Season 1 – Episode 27 – Data Privacy and Tracking Technologies
Discusses data privacy considerations in the context of digital technologies.
Podcast Chapters
Click to expand/collapse
To easily navigate through our podcast, simply click on the ☰ icon on the player. This will take you straight to the chapter timestamps, allowing you to jump to specific segments and enjoy the parts you’re most interested in.
- Introduction to Episode (00:00:03) Daniel introduces Emilee Rader and outlines the focus on data privacy in digital technologies.
- Emilee Rader’s Research (00:01:20) Emilee discusses her research on human-centered data privacy and how individuals manage their data.
- Types of Data Collected (00:02:17) Overview of active and passive data collection methods and their implications for users.
- Technologies for Data Collection (00:04:39) Discussion on AI, machine learning, and their role in data collection, including privacy concerns.
- Facial Recognition and Biometrics (00:05:58) Explanation of how facial recognition technology and other biometrics collect personal data.
- Implications of Data Collection (00:07:32) Risks of data collection, including identity theft, discrimination, and loss of autonomy.
- Managing Data Privacy (00:10:14) Advice for individuals on how to take control of their data and manage privacy.
- Considerations for Education and Research (00:12:58) Discussion on legal protections for student data and ethical considerations in research.
- Policy Considerations for Data Privacy (00:14:51) Call for rethinking current privacy models and the need for comprehensive privacy laws.
- Current State of Privacy Legislation (00:16:12) Overview of state privacy laws and the challenges in creating a comprehensive federal law.
- Resources for Learning More (00:17:37) Recommendations for resources like Consumer Reports and the Electronic Frontier Foundation on data privacy.
- Final Thoughts on Data Privacy (00:18:25) Encouragement to remain proactive about data privacy and the potential for change in technology design.
Episode Transcript
Click to expand/collapse
Daniel Smith: Welcome to On Tech Ethics with CITI Program. Our guest today is Emilee Rader, who is an associate professor in the Information School at the University of Wisconsin-Madison. Emilee’s research focuses on the human-centered aspects of data privacy. She studies how people reason and make choices about data collection and inferences enabled by digital technologies to better understand why people struggle to manage their privacy and to discover new ways to help people gain more appropriate control over information about them.
Today we are going to discuss data privacy considerations in the context of digital technologies. Before we get started, I want to quickly note that this podcast is for educational purposes only. It is not designed to provide legal advice or legal guidance. You should consult with your organization’s attorneys if you have any questions or concerns about the relevant laws and regulations that may be discussed in this podcast. In addition, the views expressed in this podcast are solely those of our guests.
And on that note, welcome to the podcast, Emilee.
Emilee Rader: Thank you very much for having me.
Daniel Smith: I’m really looking forward to our conversation today. So first, can you tell us more about yourself and your work at the University of Wisconsin-Madison?
Emilee Rader: Yeah, absolutely. As you mentioned, the focus of my research is human centered data privacy. What does that mean? I’m really interested in how people understand and think about all of the systems that they use on a daily basis. So from driving your car to shopping for something on Amazon, all of these things involve digital technologies that collect data about us. And so the focus of my research is just to basically talk to people, interview them. I do surveys trying to understand how they think about these things, how they reason about what kinds of data collection they should allow and what they know and understand about the implications of this for their lives.
Daniel Smith: So I know as you were just mentioning, many people already recognize the fact that their data are often collected and used in different ways, but just to get a better understanding of how and the ways that they’re used, can you start by giving us an overview of the types of data that are commonly collected?
Emilee Rader: That is a great question, and it can be really hard for the typical person going about their business through their daily life to know anything about this. Privacy researchers talk about privacy as a secondary task, and what this means is that rarely the main reason people have for using a particular technology or a website is to think about their privacy. We’re usually doing things like reading the news or chatting with people that we know and we’re not necessarily thinking about privacy first.
So types of data that are collected include things like the data that people enter into a website or some other system that they use. So when you’re creating a profile as you’re creating a new account or filling out a questionnaire or even doing a search or creating a social media post, these are things that you are intentionally doing. And we talk about these things as active data collection because you’re sort of actively and knowingly involved in producing that data.
Then there’s other kinds of data collection that we talk about as passive data collection, and this is data that is automatically collected or even generated without the direct intention of the end user to provide that data. So an example of this would be something like a company that keeps a record of your browsing history on a website or your mobile phone carrier keeping a record of the location that you’re calling someone from on your mobile phone. And it’s the active information that people are usually more aware of and more able to make privacy decisions about because they know that they’re actually doing it.
The passive data collection is much harder to be aware of because it’s happening in the background or it’s generated kind of as a side effect or a byproduct of something else that we’re doing.
Daniel Smith: So I know you just shared a few examples like inserting your information into a website or the location-based data, but can you talk some more about the technologies that are used to collect data and how the data are collected? So for example, with the rise of machine learning and artificial intelligence, particularly with generative AI, a lot of people are concerned about their data being collected and used for training models and things like that. So can you just talk more about AI and then other technologies that are used as well?
Emilee Rader: The AI systems are a really interesting example to talk about because the models are built on information that has been posted and shared publicly online, as well as information that companies have basically decided to sell to be used in training these models kind of after the fact, so after the data have been contributed. So information people may have put online for social reasons, like shared on a photo sharing website or posted in an online forum somewhere, it might’ve been used for training a model because if it’s publicly available, then it’s probably already been collected and incorporated into these models. And it’s probably something that you didn’t really anticipate when you were first posting that thing online was that it could be used to train a model like this. And some companies have actually been sort of changing their privacy policies and their terms of use to allow the sale of content that had been posted in the past sort of to train these models. It’s sort of interesting.
Daniel Smith: Very interesting. And that’s just one example. So there’s also the use of facial recognition and other biometrics. So can you talk a bit about how those technologies collect data?
Emilee Rader: Cameras are sort of ubiquitous in the world at this point and facial detection and facial recognition are definitely happening. Facial recognition essentially happens in two stages. So the first one is recognizing that there’s a face present and then basically matching up the data about that face with some sort of database that already exists that has the face prints linked to somebody’s identity. So the fact that everybody has a photo taken of them for their driver’s license, databases like that have basically been used. Anytime that you’ve tagged someone in social media on Facebook or something like that that associates their identity with an image of them and then that can be used in sort of feature facial recognition.
Other biometrics also use cameras or other sensors, so things like fingerprint scans or iris scans, even gait detection, which is sort of fascinating. It turns out that each of us walks just slightly differently enough from other people that we can be recognized in video based on the patterns of our walking.
Daniel Smith: So there’s obviously some major implications with some of the things that you just mentioned, particularly around collecting data for large language models and changing privacy policies to help facilitate that. And there’s some other civil liberties concerns around the use of facial recognition in particular contexts. But can you talk some more about some of the implications or risks of these forms of data collection?
Emilee Rader: So one of the things that is a really common mechanism or way of collecting data is just tracking people’s behavior online. I mean, we all use the web so much and with advertising as a business model, companies having really detailed profiles about our interests and our past behavior, it’s very profitable to use that information to basically kind of control the information that people have access to. So this is things like creating really precise profiles of our interests that are then used to direct our attention and where we spend our money. So there’s a little bit of a loss of autonomy there in terms of we are not necessarily in control of our choices and our options. It’s the companies and the platforms that are kind of feeding us the information that are in control.
Other kinds of harms that individual people may have experienced and not really know about it are things like differential pricing. So the fact that something that you’re shopping for online could cost you a different amount than what it costs somebody else based on these big profiles that have been amassed about us and differential pricing isn’t actually illegal, which is something that is kind of frustrating because people sometimes feel like, well, they shouldn’t be able to do that, but it does happen a lot.
Another potential for people is the threat of identity theft. So the fact that these really detailed profiles are being collected means that there is a third party out there that has a lot of information about you that you probably don’t even know about because the data broker industry that is sort of buying and selling this information is not something that a typical end user interacts with. So if those companies were to be hacked or experience a data breach, then the risk for identity theft goes up because of all of the information that they have about people.
And then there’s also threats of discrimination. So having characteristics inferred about you and then used in an AI mediated hiring process, for example, can actually have real consequences for people’s daily lives. The insurance industry is something else that is using information people post online to estimate risks for things like car insurance and stuff like that. So there are definitely some risks of discrimination from this as well.
Daniel Smith: Absolutely. And now that we’ve talked a bit about some of those risks, raised some of those red flags, I want to talk more about what people can do to have more control over how their data are collected and used and how they manage their privacy. So first off, what are some key considerations for the general public in this regard?
Emilee Rader: Yeah, that’s the number one question here is what can people do about this? The main model for gaining consent to all of this data use and data collection is called notice and choice, sometimes also called notice and consent. And this model sort of assumes that everybody’s going to read privacy policies really carefully, that they’re then going to understand what a company is doing with their data and then decide whether or not that’s okay with them, and this just isn’t usually the case. People just want to do their thing online, they don’t want to read a bunch of really complicated privacy policies and then try to figure out how it applies to them. So this means that people are consenting to things that they aren’t informed about and that they may not really understand.
So my first bit of advice, even though it’s maybe not super practical, is at least read some of the privacy policies, read product reviews that mention privacy and try to be picky about which companies and platforms people trust with information about themselves. So basically exercise a bit of discretion there in the products and services you decide to use.
Something that’s a little bit easier that people can think about doing is when you’re sitting there creating a new account and there’s all those empty blank fields for profile information, oftentimes you don’t have to actually fill in all of them. Don’t do it just because you’re asked for it, there’s actually been some really interesting research that shows when people are faced with a page of blanks, they just by default fill out all of them, but you don’t have to do that necessarily. So don’t give out information just because asked for it, think about it before you fill out all those form fields.
And then if you can delete old accounts that may still be out there that you’re not using anymore. One thing that sometimes happens is a company will start to underperform, maybe go bankrupt, and then they’ll try to make up for those losses by selling the data that they have about people. So if there’s an account out there that you’re not using, then definitely see if you can try to delete that and get your information off the internet basically.
Ed Butch: I hope you are enjoying this episode of On Tech Ethics. If you’re interested in important and diverse topics, the latest trends in the ever-changing landscape of universities, join me, Ed Butch, for CITI Program’s original podcast On Campus. New episodes released monthly. Now, back to your episode.
Daniel Smith: That’s all some really great advice. Now, if we’re thinking about this in more specific contexts such as education or research, do you have the same considerations for people or do you have different considerations that you want to share?
Emilee Rader: So in an educational setting, educational institutions obviously have to collect data about students, and this is one area in the United States where there’s a specific law that actually governs how that data about students is supposed to be accessed and used and this is for all students, kindergarten through college. The law is called FERPA, it’s the Family Educational Rights and Privacy Act. And universities are basically only supposed to use the data collected about students to support the educational mission and to provide support services, and they can’t sell it. They can’t just give it to anybody who asks for it. So that’s a special situation for education.
Sometimes a professor or a teacher will ask students to use a learning management system. So at the University of Wisconsin-Madison, we have Canvas, but there’s a couple other ones out there. And students should be aware that in that situation, typically the educational institution has an actual contract with the vendor for that platform, and so they also have to then adhere to the FERPA law. So Canvas can’t go selling student data to anybody who asks for it because of their relationship with the university. So there’s definitely some special protections there for students.
Then in a research context, obviously there are also laws that protect research participants. So any research institution that’s taking money from the federal government has to have an ethics review board that examines the research that’s done to make sure it’s being done in an ethical manner. And there are special rules for informed consent. So people who are going to participate in the research know what they’re getting into. There’s some extra protections there for people who participate in research also.
Daniel Smith: And lastly, if we’re thinking about this from a governance perspective, what are some key considerations for policymakers?
Emilee Rader: I think the number one consideration is just we really need to rethink that model I was talking about of notice and choice or notice and consent. That model, it just doesn’t really protect people’s privacy because it’s so hard for people to really know what they’re getting into based on those documents. And then once people have given their consent, it’s sort of used as a blanket permission in a lot of cases to do all kinds of new things with people’s data that they don’t really understand or know about. Privacy policies can and do change all the time, and people, if they’re not going to read them initially, they’re definitely not going to go back and read them after they change to understand the implications. So I feel like we really need help from our elected representatives to create new laws that will basically apply in more contexts than just education and research, and then health is another area where there’s a special law. So we need a new privacy law that covers more different situations and contexts to help people protect their privacy a little better.
Daniel Smith: And I know somewhat recently this year there was federal legislation introduced that did make a bit of splash in the news. Can you talk a bit about the status of that or if that were to pass what that would do for data privacy in a larger context than just education, research and health?
Emilee Rader: So it’s really interesting. There are a number of states that have their own state privacy law. California has one that is talked about a lot in the news. We do not have a federal comprehensive privacy law in the United States. It’s been discussed at various times. And one of the really big sticking points to my understanding is that some of the states have really strong privacy laws, and it’s become difficult to basically make a compromise that all of the states in the United States are happy with. So some of the states that have stronger privacy legislation, they don’t want to give up those strong protections. Other states want to be a little bit more business friendly, I guess, and have privacy laws that are less strong to allow more flexibility to businesses to be able to use the data to come up with new products and services and things like that. So my understanding is that the sticking point is really just trying to get everybody to agree on what needs to be in that comprehensive privacy law.
Daniel Smith: Certainly. So on that note, do you have any recommendations for additional resources where listeners can learn more about the issues we’ve discussed today, the different considerations for how they can take more control of their privacy, and also where they can just learn more about the existing legislation and potential future legislation that would lead to greater privacy protections in the United States?
Emilee Rader: So Consumer Reports actually has a really nice website on data privacy, and it also reviews products for data privacy. So for some products that they’ve reviewed, you can go on and you can see their evaluation of the privacy policy and how good or bad the particular product is. I’m not affiliated with them in any way, but I do use some of their resources in my undergraduate course. So that’s a really good place to go.
The Electronic Frontier Foundation also has some great information on a number of different privacy topics, so explainer webpages about technologies and also about some of the legal stuff that goes on as well. So those are two places I like to direct people to.
Daniel Smith: Excellent. Do you have any final thoughts that we’ve not already touched on today?
Emilee Rader: Yeah, I think that I would just close with the idea that a lot of this stuff can be really overwhelming and involves technologies and information that people don’t spend a lot of time thinking about. And once you start to become aware of this, it can kind of seem a little hopeless. But I guess I just want to say don’t give up. Basically, if we all give up, then nothing’s ever going to change. There are small things that individuals can do and remember that everything we’ve talked about involves some kind of system or technology that was designed and built by people. So it’s not inevitable that it has to be this way. We can choose to make technologies differently. We can choose to create new policies. So the way it is now isn’t the way it has to be.
Daniel Smith: And that is a wonderful place to leave our conversation for today. So thank you again, Emilee.
Emilee Rader: Yeah, thank you very much.
Daniel Smith: And I also invite everyone to visit CITIprogram.org to learn more about our courses, webinars, and other podcasts. Of note, you may be interested in our data privacy-related courses. For example, we include courses on FERPA, HIPAA, and the research laws that Emilee discussed today. And with that, I look forward to bringing you all more conversations on all things tech ethics.
How to Listen and Subscribe to the Podcast
You can find On Tech Ethics with CITI Program available from several of the most popular podcast services. Subscribe on your favorite platform to receive updates when episodes are newly released. You can also subscribe to this podcast, by pasting “https://feeds.buzzsprout.com/2120643.rss” into your your podcast apps.
Recent Episodes
- Season 1 – Episode 26: Synthetic Data in Research and Healthcare
- Season 1 – Episode 25: Governance of Genetic Information
- Season 1 – Episode 24: Understanding Cellular Agriculture
- Season 1 – Episode 23: Open Science Principles, Practices, and Technologies
Meet the Guest
Emilee Rader, PhD – University of Wisconsin-Madison
Dr. Emilee Rader is an Associate Professor in the Information School at the University of Wisconsin-Madison. She studies how people reason and make choices about data collection and inferences enabled by digital technologies, to discover new ways to help people create information boundaries and protect themselves from privacy violations.
Meet the Host
Daniel Smith, Director of Content and Education and Host of On Tech Ethics Podcast – CITI Program
As Director of Content and Education at CITI Program, Daniel focuses on developing educational content in areas such as the responsible use of technologies, humane care and use of animals, and environmental health and safety. He received a BA in journalism and technical communication from Colorado State University.