Abstract
This chapter summarizes the results of this book and draws some legal policy conclusions. Our findings are mainly based on the analysis of legal framework conditions and the evaluation of the privacy statements of crowdsourcing platforms located in China, Germany and the U.S., presented in the preceding chapters. The results of this study provide inspiration for future research and legal action in the field of crowdsourcing and data privacy.
This chapter was written by Sonja Mangold.
You have full access to this open access chapter, Download chapter PDF
5.1 Increasing Regulation and Regulatory Competition
To date, there is no specific regulation for data protection on crowdsourcing platforms in China, Germany and the U.S. In all three countries, however, there has been an increase in legislative activities addressing the handling of data on such platforms in recent years. In Germany, the EU GDPR provides a comparatively strict data protection framework for the digital market. The GDPR has led public lawmakers in other countries, including China and the U.S., to enact similar legislation. This points to a regulatory “race to the top” in privacy regulation. On the other hand, the spillover effects of the GDPR have been limited in the privacy statements of Chinese and U.S. platforms. Only a minority of the U.S. platforms and none of the Chinese platforms identified in the present volume refer to the GDPR. This confirms existing studies (Frankenreiter, 2022), according to which the impact of EU data protection law on U.S. online firms is lower than has been assumed.
5.2 Processing of User Data
5.2.1 Privacy Statements as Main Source of Information
Almost all crowdsourcing platforms in China, Germany and the U.S. process personal data on their users. All German and most U.S. companies provide this information in a separate privacy statement. In China, on the other hand, most platforms do not publish a privacy statement, but integrate privacy information into the general terms and conditions. Similar to the German fintech sector, platforms in the three countries and different crowdsourcing segments seldom state conclusively what personal data are processed. The privacy statements of the platforms are quite long. The average reading time for users ranges from 16 minutes to almost half an hour. This indicates that many users do not read the privacy statements at all or at least not in their entirety. Standardization or alternative ways of presenting information, such as icons, could be a user-friendly solution (Dorfleitner & Hornuf, 2019; Geminn et al., 2021).
5.2.2 Processing of Crowdworkers’ Data
Crowdsourcing platforms provide a framework for matching clients to workers, primarily freelancers. Personal data of crowdworkers is usually collected and processed throughout the entire business process. The majority of German platforms and a significant number of U.S. platforms distinguish in their privacy statements which data from crowdworkers and other users they process. Only a few Chinese platforms make such a distinction. Crowdsourcing platforms should seek to be even clearer and more transparent in their privacy statements regarding the processing of crowdworker data. In this way, customer trust could be strengthened and fears of excessive surveillance among crowdworkers dispelled. Moreover, early information and transparency would make it easier for crowdworkers to effectively exercise their data protection rights.
5.2.3 Collection of Sensitive Data
According to Art. 9 GDPR, the processing of sensitive data, such as data relating to racial or ethnic origin, health status, or biometric data is only permitted in exceptional cases. Nevertheless, a large number of crowdsourcing platforms in China, Germany and the U.S. process such sensitive data. U.S. platforms in particular collect a wide range of sensitive information, including data on religious affiliation, political opinion, sexual orientation and trade union membership. Chinese platforms stand out for their collection of data on nationality and citizenship. Some U.S. platforms are explicit in stating which personal and sensitive data is not processed. By specifying what data is not collected, platforms can increase user trust and positively differentiate themselves from other competitors. In this respect, the information practices of U.S. crowdsourcing portals could serve as a role model.
5.3 Processing of Data by Third Parties
5.3.1 Data Sharing
The majority of Chinese and German platforms share personal data with third parties. Significantly fewer U.S. platforms state that user data leaves the platform. Similar to German fintech companies, many crowdsourcing platforms are unclear about what data is shared with third parties and to whom the data is transferred. Under European data protection law, platforms must inform their users about data disclosures and the recipients of the data. China’s Personal Information Privacy Law establishes similar obligations. In this respect, the crowdsourcing platforms fail to meet legal requirements. Companies should be more transparent about transfers of personal data. Standardization could be helpful in the presentation of information about data disclosures (Dorfleitner & Hornuf, 2019).
5.3.2 Use of Social Plugins and Web Analytics
Many crowdsourcing platforms use social plugins such as Facebook’s “Like” button. Especially German platforms state that they integrate social plugins on their websites. Chinese platforms mention the use of social plugins less frequently, referring to national services such as WeChat. Social plugins allow users to share content from the crowdsourcing platforms’ website on the social media website. Social plugins can be problematic from a data protection point of view because users’ personal data, such as their IP address, is transferred to the social network (Spittka & Mantz, 2019). Something that may be helpful for platforms in practice would be the “double click” solution, whereby a text field informing the user about the data protection concern is displayed automatically when the user hovers the mouse over the button. If the user activates the button with the first click, a server connection is established with the social network. A further click triggers the actual function of the button (e.g., “liking” the platform’s content on the social media website). The majority of crowdsourcing platforms in China, Germany and the U.S. use web tracking services to collect and analyze data on user behavior on their websites. German crowdsourcing platforms mention most frequently that they use tracking services. The most popular service in the U.S. and Germany is Google Analytics. This result is in line with the German fintech sector. Many platforms also mention advertising services that allow them to display advertising outside their own websites. Compared to the German fintech sector, crowdsourcing platforms are less transparent about which advertising services they use.
5.3.3 Use of Cookies
Most German and U.S. platforms state that they use cookies. Chinese platforms mention cookies less frequently in their privacy statements. In a comparison of the different platform categories, relatively few crowd contest platforms say that they use cookies. Cookies are small text files which platforms place on users’ computers. Cookies are used to make websites more user-friendly, but also to send targeted personalized advertising. A distinction must be made between temporary cookies, which are deleted when the user leaves the website, and permanent cookies, which are stored even after the browser is closed. Permanent cookies are also used for marketing purposes. Numerous German and somewhat fewer U.S. platforms mention the use of permanent cookies in their privacy statements. A significant proportion of crowdsourcing platforms do not provide information about the type of cookies used.
5.3.4 Data Protection Efforts by Platforms and Outlook
Anonymization and Pseudonymization of data are important tools to protect users’ privacy. A considerable number of crowdsourcing platforms declare in their privacy statements that they anonymize or pseudonymize personal information. German platforms mention anonymization and pseudonymization most frequently and even distinguish themselves positively from German fintech companies. In a comparison of the crowdsourcing segments, collaborative communities are particularly privacy-friendly in this respect. Furthermore, a number of U.S. and German crowdsourcing portals advertise on their websites that they go through data protection certification procedures or use data protection seals and audits. For example, U.S. platforms mention that they are TRUSTe certified.
In contrast to public regulation, protection measures initiated by platforms are based on the knowledge and self-interest of the actors involved. Other self-regulatory initiatives, such as the Code of Conduct of German crowdsourcing providers, also integrate data protection measures for users and crowdworkers. Self-initiative efforts made by platforms on data protection and fair business practices should be strengthened by legal policymakers and legislators in the future (Mangold, 2022).
In addition to (voluntary) self-initiatives by platform businesses, pressure is needed from civil society, consumer organizations and labor unions. This book can provide important information for policymakers, the platforms themselves and other actors involved about which data protection problems actually exist in the global crowdsourcing market and need to be tackled in the future.
References
Dorfleitner, G., & Hornuf, L. (2019). FinTech and data privacy: An empirical analysis with policy recommendations. Springer.
Frankenreiter, J. (2022). The missing “California effect” in data privacy law. Yale Journal on Regulation, 1068(2022). Accessed June 9, 2023, from https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3883728
Geminn, C., Francis, L., & Herder, K.-R. (2021). Die Informationspräsentation im Datenschutzrecht – Auf der Suche nach Lösungen. ZD-Aktuell, 2021, 05335.
Mangold, S. (2022). Crowdwork. Aktuelle rechtliche Entwicklungen und Bedeutung wirtschaftsethischer Selbstinitiativen. Recht Digital (RDi), 2022, 478–483.
Spittka, J., & Mantz, R. (2019). Datenschutzrechtliche Anforderungen an den Einsatz von Social Plugins. Neue Juristische Wochenschrift (NJW), 2019, 2742–2745.
Author information
Authors and Affiliations
Rights and permissions
Open Access This chapter is licensed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license and indicate if changes were made.
The images or other third party material in this chapter are included in the chapter's Creative Commons license, unless indicated otherwise in a credit line to the material. If material is not included in the chapter's Creative Commons license and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder.
Copyright information
© 2023 The Author(s)
About this chapter
Cite this chapter
Hornuf, L., Mangold, S., Yang, Y. (2023). Summary and Conclusion. In: Data Privacy and Crowdsourcing . Advanced Studies in Diginomics and Digitalization. Springer, Cham. https://doi.org/10.1007/978-3-031-32064-4_5
Download citation
DOI: https://doi.org/10.1007/978-3-031-32064-4_5
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-32063-7
Online ISBN: 978-3-031-32064-4
eBook Packages: Business and ManagementBusiness and Management (R0)