Privacy exchanges: restoring consent in privacy self-management.

This article reviews the qualitative changes that big data technology introduced to society, particularly changes that affect how individuals control the access, use and retention of their personal data. In particular interest is whether the practice of privacy self-management in this new context could still ensure the informed consent of individuals to the privacy terms of big data companies. It is concluded that that accepting big data companies' privacy policies falls short of the disclosure and understanding requirements for informed consent. The article argues that the practice of privacy self-management could remain viable if the review, understanding and acceptance of privacy agreements is streamlined, standardized and automated. Technology should be employed to counter the privacy problems created by big data technology. The creation of the privacy exchange authorities (PEA) is proposed as a solution to the failures of privacy self-management. The PEA are intermediaries that empower individuals to define their own privacy terms and express informed consent in their dealings with data companies. They will create the technological infrastructure for individuals to select their own privacy terms from a list of standard choices, potentially only once. The PEA will further mediate the delivery and authentication of the individual users' privacy terms to data companies. A logical proof of concept is offered, illustrating the potential steps involved in the creation of the PEA. [ABSTRACT FROM AUTHOR]