OneTrust_Square Banner_300x250_DD_ROS_01_19
Privacy and the City

I have written on the need for adequate privacy protections to allow individuals to exercise their Right to Fail. For people to come together to collaborate and innovate, we need to make certain individuals can try new ideas. We need people to take risks and often fail, without running the risk that every failure will be catalogued forever in a virtual permanent record and those failures will be retrievable with a simple Internet search or report from a data aggregator/broker. People are inherently social and want to collaborate and innovate, but we need to create the right privacy policy environment to both foster that innate desire and protect individuals from counterproductive consequences from our social nature.

Edward Glaeser wrote on just this topic in his excellent book, Triumph of the City: How our Greatest Invention Makes Us Richer, Smarter, Greener, Healthier and Happier . The book describes how cities have historically been the engines of innovation as they bring people together to collaborate and create.

“There is little that you own or use or know that wasn’t created by someone else. Humans are an intensely social species that excels, like ants or gibbons, in producing things together. Just as ant colonies do things that are far beyond the abilities of isolated insects, cities achieve much more than isolated humans. Cities enable collaboration, especially the joint production of knowledge that is mankind’s most important creation.” (P.249)

When encouraged with productive policy decisions, cities can be environmentally efficient economic and innovation engines. Productive policy decisions are important in cities, because the more people come together in limited physical space, the more important it is to proactively manage the negative consequences of human interaction—disease, crime, free riding and reductions in privacy. While Glaeser points to several negative policy decisions which reduce the effectiveness of cities, such as limiting the heights of buildings, he also advocates that regulation is necessary. Glaeser’s model is instructive as we continue to look for the most productive ways to regulate our online environments where we socialize and collaborate.

“The enduring strength of cities reflects the profoundly social nature of humanity. Our ability to connect with one another is the defining characteristic of our species. We grew as a species because we hunted in packs and shared our kills. Psychologist Steven Pinker argues that group living, the primitive version of city life, “set the stage for the evolution of humanlike intelligence.” We built civilizations and culture together, constantly learning from one another and from the past. New technologies from the book to Google have failed to change our fundamentally social nature. They’ve made it easier to learn some things without meeting face-to-face, but that hasn’t eliminated the extra edge that comes from interacting in person. Indeed, since new technologies have increased the returns from new ideas, they have also increased the returns from face-to-face collaboration.”  (P.269)

Glaeser’s point on the significance of face-to-face contact strikes me as true. Our online interactions create connections, inform us and preserve relationships, but it is in-person contact that fosters lasting bonds and best sparks innovation and new ideas. Technology companies, like Intel, which have researchers dispersed all over the world, still value and invest in opportunities to interact face-to-face. A recent conversation with Duke University’s Director of the Center for Learning Healthcare Dr. Amy Abernethy reinforced this point. Dr. Abernethy shared that healthcare data analytics provide substantial guidance to a physician but they improve, instead of replace, the value of the physical connection of the in-person meeting between a doctor and a patient.

Given the close connection between our online and physical interactions, there is much we can learn about encouraging successful online collaboration and innovation from the policies that have supported growth of the world’s great cities. Among Glaeser’s observations, are four specific policy insights for thriving cities:

  1. Provide clean water.
  2. Reduce crime (create visibility to crime so people can help in policing).
  3. Increase tolls on the use of roads (decrease free riding).
  4. Remove restrictions on building heights (reduce artificial restrictions on people interacting).

There are four direct online analogies to these policy recommendations:

  1. Decrease malware (purify the stream of data, so that people may drink from it).
  2. Reduce cybercrime (specifically by creating a functioning identity system that preserves privacy).
  3. Provide modernized privacy laws, and give individuals technology to increase control over how their data is used (decrease free riding on the sale of personal data).
  4. Remove unnecessary administrative burdens and restraints on international data transfer.

The Internet creates myriad “virtual cities” where individuals work, socialize, enjoy entertainment, learn and innovate. As with physical cities, individuals have considerable concern with crime and whether they are at risk. Improving cybersecurity through decreasing the ability of malware to cause harm, and investigating and prosecuting cyber-criminals, is a critical need for better-functioning virtual cities.

Similarly, individuals report significant concerns about online privacy. To help address these concerns, we need improved privacy laws and better privacy technologies.

Governments have traditionally placed the burden of protecting privacy on the individual by presuming individuals read privacy notices. These privacy notices have never been a complete solution, and the framework is becoming less useful. The complexity of how online services collect, use, store and protect personal data has greatly increased. Website privacy notices are either long and complicated legal documents, or short and vague statements. Neither works well in the mobile applications computing environment. Individuals are voting with their eyeballs and are choosing to skip past the policies entirely. While not particularly useful for individuals, detailed privacy policies can provide important information for regulators and advocates. We need to separate the notions of transparency and notice. We should require complete and thorough transparency for regulators and advocates, while allowing context-based notices of the information individuals most importantly need to make decisions—such as the requests to allow mobile applications to collect location information.

Along with separating transparency and notice, individuals need accountability-based privacy laws. These laws should implement the Fair Information Practice Principles while recognizing individual consent is less useful these days. In many situations we need to look to other principles such as accountability, reasonable access/deletion, robust security and appropriate use restrictions. The implementation of these principles should move away from bureaucratic solutions like country-specific restrictions on international data transfer or database registration/notification. The laws should instead look to new methods for regulators to measure whether an organization has accountable processes—such as, co-regulatory privacy seal programs—and methods to increase access—such as, aggregated obscurity centers.

Improved laws can then provide a backstop of protection, while innovators work to provide mechanisms for individuals to take more control of their data. A useful resource for discussion of these privacy innovations is www.wethedata.org.

Just as millions of poor rural people are moving to urban areas, we also see increased global use of the Internet. If we can modernize our online policy regulation, then we will encourage improved collaboration and interaction, which will deepen face-to-face connections. Fostering safety and trust in our virtual cities will then encourage the innovation and economic growth to enrich the physical lives of every person on earth.

photo credit: Sprengben [why not get a friend] via photopin cc

Written By

David Hoffman, CIPP/US


If you want to comment on this post, you need to login.


Board of Directors

See the esteemed group of leaders shaping the future of the IAPP.

Contact Us

Need someone to talk to? We’re here for you.

IAPP Staff

Looking for someone specific? Visit the staff directory.

Learn more about the IAPP»

Daily Dashboard

The day’s top stories from around the world

Privacy Perspectives

Where the real conversations in privacy happen

The Privacy Advisor

Original reporting and feature articles on the latest privacy developments

Privacy Tracker

Alerts and legal analysis of legislative trends

Privacy Tech

Exploring the technology of privacy

Canada Dashboard Digest

A roundup of the top Canadian privacy news

Europe Data Protection Digest

A roundup of the top European data protection news

Asia-Pacific Dashboard Digest

A roundup of the top privacy news from the Asia-Pacific region

Latin America Dashboard Digest

A roundup of the top privacy news from Latin America

IAPP Westin Research Center

Original works. Groundbreaking research. Emerging scholars.

Get more News »

IAPP Communities

Meet locally with privacy pros, dive deep into specialized topics or connect over common interests. Find your Community in KnowledgeNet Chapters, Sections and Affinity Groups.

IAPP Job Board

Looking for a new challenge, or need to hire your next privacy pro? The IAPP Job Board is the answer.

Join the Privacy List

Have ideas? Need advice? Subscribe to the Privacy List. It’s crowdsourcing, with an exceptional crowd.

Find a KnowledgeNet Chapter Near You

Talk privacy and network with local members at IAPP KnowledgeNet Chapter meetings, taking place worldwide.

Find more ways to Connect »

Find a Privacy Training Class

Two-day privacy training classes are held around the world. See the complete schedule now.

The Privacy Core™ Library Has Evolved

Privacy Core™ e-learning essentials just expanded to include seven new units for marketers. Keep your data safe and your staff in the know!

Online Privacy Training

Build your knowledge. The privacy know-how you need is just a click away.

Upcoming Web Conferences

See our list of upcoming web conferences. Just log on, listen in and learn!

Train Your Team

Get your team up to speed on privacy by bringing IAPP training to your organization.

Let’s Get You DPO Ready

There’s no better time to train than right now! We have all the resources you need to meet the challenges of the GDPR.

Learn more »

CIPP Certification

The global standard for the go-to person for privacy laws, regulations and frameworks

CIPM Certification

The first and only privacy certification for professionals who manage day-to-day operations

CIPT Certification

The industry benchmark for IT professionals worldwide to validate their knowledge of privacy requirements

FIP Designation

Recognizing the advanced knowledge and issue-spotting skills a privacy pro must attain in today’s complex world of data privacy.

Certify Your Staff

Find out how you can bring the world’s only globally recognized privacy certification to a group in your organization.


The IAPP’S CIPP/E and CIPM are the ANSI/ISO-accredited, industry-recognized combination for DPO readiness. Learn more today.

Learn more about IAPP certification »

Are You Ready for the GDPR?

Check out the IAPP's EU Data Protection Reform page for all the tools and resources you need.

IAPP-OneTrust PIA Platform

New U.S. Government Agency privacy impact assessments - free to IAPP members!

IAPP Communities

Meet locally with privacy pros, dive deep into specialized topics or connect over common interests. Find your Community in KnowledgeNet Chapters, Sections and Affinity Groups.

Privacy Vendor List

Find a privacy vendor to meet your needs with our filterable list of global service providers.

More Resources »

Europe Data Protection Intensive 2017

The Intensive is sold out! But cancellations do happen—so hurry and get on the wait list in case more seats become available.

Global Privacy Summit 2017

The world’s premier privacy conference returns with the sharpest minds, unparalleled programs and preeminent networking opportunities.

Canada Privacy Symposium 2017

The Symposium returns to Toronto this spring and registration has opened! Take advantage of Early Bird rates and join your fellow privacy pros for another stellar program.

The Privacy Bar Section Forum 2017

The Privacy Bar Section Forum is sold out! But you can still add your name to the wait list, and we'll keep in touch about your status. Good luck!

Asia Privacy Forum 2017

Call for Speakers open! Join the Forum in Singapore for exclusive networking and intensive education on data protection trends and challenges in the Asia Pacific region.

Privacy. Security. Risk. 2017

We're bringing the best of the best in privacy and infosecurity to sunny San Diego. Early registration for P.S.R. opens May 1.

Europe Data Protection Congress 2017

Call for Speakers open! The Congress is your source for European policy debate, multi-level strategic thinking and thought-provoking discussion. Submit a proposal by March 19.

Sponsor an Event

Increase visibility for your organization—check out sponsorship opportunities today.

More Conferences »

Become a Member

Start taking advantage of the many IAPP member benefits today

Corporate Members

See our list of high-profile corporate members—and find out why you should become one, too

Renew Your Membership

Don’t miss out for a minute—continue accessing your benefits

Join the IAPP»