Hostname: page-component-848d4c4894-pftt2 Total loading time: 0 Render date: 2024-05-17T15:45:13.628Z Has data issue: false hasContentIssue false

Dark Sides of Data Transparency: Organized Immaturity After GDPR?

Published online by Cambridge University Press:  20 January 2023

Frederik Schade*
Affiliation:
Copenhagen Business School, Denmark

Abstract

Organized immaturity refers to the capacity of widely institutionalized sociotechnical systems to challenge qualities of human enlightenment, autonomy, and self-determination. In the context of surveillance capitalism, where these qualities are continuously put at risk, data transparency is increasingly proposed as a means of restoring human maturity by allowing individuals insight and choice vis-à-vis corporate data processing. In this article, however, I draw on research on General Data Protection Regulation–mandated data transparency practices to argue that transparency—while potentially fostering maturity—itself risks producing new forms of organized immaturity by facilitating user ignorance, manipulation, and loss of control of personal data. Considering data transparency’s relative “successes” and “failures” regarding the cultivation of maturity, I outline a set of possible remedies while arguing for a general need to develop more sophisticated ethical appreciations of transparency’s complex and potentially problematic implications for organized (im)maturity in the digital age.

Type
Article
Copyright
© The Author(s), 2023. Published by Cambridge University Press on behalf of the Society for Business Ethics

Access options

Get access to the full version of this content by using one of the access options below. (Log in options will check for institutional or personal access. Content may require purchase if you do not have access.)

References

REFERENCES

Access Now. 2020. Two years under the EU GDPR: An implementation progress report. https://www.accessnow.org/cms/assets/uploads/2020/05/Two-Years-Under-GDPR.pdf.Google Scholar
Acquisti, A., & Grossklags, J. 2005. Privacy and rationality in individual decision making. Security Privacy IEEE, 3(1): 2633.10.1109/MSP.2005.22CrossRefGoogle Scholar
Albu, O. B. 2014. Transparency in organizing: A performative approach. Frederiksberg, Denmark: Copenhagen Business School Press.Google Scholar
Albu, O. B., & Flyverbom, M. 2019. Organizational transparency: Conceptualizations, conditions, and consequences. Business and Society, 58(2): 268–97.10.1177/0007650316659851CrossRefGoogle Scholar
Angulo, J., Fischer-Hübner, S., Wästlund, E., & Pulls, T., 2012. Towards usable privacy policy display and management. Information Management and Computer Security, 20(1): 417.10.1108/09685221211219155CrossRefGoogle Scholar
Article 29 Working Party Guideline. 2018. Guidelines on transparency under regulation 2016/679. https://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=622227.Google Scholar
Berger, P. L., & Luckmann, T. 1991. The social construction of reality: A treatise in the sociology of knowledge. London: Penguin Books.Google Scholar
Best, J. 2007. The limits of transparency: Ambiguity and the history of international finance. Ithaca, NY: Cornell University Press.Google Scholar
Birchall, C. 2021. Radical secrecy: The ends of transparency in datafied America. Minneapolis: University of Minnesota Press.10.5749/j.ctv1hggkmvCrossRefGoogle Scholar
Brandeis, L., & Warren, S. 1890. The right to privacy. Harvard Law Review, 4(5): 193220.Google Scholar
Brunsson, N. 2003. Organized hypocrisy. In Czarniawska, B. & Sevón, G. (Eds.), The northern lights—organization theory in Scandinavia: 201–22. Copenhagen: Copenhagen Business School Press.Google Scholar
Calo, R. 2012. Against notice skepticism in privacy (and elsewhere). Notre Dame Law Review, 87(3): 1027–72.Google Scholar
Christensen, L. T., & Cheney, G. 2015. Peering into transparency: Challenging ideals, proxies, and organizational practices. Communication Theory, 25(1): 7090.10.1111/comt.12052CrossRefGoogle Scholar
Christensen, L. T., & Cornelissen, J. P. 2015. Organizational transparency as myth and metaphor. European Journal of Social Theory, 18(2): 132–49.CrossRefGoogle Scholar
Christensen, L. T., Morsing, M., & Thyssen, O. 2013. CSR as aspirational talk. Organization, 20(3): 372–93.10.1177/1350508413478310CrossRefGoogle Scholar
Christensen, L. T., Morsing, M., & Thyssen, O. 2017. License to critique: A communication perspective on sustainability standards. Business Ethics Quarterly, 27(2): 239–62.10.1017/beq.2016.66CrossRefGoogle Scholar
Cofone, I. N. 2017. The way the cookie crumbles: Online tracking meets behavioural economics. International Journal of Law and Information Technology, 25(1): 3862.Google Scholar
Court of Justice of the European Union. 2019. Panet49 GmbH v Bundesverband der Verbraucherzentralen und Verbracherverbände—Verbraucherzentrale Bundesverband e. V. ECLI:EU:C:2019:801 (Case No. C-673/17). https://eur-lex.europa.eu/legal-content/DA/TXT/?uri=CELEX:62017CC0673.Google Scholar
Degeling, M., Utz, C., Lentzsch, C., Hosseini, H., Schaub, F., & Holz, T. 2019. We value your privacy … now take some cookies. Informatik Spektrum, 42(5): 345–46.CrossRefGoogle Scholar
Deleuze, G., & Guattari, F. 2013. A thousand plateaus: Capitalism and schizophrenia. London: Bloomsbury Academic.Google Scholar
D-Seal. 2022. Denmark’s new labelling program for IT-security and responsible use of data. https://d-seal.eu/.Google Scholar
Eisenberg, E. M. 2007. Strategic ambiguities: Essays on communication, organization, and identity. London: Sage.10.4135/9781452225937CrossRefGoogle Scholar
Erkkilä, T. 2012. Government transparency: Impacts and unintended consequences. New York: Palgrave Macmillan.CrossRefGoogle Scholar
European Commission. 2016. General data protection regulation GDPR. https://gdpr-info.eu/.Google Scholar
European Parliament. 2020. The CJEU judgment in the Schrems II case. https://www.europarl.europa.eu/RegData/etudes/ATAG/2020/652073/EPRS_ATA(2020)652073_EN.pdf.Google Scholar
Fenster, M. 2006. The opacity of transparency. Iowa Law Review, 91: 885949.Google Scholar
Fenster, M. 2015. Transparency in search of a theory. European Journal of Social Theory, 18(2): 150–67.10.1177/1368431014555257CrossRefGoogle Scholar
Flyverbom, M. 2019. The digital prism. Cambridge: Cambridge University Press.CrossRefGoogle Scholar
Foucault, M. 2007. Security, territory, population. New York: Palgrave Macmillan.Google Scholar
Fung, A. 2013. Infotopia: Unleashing the democratic power of transparency. Politics and Society, 41(2): 183212.10.1177/0032329213483107CrossRefGoogle Scholar
Fung, A., Graham, M., & Weil, D. 2007. Full disclosure: The perils and promise of transparency. Cambridge: Cambridge University Press.10.1017/9780521699617CrossRefGoogle Scholar
Garsten, C., & de Montoya, L. 2008. Transparency in a new global order: Unveiling organizational visions. Cheltenham, UK: Edward Elgar.10.4337/9781848441354CrossRefGoogle Scholar
Goldsmith, J., & Wu, T. 2006. Who controls the internet? Illusions of a borderless world. New York: Oxford University Press.CrossRefGoogle Scholar
Haack, P., Martignoni, D., & Schoeneborn, D. 2021. A bait-and-switch model of corporate social responsibility. Academy of Management Review, 43(3): 440–64.10.5465/amr.2018.0139CrossRefGoogle Scholar
Haack, P., Schoeneborn, D., & Wickert, C. 2012. Talking the talk, moral entrapment, creeping commitment? Exploring narrative dynamics in corporate responsibility standardization. Organization Studies, 33(5–6): 815–45.10.1177/0170840612443630CrossRefGoogle Scholar
Hansen, H. K., & Flyverbom, M. 2015. The politics of transparency and the calibration of knowledge in the digital age. Organization, 22(6): 872–89.CrossRefGoogle Scholar
Heald, D. 2006. Transparency as an instrumental value. In Hood, C. & Heald, D. (Eds.), Transparency: The key to better governance?: 5973. Oxford: Oxford University Press.Google Scholar
Heil, O., & Robertson, T. S. 1991. Toward a theory of competitive marketing signaling: A research agenda. Strategic Management Journal, 12(6): 403–18.10.1002/smj.4250120602CrossRefGoogle Scholar
Heimstädt, M. 2017. Openwashing: A decoupling perspective on organizational transparency. Technological Forecasting and Social Change, 125: 7786.CrossRefGoogle Scholar
Hood, C., & Heald, D. (Eds.). 2006. Transparency: A key to better governance? Oxford: Oxford University Press.10.5871/bacad/9780197263839.001.0001CrossRefGoogle Scholar
International Organization for Standardization. 2019. ISO/IEC 27701:2019. https://www.iso.org/standard/71670.html.Google Scholar
Irish Council for Civil Liberties. 2021. Europe’s enforcement paralysis: ICCL’s 2021 report on the enforcement capacity of data protection authorities. https://www.iccl.ie/wp-content/uploads/2021/09/Europes-enforcement-paralysis-2021-ICCL-report-on-GDPR-enforcement.pdf.Google Scholar
Jensen, C., & Potts, C. 2004. Privacy policies as decision-making tools: An evaluation of online privacy notices. In Proceedings of the SIGCHI conference on Human Factors in Computing Systems: 471–78. New York: ACM.10.1145/985692.985752CrossRefGoogle Scholar
Kant, I. 1784. Beantwortung der frage: Was ist aufklärung? Berlinische Monatsschrift, 12: 481–94.Google Scholar
Linden, T., Khandelwal, R., Harkous, H., & Fawaz, K. 2020. The privacy policy landscape after the GDPR. Proceedings on Privacy Enhancing Technologies, 2020(1): 4764.10.2478/popets-2020-0004CrossRefGoogle Scholar
MacKenzie, D. 2006. An engine not a camera: How financial models shape markets. Cambridge, MA: MIT Press.CrossRefGoogle Scholar
Mayer-Schönberger, V., & Cukier, K. 2013. Big data: A revolution that will transform how we live, work, and think. Boston: Houghton Mifflin Harcourt.Google Scholar
McDonald, A. M., & Cranor, L. F. 2008. The cost of reading privacy policies. I/S: A Journal of Law and Policy, 4(3): 543–68.Google Scholar
Meyer, J. W., & Rowan, B. 1977. Institutionalized organizations: Formal structure as myth and ceremony. American Journal of Sociology, 83(2): 340–63.CrossRefGoogle Scholar
Mohan, J., Wasserman, M., & Chidambaram, V. 2019. Analyzing GDPR compliance through the lens of privacy policy. In Gadepally, V., Mattson, T., Stonebraker, M., Wang, F., Luo, G., Laing, Y., & Dubovitskaya, A. (Eds.), Heterogeneous data management, polystores, and analytics for healthcare: 8295. New York: Springer.CrossRefGoogle Scholar
Nissenbaum, H. 2011. A contextual approach to privacy online. Daedalus, 140(4): 3248.CrossRefGoogle Scholar
Nouwens, M., Liccardi, I., Veale, M., Karger, D., & Kagal, L. 2020. Dark patterns after the GDPR: Scraping consent pop-ups and demonstrating their influence. In Proceedings of the 2020 CHI conference on Human Factors in Computing Systems: 113. New York: Association for Computing Machinery.Google Scholar
Obar, J. A., & Oeldorf-Hirsch, A. 2018. The biggest lie on the Internet: Ignoring the privacy policies and terms of service policies of social networking services. Information, Communication, and Society, 23(1): 128–47.10.1080/1369118X.2018.1486870CrossRefGoogle Scholar
O’Neill, O. 2002. Autonomy and trust in bioethics. Cambridge: Cambridge University Press.CrossRefGoogle Scholar
O’Neill, O. 2006. The limits of accountability. Accounting, Organizations, and Society, 34(8): 918–38.Google Scholar
Pasquale, F. 2015. The black box society. Cambridge, MA: Harvard University Press.CrossRefGoogle Scholar
Rawlins, B. 2009. Give the emperor a mirror: Toward developing a stakeholder measurement of organizational transparency. Journal of Public Relations Research, 21(1): 7199.10.1080/10627260802153421CrossRefGoogle Scholar
Richards, N. M., & King, J. H. 2013. Three paradoxes of big data. Stanford Law Review Online, 66(4): 4146.Google Scholar
Ringel, L. 2019. Unpacking the transparency-secrecy nexus: Frontstage and backstage behaviour in a political party. Organization Studies, 40(5): 705–23.10.1177/0170840618759817CrossRefGoogle Scholar
Roberts, J. 2009. No one is perfect: The limits to transparency and the ethic for “intelligent” accountability. Accounting, Organizations, and Society, 34(8): 957–70.CrossRefGoogle Scholar
Roberts, J. 2018. Managing only with transparency: The strategic functions of ignorance. Critical Perspectives on Accounting, 55(C): 5360.CrossRefGoogle Scholar
Sanchez-Rola, I., Dell’Amico, M., Kotzias, P., Balzarotti, D., Bilge, L., Vervier, P. A., & Santos, I. 2019. Can I opt out yet? GDPR and the global illusion of cookie control. In Proceedings of the 2019 ACM Asia conference on Computer and Communications Security: 340–51. New York: ACM.10.1145/3321705.3329806CrossRefGoogle Scholar
Schackenberg, A., & Tomlinson, E. 2016. Organizational transparency: A new perspective on managing trust in organization–stakeholder relationships. Journal of Management, 42(7): 1784–810.Google Scholar
Scherer, A. G., & Neesham, C. 2020. New challenges to enlightenment: Why socio-technological conditions lead to organized immaturity and what to do about it. Working paper, University of Zurich and Newcastle University.Google Scholar
Stohl, C., Stohl, M., & Leonardi, P. M. 2016. Managing opacity: Information visibility and the paradox of transparency in the digital age. International Journal of Communication, 10: 123–37.Google Scholar
Strathern, M. 2000. Audit cultures: Anthropological studies in accountability, ethics, and the academy. London: Routledge.Google Scholar
Swiss Digital Initiative. 2020. Our work. https://www.swiss-digital-initiative.org/our-work/.Google Scholar
Tesfay, W. B., Hofmann, P., Nakamura, T., Kiyomoto, S., & Serna, J. 2018. Privacyguide: Towards an implementation of the EU GDPR on internet privacy policy evaluation. In Proceedings of the fourth ACM international workshop on Security and Privacy Analytics: 1521. New York: ACM.10.1145/3180445.3180447CrossRefGoogle Scholar
Thedvall, R. 2008. Transparency at work: The production of indicators for EU employment policy. In Garsten, C. & de Montoya, L. (Eds.), Transparency in a new global order: 143–60. Cheltenham, UK: Edward Elgar.Google Scholar
Trittin-Ulbrich, H., Scherer, A. G., Munro, I., & Whelan, G. 2021. Exploring the dark and unexpected sides of digitalization: Toward a critical agenda. Organization, 28(1): 825.CrossRefGoogle Scholar
Trzaskowski, J., & Sørensen, M. G. 2019. GDPR compliance—understanding the General Data Protection Regulation. Copenhagen: Ex Tuto.Google Scholar
Urban, T., Tatang, D., Degeling, M., Holz, T., & Pohlmann, N. 2018. The unwanted sharing economy: An analysis of cookie syncing and user transparency under GDPR. arxiv.org/abs/1811.08660.Google Scholar
Utz, C., Degeling, M., Fahl, S., Schaub, F., & Holz, T. 2019. (Un) informed consent: Studying GDPR consent notices in the field. In Proceedings of the 2019 ACM SIGSAC conference on Computer and Communications Security: 973–90. New York: ACM.CrossRefGoogle Scholar
West, S. M. 2019. Data capitalism: Redefining the logics of surveillance and privacy. Business and Society, 58(1): 2041.10.1177/0007650317718185CrossRefGoogle Scholar
Whelan, G. 2019. Trust in surveillance: A reply to Etzioni. Journal of Business Ethics, 156: 1519.10.1007/s10551-018-3779-4CrossRefGoogle Scholar
Whelan, G. 2021. Megacorporation: The infinite times of Alphabet. Cambridge: Cambridge University Press.CrossRefGoogle Scholar
Zuboff, S. 2015. Big other: Surveillance capitalism and the prospects of an information civilization. Journal of Information Technology, 30(1): 8589.CrossRefGoogle Scholar
Zuboff, S. 2019. The age of surveillance capitalism: The fight for a human future at the new frontier of power. London: Profile Books.Google Scholar