The Policy Maker's Anguish: Regulating Personal Data Behaviour Between Paradoxes and Dilemmas

Regulators in Europe and elsewhere are paying great attention to identity, privacy and trust in online and converging environments. Appropriate regulation of identity in a ubiquitous information environment is seen as one of the major drivers of the future Internet economy. Regulation of personal identity data has come to the fore including mapping conducted on digital personhood by the OECD; work on human rights and profiling by the Council of Europe andmajor studies by the European Commission with regard to self-regulation in the privacy market, electronic identity technical interoperability and enhanced safety for young people. These domains overlap onto an increasingly complex model of regulation of individuals' identity management, online and offline. This chapter argues that policy makers struggle to deal with issues concerning electronic identity, due to the apparently irrational and unpredictable behavior of users when engaging in online interactions involving identity management. Building on empirical survey evidence from four EU countries, we examine the first aspect in detail – citizens' management of identity in a digital environment. We build on data from a large scale (n = 5,265) online survey of attitudes to electronic identity among young Europeans (France, Germany, Spain, UK) conducted in August 2008. The survey asked questions about perceptions and acceptance of risks, general motivations, attitudes and behaviors concerning electronic identity. Four behavioral paradoxes are identified in the analysis: a privacy paradox (to date well known), but also a control paradox, a responsibility paradox and an awareness paradox. The chapter then examines the paradoxes in relation of three main policy dilemmas framing the debate on digital identity. The paper concludes by arguing for an expanded identity debate spanning policy circles and the engineering community.

[1]  Daniel R. Horne,et al.  The Privacy Paradox: Personal Information Disclosure Intentions versus Behaviors , 2007 .

[2]  D. Buckingham Youth, Identity, and Digital Media , 2007 .

[3]  Shu Yang,et al.  The influence of information sensitivity compensation on privacy concern and behavioral intention , 2009, DATB.

[4]  Tom Storey,et al.  Sharing, Privacy and Trust in Our Networked World. A Report to the OCLC Membership. , 2007 .

[5]  Constantijn van Oranje-Nassau,et al.  The Future of the Internet Economy , 2009 .

[6]  Zeynep Tufekci Can You See Me Now? Audience and Disclosure Regulation in Online Social Network Sites , 2008 .

[7]  Yves Poullet,et al.  Application of Convention 108 to the profiling mechanism: some ideas for the future work of the consultative committee (T-PD): final version , 2008 .

[8]  Va Alexandria,et al.  Gross, Ralph, and Acquisti, Alessandro. . Information Revelation and Privacy in Online Social Networks. , 2005 .

[9]  PaineCarina,et al.  Internet users' perceptions of 'privacy concerns' and 'privacy actions' , 2007 .

[10]  Cachia Romina Social Computing: Study on the Use and Impact of Online Social Networking , 2008 .

[11]  Stefan Stieger,et al.  Internet users' perceptions of 'privacy concerns' and 'privacy actions' , 2007, Int. J. Hum. Comput. Stud..

[12]  J. Scott Marcus,et al.  Comparison of Privacy and Trust Policies in the Area of Electronic Communications , 2007 .

[13]  Ronald E. Leenes,et al.  Privacy Risk Perceptions and Privacy Protection Strategies , 2007, IDMAN.

[14]  R. Yardley,et al.  The crossroads. , 1967, British dental journal.

[15]  J. Palfrey,et al.  Born digital: understanding the first generation of digital natives , 2009, Choice Reviews Online.

[16]  Wainer Lusoli,et al.  Young People and Emerging Digital Services: An Exploratory Survey on Motivations, Perceptions and Acceptance of Risks , 2009 .

[17]  Alessandro Acquisti,et al.  Information revelation and privacy in online social networks , 2005, WPES '05.