Skip navigation
Please use this identifier to cite or link to this item: http://arks.princeton.edu/ark:/88435/dsp01tt44pq32j
Title: Corporate Approaches to Data Protection & Privacy Driving Factors Behind Technology Companies’ Privacy Strategies In a Post-Snowden, Post-Safe Harbor Era
Authors: Ella, Cheng
Advisors: Scheppele, Kim
Department: Princeton School of Public and International Affairs
Class Year: 2016
Abstract: As data flows increase exponentially by the day, and as online hacks and breaches have become commonplace, individuals, governments and corporations have all been forced to confront the challenge of maintaining data privacy in an information-rich society. As a result of ongoing tensions between the United States’ libertarian view and the European Union’s dignitarian view of privacy, which have resulted in an incoherent and complex transnational privacy regime, as well as the invalidation of the Safe Harbor Agreement, even information technology companies formerly focused only on profits and innovation have had to take up the mantle of protecting their customers’ data privacy. In this study, I explore different companies’ approaches toward protecting privacy, and seek to answer: What factors drive companies to adopt certain privacy practices? Based on interviews with data privacy experts and a case study analysis of the company traits and legal, technical, structural and public relations privacy initiatives of five technology companies (Google, Microsoft, Apple, Mozilla and Uber), I conclude that a company is more likely to be proactive and comprehensive about its privacy practices when: (1) its primary service is not the collection and selling of information, (2) it explicitly prioritizes privacy or customer trust in its mission statement or company values, or (3) it is a probable target for legal enforcement. In addition, a company’s non-profit status seems to be associated with a more active pro-privacy public profile, but is not necessarily correlated with more thorough technical, legal or structural privacy measures. Lastly, larger companies are more likely to have the resources to adopt significant or a greater number of privacy initiatives compared to start-ups and smaller companies. Regarding the debate on the appropriate definition of privacy in the context of data protection and information technology, I argue for a combination of both the U.S. and EU views of privacy.
Extent: 123 pages
URI: http://arks.princeton.edu/ark:/88435/dsp01tt44pq32j
Type of Material: Princeton University Senior Theses
Language: en_US
Appears in Collections:Princeton School of Public and International Affairs, 1929-2020

Files in This Item:
File SizeFormat 
Cheng_Ella.pdf763.91 kBAdobe PDF    Request a copy


Items in Dataspace are protected by copyright, with all rights reserved, unless otherwise indicated.