. See Han Li et al., The Role of Affect and Cognition on Online Con-
sumers’ Decisions to Disclose Personal Information to Unfamiliar Online Vendors, 51 DECISION
SUPPORT SYS. 434, 435 (2011).
. See generally HELEN NISSENBAUM, PRIVACY IN CONTEXT: TECHNOLOGY, PRIVACY, AND
THE INTEGRITY OF SOCIAL LIFE (2009).
. These are the requirements of “pragmatic” truth, based on the work of John Dewey.
See James T. Kloppenberg, Pragmatism: An Old Name for Some New Ways of Thinking?, 82 J. AM.
HIST. 100, 103 (1996).
. Cohen, Cyberspace, supra note 12, at 218.
. That real people are on the other end of online data flows is, after all, why we care
about data flows in the first place. Id. at 221.