For certain types of agreements, good faith is not enough. Netflix chooses to go into a business where it is privy to private information about its customers. The onus is on Netflix to protect that information.
I would say the same thing had hackers cracked their security and made off with the data. Good faith efforts that fail to secure the data are not enough, they must succeed in protecting the privacy of their customers.
Banks take the precautions ahead of time (deposit insurance) against robbery-thats part of the "good faith" of protecting a users money. Nice try.
Are you arguing in support of my point? Banks insure themselves against robbery precisely because they are held 100% accountable for it to the customer.
Netflix's attempt to anonymize the data is not a guarantee that the data will remain secure. It is merely an attempt to secure it, not a guarantee that the customer will not lose control of their data. In your example, this is comparable to locking the vault, not to buying deposit insurance. Note that banks are required to get FDIC insurance regardless of how tightly they lock their vault.
A better example: a customer loses their drivers license/bank card and a thief finds it calls a bank to do transactions, using the info on the card to verify identity.
A bank can only do so much to protect their customers. If someone is willing to leave their info lying around, there isnt much that can be done.
I don't understand this argument at all. Are we talking about customers leaving their information "lying around" or customers entrusting it to Netflix? I entrust my money to a bank: I give it to them. Customers entrust their transaction history to Netflix. Nobody is talking about customers leaking their private information to third parties, we are talking about the equivalent of the bank publishing the customer's driver's license information in a newspaper with their name obscured.
p.s. Now that I've established that I don't think this example is particularly relevant, I will share a story: Several years ago I returned from vacation to find a phone message from my bank. Someone had used what appeared to be my ATM card to withdraw $1,000 from my account while I was in Honduras. Of course I was the victim of some kind of skimming and cloning operation. The bank reimbursed me in full.
Heck, imagine if companies could do things wrong and get away with: "Hey at least I was, like, trying reeeeally hard. I thought it was ok to do this".
Acting in good faith would become the excuse to use when the shit hits the fan.
PS: "Acting in good faith" in the real world means following the standard, industry adopted, government mandated: policies, process, regulations, laws, etc... That's what let you get away from problems. Not happy thoughts.
If yes, then how can companies innovate, when they will constantly fear liability?
Yes, it had to be used with other datasets to discover individuals, but Netflix ignored (you say acted in good faith) this possibility and decided to go ahead.
They were ignorant of the implications of the data they released. They didn't saw the possibilities that their costumers could be found. They were stupid and reckless.
The problem is that you're thinking about this situation as the researcher, the person who wants the data set to play with. Put yourself into the company's shoes. You want to improve the recommendation algorithm. You hold a contest, which needs the costumer data to work. But you know that your costumers won't be happy to have their info released, so you go and anonymize the data.
See where I am going? You had an idea, executed, but the consequences were bad. Imagine if car companies acted this way, one morning an engineer comes to work and puts a new brake system in the company's car already in production thinking it'll be awesome and work ten times better than the previous brakes. Without rigorous, government and industry trials, experiments and tests.
Good idea, poor execution. Netflix doesn't have "good faith", they wanted to improve their recommendation algorithm. They wanted to profit. Now, I don't have anything against profits. But it's naive to think Netflix did this for the benefit of mankind. They had their own reasons, and to achieve that, they've broken a promise to their costumers. They said: Hey, we'll keep on our database this information, but don't worry, none will ever know it.
But then they go and _relase_ costumer data, _thinking_ it's sufficiently anonymized. They were wrong. Double mistake there. The "hacker" wasn't alone in this, "he" had a direct help of the company which was supposed to not let this happen.
You weigh your options: if the benefits of doing something outweigh the costs (including lawsuit outcomes, poor public perception, etc) by enough of a margin, then you forge ahead.
No, Im saying that your example was irrelevant. If netflix said in its terms of service that it would dutifully anonymize the collected data, then are they liable? If some hacker reveals a weakness and Netflix pulls the plug should they be sued?
Netflix can't "repay" their users privacy, can they?
