Chapter 1 ties together the problems of central elements of privacy law: the individual choice-based system, the fair information principles that originated it, the view that privacy is about secrecy, and dichotomies such as public versus private. We don’t have actual choices about our data beyond mechanically agreeing to privacy policies because we lack outside options and information such as what the choice means and what risk we’re taking on by agreeing. The choice-based approach creates a false binary of secret and open information when, in reality, privacy is a spectrum. The idea that someone, at any given time, has either total privacy or no privacy at all is unfounded. Additionally, data are bundled: you can’t reveal just one thing without letting companies infer other things. Reckoning with this reality defeats the popular “I have nothing to hide” argument, which traces back to Joseph Goebbels.

This chapter discusses results for user-facing services that show whether the services show biases towards specific groups of users, whether they comply with policies, laws, and regulations, and how they use user data in providing their services. The chapter first focuses on network-level services, such as server-side blocking and the provision of wireless internet access. Then, the chapter discusses web-based services, including privacy policies, search, social networks, and e-commerce. The chapter closes by discussing results for mobile services, such as the characteristics of app stores, third-party libraries, and apps.

Data about consumers has long been a prized asset of organizations. As Paul Schwartz has observed, the “monetary value” of consumer data continues to grow significantly and companies eagerly profit from consumer data.1 The IoT will foster an exponential growth in the volume, quality, and variety of consumer-generated data. As a result, there will be more of our data available for companies to analyze, exploit, and extract value from. As we have seen in previous chapters, several legal scholars have highlighted the limits of companies’ privacy policies and conditions of use, and the role of these documents in enabling data disclosures.

Unlike privacy law discourse, which has primarily explored questions related to others’ knowledge, access, and use of information about us, commercial law’s central focus has been on issues related to trade involving persons, merchants, and entities. In the commercial law context, questions about knowledge and information are primarily connected to the exchange and disclosure of information needed to facilitate transactions between parties.1 This distinct historical focus has likely contributed to commercial law’s failure to adequately account for and address privacy, security, and digital domination harms. In some cases, commercial law also defers to corporate commercial practices as well.

We now live in a world where we can obtain current information about a global pandemic from our smartphones and Internet of Things (IoT) devices.1 The recent novel coronavirus (COVID-19) outbreak is not just a public health emergency. The pandemic has forced us to further evaluate the extent to which privacy should give way to public health threats and resulting technological innovations.2 It directly raises questions about whether legal frameworks governing our privacy should be relaxed to address public health concerns, and if any such relaxation will continue post pandemic to permanently undermine our privacy.3

Chapter 8 investigates the protection of information privacy in a collected world. A critique of the control model is undertaken in relation to five intended outcomes of information privacy law: enhancement of individual autonomy through non-interference protections at the point of data collection; power vacuums that preserve spaces for autonomous decision-making; information privacy law’s mode of transactional operation; the use of privacy policies, as information disclosure mechanisms; and in-built balancing mechanisms, which seeks to ensure fair outcomes for individuals and data collectors. Julie Cohen’s work is then examined as a means of further critiquing the control model and reshaping a conceptual focus of information privacy based on a more explicit power-related role. The new focus shifts what information privacy seeks to do, and challenges the fundamental precepts of the control model and what information privacy currently seeks to protect. The five intended outcomes thus change markedly. At the heart of this reformulated movement is Cohen’s work on modulation, which better describes the consequences and challenges that arise from the collected world.

Chapter 4 examines commercial imperatives for collections of sensor data by exploring the rapid development of smart home insurance business models. A brief history of smart home insurance is provided to situate three conceptualised models of smart home data exchange partnership involving insurers and smart home device or system providers. The models are entitled the Partnered Data Acquisition, Partnered Intermediary and Platform Entity models. Each model involves a partnership arrangement between an established insurer and a smart home device or system provider. However, while each model seeks to capitalise value from smart home sensor data, each model does so in different ways, across three spectra, namely, collection of data, connection to mutually beneficial services and condition setting. An analysis of relevant privacy policies is undertaken to highlight each model’s operational data structure, the sensor data collected and its foundational characteristics. In turn, this analysis highlights the commercial uses of smart home sensor data involving new logics, business relationships and intended service outcomes.

Chapter 9 examines how new forms of information privacy law could develop to interrupt modulated forms of power. It highlights some design points for future legal reform. The design points outline some key areas that would allow reforms to develop based on Julie Cohen’s work. The implementation of these principles would require some form of detachment from information privacy’s core process protections, so the law could apply in gaps and spaces at the outskirts of process. These gaps and spaces are important because this is where selfhood flourishes and would therefore be a prime target for modulated forms of data collection. The design points would allow protection of gaps and spaces through the construction of new boundary options that create pauses in seamless forms of data collection and analysis. All of this would assist in information privacy law’s new role in exposing modulation. The chapter contends that a greater focus on relational forms of personal information is needed along with a collection principle based on fairness. New legal vocabularies and new ways of incentivising value discourse, as well as compliance orientations, in data collecting institutions are required.

This chapter considers current and future economies of music production, distribution and consumption, intersecting the question concerning technology – big data storage, distributed network technology, programmable artificial intelligence – with the question concerning contemporary markets – the merchandising of desire, taste and sensibility within a surveillant attention economy, and its concomitant labour ethics. The first section tracks changes in the music industry within the digitally networked environment in the first decade of the twenty-first century. A practice of P2P sharing and free downloading shifted toward a full-scale surveillance economy hitched to licensed music, raising questions concerning data privacy, data security, management of user data, and procedures for third-party requests for data and metadata. By investigating the economic, social, technical and legal dimensions of this shifting terrain, the chapter suggests that the impact on cultural labour practices in the digital age bear uncanny resemblance to a pre-technological one.