(Reproducing this from Fission Talk)

Below I will add in my condensed chapter notes. Each chapter is available as its own paper on the book website 1 if you want to just pick and choose. Many of these chapters were presented as papers at the Internet Governance Forum in 2022.

Here is the TOC for your reference:

  • Chad KohalykOPM
    link
    fedilink
    English
    arrow-up
    1
    ·
    7 months ago

    Ch10: Privacy Governance from a Polycentric Perspective

    • this chapter examines how “privacy governance is shaped through continuous interaction between formal structures and human agency.” Making the case for more polycentric gov in the privacy space
    • the challenge:
      • Supranational, intergovernmental, and private institutions attempt to govern and influence data flows through the creation and enforcement of norms, standards, and practices
      • Commercial actors engage in the governance of both internet infrastructure and information flows through their business and operating decisions
      • technical bodies performing mundane tasks of standardizing and maintaining internet infrastructures are also recognized as spaces where governance occurs, typically outside of the purview of the state
      • power is distributed
      • currently, the governance of privacy seems to revert to two-party relationships between regulators and organizations, thus undermining privacy governance as inherently polycentric.
      • traditional and state-centric approaches to the regulation of platforms fall short in addressing concerns about private censorship, abuse of informational power, and human rights harms.
      • third-party regulation–an arrangement where an independent third party acts as a regulatory intermediary between various other actors =={Note - Opposite of Ostrom? - CK}==
    • Key insight for polycentrism: “no single actor has the knowledge necessary to solve what are now complex, dynamic, and sometimes wicked problems.” This is a very open source point of view
    • identified four groups of data protection policy instruments: transnational, legal, self-regulatory, and technological.
    • CASE STUDIES: adoption of remote learning during pandemic
      • different countries moved at different speeds
      • the individual agency of educators and hyperlocal expertise result in decisions with constitutive effects on remote learning environments.
    • we find the institutionalist approach to be overly narrow. … Combining the institutionalist and non-institutionalist perspectives allows for examining polycentric governance as a state of ordered chaos–having order without a central authority
    • Informational self-determination is the backbone of European data protection and a vital part of the American information privacy legal framework
      • emphasize privacy literacy as a mechanism through which individuals gain agency and autonomy in datafied environments
    • =={overall this article was pretty speculative. If you are into privacy, you should probably read it. There are tons of details, but not a lot of pragmatic pointers on what a real policentric gov system would look like for the “CPR” of privacy - CK}==