•  
  •  
 

Article Title

Outsourcing Privacy

Document Type

Essay

Abstract

An underappreciated part of the narrative of privacy managerialism—and the focus of this Essay—is the information industry’s increasing tendency to outsource privacy compliance responsibilities to technology vendors. In the last three years alone, the International Association of Privacy Professionals (IAPP) has identified more than 250 companies in the privacy technology vendor market. These companies market their products as tools to help companies comply with new privacy laws like the General Data Protection Regulation (GDPR), with consent orders from the Federal Trade Commission (FTC), and with other privacy rules from around the world. They do so by building compliance templates, pre-completed assessment forms, and monitoring consents, among many other things. As such, many of these companies are doing far more than helping companies identify the data they have or answer data access requests; many of them are instantiating their own definitions and interpretations of complex privacy laws into the technologies they create and doing so only with managerial values in mind. This undermines privacy law in four ways: it creates asymmetry between large technology companies and their smaller competitors, it makes privacy law underinclusive by limiting it to those requirements that can be written into code, it erodes expertise by outsourcing human work to artificial intelligence and automated systems, and it creates a “black box” that undermines accountability.

Share

COinS
 
 

To view the content in your browser, please download Adobe Reader or, alternately,
you may Download the file to your hard drive.

NOTE: The latest versions of Adobe Reader do not support viewing PDF files within Firefox on Mac OS and if you are using a modern (Intel) Mac, there is no official plugin for viewing PDF files within the browser window.