the concept of “secondary use”

In continuation to my post regarding Daniel Solove’s most recent paper I decided to focus on one of his more compelling points regarding a concept known as secondary use (also, this is simply a diminutive personal exercise for myself to make sure my brain has not yet failed me despite lack of sleep and an immeasurably mind-numbing summer internship).

First lets focus on the characteristics of the “nothing to hide argument”, the most common argument faced by all privacy advocates when denouncing both legal and illegal government surveillance, (key word being “surveillance”). The “nothing to hide argument” focuses only on two kinds of privacy problems (See Taxonomy of Privacy for additional privacy problems) including both the disclosure of personal information and information collecting surveillance. By using the “nothing to hide argument” one blindly closes the door to the vast number of other privacy problems that exist; one of these other problems being “secondary use”. The argument close-mindedly and unfairly assumes a particular view about what privacy entails without delving past the surface of the concept.

So what meaning does the problem of secondary use hold in the context of information privacy? Solove claims it “involves data being collect for one purpose being used for an unrelated purpose without people’s consent.” This is pretty straightforward with no ambiguous lawyer semantics, common of most Solove publications. I often attribute the idea of secondary use being implemented by evil companies that enjoy selling my information to third parties for targeted advertising purposes. By no means when I originally submitted my personal information to a company or organization for one purpose did I intend to have it distributed for other things like targeted advertising.

Now pause, take a minute to think, when you sign a contract with a phone company or ISP you disclose personal information as a means to use their services. The contract isn’t hard to understand, you want to use there services and are willing to submit your personal information to go about doing so. But where in that contract does it say you are also submitting your personal information to be used by the government for data mining purposes?? No where. The “nothing to hide” argument doesn’t come close to defending this problem simply because it doesn’t acknowledge its existence. You’re signing a binding contract for one purpose yet it’s being used for multiple purposes without an individual’s permission and oversight. Is that right?? And who’s the one monitoring the government’s data mining techniques to make sure no wrong doing is being done, the government?? That’s like saying we should have allowed Enron (RIP) the ability to regulate itself.