翻译以.原文和在同一文件中前

4.4.2（包括纸质和，经常这么做不但是因为他们保留这些记录可以要消耗的物质花费会继续随着时间以指数形式递减（特别是保存在云端的数据，这会导致部和私营门有长时持有和这些明显蕴隐私信数据的倾。已经存档的数据可能会对未来的历史学家的分析抑或是学术研究者的纵向分析提供重要的3.1.2节讨论的那样，然只代表很短暂的部分（4.2.1部分“指定接收者的移动设备，这些快照（）的可见性只有几秒钟。SnapChat承诺从它们的服务器删除过期的快照（，但这仅仅是一个承诺。SnapChat很的保证收件和设备是否可见，这种框架变的越来越行不通而且无效。PCAST认为责任应该取决于如何完成这个目标呢？个人可能会被鼓励把他自己和一组第自愿提供的标准的隐私偏好配置文件（也就是指设置或选择中的一个联系起来。举个例子，简可能选（虽然有专业可以用自然语言描述的隐私策略，但是未来理想的方法是可以3.13.2PCAST的信念是专注于个人电家称之为自然语言（相当于简明英语）和该由用户完成的部分，或者是形式上的阐国机构服务[2]。TDF在文件的层次上操作运行。该系统主要是在自定义的基础上由这样以产品为基础的公司和新创业的开拓审计、政策分析和策略推理引擎的公司同样比较专业。有足够的市场需求，更广泛的市场渗透可能会在内发生。如 罚的威慑到违法者的时候。有害行为的威慑帮助激励隐私保护技术的部署。常不是自动的，所谓的负责系统开始被部署（4.5.2部分。OpenStack（和Rackspace结合）[2]这样的开放源码的系统和其他的供应商平台。应用程序（CPBRCPBR关于商业（不是公共部门）使用个人数据的，是对隐私价值的新调整CPBR的分类原则是有用的。 客户类别包含下列元素PCASTCPBR潜在的规律持赞成的态度。由于大数据和快速变化的技术相关，然而，CPBR有效的操作化风险。到目前为止，关于如何操作CPBR的讨论已经聚是，正如在这篇报告的多个部分(3.1.2，4.4,4.5.2)讨论的那样，PCAST认为这样一个PCASTCPBR样的数据可能会作为数据收集后的产品分析出现并且这些数据可能已经经过了几人之R对“客户提供的数据”的连接是有限制的。这一权利需要个（见1.4）CPBR的安全性和义务的潜在原则对一个使用为基础的来说仍然是合法的。他其次谈谈这里权利的分类和客户的个人控制和的原则。4.3节解释了创造性的大数据分析产品怎么做出这一切，但是不可能为每个新的情PCAST认为负担不应该再落在客户身上，管理隐私对每个与客户用“注意与同意”这个文件是客户指定的对这个公司有效的文件（包括第客户指定的文件。4.5.1节提是数据收集。然而，正如这份报告已经解释的部分（4.4.2节，对一个公司来说并不总See,forexample:RyanWhitwam,“SnapSaveforDefeatsthePurposeofSnapchat,SavesEverythingForever,”PCMagazine,August12, Abelson,HalandLalanaKagal,“AccessControlisanInadequateFrameworkforPrivacyProtection,”W3CWorkshoponPrivacyforAdvancedWebAPIs12/13,July2010,London.Mundie,Craig,“PrivacyPragmatism:FocusonDataUse,NotDataCollection,”ForeignAffairs,March/April,2014.Nissenbaum,H.,“PrivacyinContext:Technology,,andtheIntegrityofSocialLife,”StanfordLawBooks,2009.Seereferencesatfootnote107andalso:(1)Weitzner,D.J.,etal.,“InformationAccountability,”CommunicationsoftheACM,June2008,pp.82‐87.(2)Tschantz,MichaelCarl,AnupamDatta,and nnetteM.Wing,“FormalizingandEnforcingPurposeRestrictionsinPrivacyPolicies.”Forexample,atCarnegieMellonUniversity,LorrieCranordirectstheCyLabUsablePrivacyandSecurityLaboratory().Also,see2ndInternationalWorkshoponAccountability:Science,Technologyand,MITComputerScienceandArtificialInligenceLaboratory,January29‐30,2014.Oracle’seXtensibleAccessControlMarkupLanguage(XACML)hasbeenusedtoimplementattribute‐basedaccesscontrolsforidentitymanagementsystems. communication,MarkGorenbergandPeterGuerraofBoozOfficeoftheDirectorofNationalInligence,“ICCIOEnterpriseIntegration&Architecture:TrustedDataFormat.”：Lawyersmayencouragecompaniestouseover‐inclusivelanguagetocovertheunpredictableevolutionofpossibilitiesdescribedelsewhereinthisreport,evenintheabsenceofspecificnstousespecificcapabilities.REPORTTOBIGDATAANDPRIVACY:ATECHNOLOGICALExecutiveOfficeof’sCouncilofAdvisorsonScienceandTechnologyMaygeneral,asthesizeanddiversityofavailabledatagrows,thelikelihoodofbeingabletore‐identify(thatis,re‐associatetheirrecordswiththeirnames)growsOnecompellingexamplecomesfromSweeney,Abu,andWinn.120Theyshowedinarecentpaperthat,byfusing alGenomeProjectprofilescontainingzipcode,birthdate,andgenderwithpublicvoterrolls,andminingfornameshiddeninattached s,84‐97percentoftheprofilesforwhichnameswereprovidedwerecorrectlyidentified.Anonymizationremainssomewhatusefulasanaddedsafeguard,butitisnotrobustagainstnear‐termfuturere‐identificationmethods.PCASTdoesnotseeitasbeingausefulbasisfor.Unfortunay,anonymizationisalreadyrootedinthelaw,sometimesgivingafalseexpectationofprivacywheredatalackingcertainidentifiersaredeemednottobeallyidentifiableinformationandthereforenotcoveredbysuchlawsastheFamilyEducationalRightsandPrivacyAct(FERPA).DeletionandItisanevidentgoodbusinesspracticethatdataofallkindsshouldbedeletedwhentheyarenolongerofvalue.Indeed,well‐runcompaniesoftenmandatethedestructionofsomekindsofrecords(bothpaperandelectronic)afterspecifiedperiodsoftime,oftenbecausetheyseelittlebenefitinkeetherecordsaswellaspotentialcostinproducingthem.Forexample,employees,whichmaybesubjecttolegalprocessby(e.g.)divorcelawyers,areoftenseenashavingnegativeretentionvalue.Countertothispracticeisthenewobservationthatbigdataisfrequentlyabletofindeconomicorsocialvalueinmassesofdatathatwereotherwiseconsideredtobeworthless.Asthephysicalcostofretentioncontinuestodecreaseexponentiallywithtime(especiallyinthecloud),therewillbeatendencyinbothernmentandtheprivatesectortoholdmoredataforlonger–withobviousprivacyimplications.Archivaldatamayalsobeimportanttofuturehistorians,orforlaterlongitudinalysisbyacademicresearchers.Onlyinterventionswillcounterthistrend.ernmentcanmandateretentionpoliciesforitself.Toaffecttheprivatesector,ernmentmaymandatepolicieswhereithasregulatory(asforconsumerprotection,forexample).Butitcanalsoencouragethedevelopmentofstricterliabilitystandardsforcompanieswhosedata,includingarchiveddata,causeharmtoindividuals.Arationalresponsebytheprivatesectorwouldthenbetoholdfewerdataortoprotecttheiruse.Theaboveholdstrueforprivacy‐sensitivedataaboutindividualsthatareheldovertly–thatis,theholderknowsthathehasthedataandtowhomtheyrelate.AswasdiscussedinSection3.1.2,however,sourcesofdataincreasinglycontainlatentinformationaboutindividuals,informationthat esknownonlyiftheholderexpendsyticresources(whatmaybeeconomicallyfeasible),orthatmay eknowableonlyinthefuturewiththedevelopmentofnewdata‐miningalgorithms.Insuchcasesitispracticallyimpossibleforthedataholdereventosurface“allthedataaboutanindividual,”muchlessdeletethosedataonanyspecified119De‐identificationcanalsobeseenasaspectrum,ratherthanasingleapproach.See:“ResponsetoRequestforInformationFiledbyU.S.PublicCounciloftheAssociationforComputingMachinery,”March2014.120Sweeney,etal.,“IdentifyingParticipantsin alGenomeProjectbyName,”HarvardUniversityDataPrivacyWhitePaper1021‐1,April24,2013.Theconceptsofephemerality(keedataonlyon‐the‐flyorforabriefperiod),andtransparency(enablingtheindividualtoknowwhatdataabouthimorherareheld)arecloselyrelated,andwiththesamepracticallimitations.Whiledatathatareonlystreamed,andnotarchived,mayhavelowerriskoffutureuse,thereisnoguaranteethataviolatorwillybythesupposedrls,asinTargt’slossof100milliondeitcardPINs, presentonlyephemerally(seeSection4.2.1).Today,giventhedistributedandredundantnatureofdatastorage,itisnotevenclearthatdatacanbedestroyedwithanyusefuldegreeofassurance.Althoughresearchondatadestructionisongoing,itisafundamentalfactthatatthemomentthatdataaredisyed(in“ og”)toauser’seyeballsorears,theycanalsobecopied(“re‐digitized”)withoutanytechnicalprotections.Thesameholdsifdataareevermadeavailableinunencryptedformtoaroguecomputerprogram,onedesignedtocircumventtechnicalsafeguards.Somemisinformedpublicdiscussionnotwithstanding,thereisnosuchthingasautomaticallyself‐deletingdata,otherthaninafullycontrolledandrule‐abidingenvironment.Asacurrentexample,SnapChatprovidestheserviceofdeliveringephemeralsnapshots(images),visibleforonlyafewseconds,toadesignatedrecipient’sdevice.SnapChatpromisestodeletepast‐datesnapsfromtheirservers,butitisonlyapromise.And,theyarecarefulnottopromisethattheintendedrecipientmaynotcontrivetomakeanuncontrolledandnon‐expiringcopy.Indeed,thesuccessofSnapChatincentivizesthedevelopmentofjustsuchcopyingapplications.121Fromamaking,theonlyviableassumptiontoday,andfortheforeseeablefuture,isthatdata,oncecreated,arepermanent.Whiletheirusemayberegulated,theirexistenceisbestconsideredconservativelyasunal blefact.RobustgoingASuccessortoNoticeandThepurposeofnoticeandconsentisthattheuserassentstothecollectionanduseofaldataforastatedpurposethatisacceptabletothatindividual.GiventhelargenumberofprogramsandInternet‐availabledevices,bothvisibleandnot,thatcollectandusealdata,thisframeworkisincreasinglyunworkableandineffective.PCASTbelievesthattheresponsibilityforusingaldatainaccordancewiththeuser’spreferencesshouldrestwiththeprovider,possiblyassistedbyamutuallyacceptedintermediary,ratherthanwiththeuser.Howmightthatbe plished?Individualsmightbeencouragedtoassociatethemselveswithoneofastandardsetofprivacypreferenceprofiles(thatis,settingsorchoices)voluntarilyofferedbythirdparties.Forexample,JanemightchoosetoassociatewithaprofileofferedbytheAmericanCivilLibertiesUnionthatgivesparticularweighttoindividualrights,whileJohnmightassociatewithoneofferedbyConsumerReportsthatgivesweighttoeconomicvaluefortheconsumer.Largeappstores(suchasAppleAppStore,y,Store)forwhomreputationalvalueisimportant,orlargecommercialsectorssuchasfinance,mightchoosetooffercompetingprivacy‐preferenceprofiles.121See,forexample:RyanWhitwam,“SnapSavefor DefeatsthePurposeofSnapchat,SavesEverythingForever,”PCMagazine,August12,2013.http://a 40 Inthefirstinstance,anorganizationofferingprofileswouldvetnewappsasacceptableornotacceptablewithineachoftheirprofiles.Basically,theywoulddotheclosereadingoftheprovider’snoticethattheusershould,butdoesnot,do.Thisisnotasonerousasitmaysound:Whiletherearemillionsofapps,themostpopulardownloadsarerelativelyfewandareconcentratedinarelativelysmallnumberofportals.The“longtail”ofappswithfewcustomerseachmightinitiallybeleftas“unrated.”Simplybyvettingapps,thethird‐partyorganizationswouldautomaticallycreateamarketceforthenegotiationofcommunitystandardsforprivacy.Toattractmarketshare,providers(especiallysmallerones)couldseektoqualifytheirofferingsinasmanyprivacy‐preferenceprofiles,offeredbyasmanydifferentthirdparties,astheydeemfeasible.TheFederalernment(e.g.,throughtheNationalInstituteofStandardsandTechnology)couldencouragethedevelopmentofstandard,machine‐readableinterfacesforthecommunicationofprivacyimplicationsandsettingsbetweenprovidersandassessors.Althoughhumanprofessionalscoulddothevettingtodayusingpoliciesexpressedinnaturallanguage,itwouldbedesirableinthefuturetoautomatethatprocess.Todothat,itwouldbenecessarytohaveformalismstospecifyprivacypoliciesandtoolstoyzesoftwaretodetermineconformancetothosepolicies.Butthatisonlypartofthechallenge.Agreaterchallengeistomakesurethelanguageissufficientlyexpressive,thepoliciesaresufficientlyrich,andconformancetestsaresufficientlypowerful.Thoserequirementsleadtoaconsiderationofcontextanduse.ContextandThepreviousdiscussion,particularlythatofSections3.1and3.2,illustratesPCAST’sbeliefthatafocusonthecollection,storage,andretentionofelectronicaldatawillnotprovideatechnologicallyrobustfoundationonwhichtobasefuture.Amongthemanyauthorsthathavetouchedontheseissues,KaganandAbelsonexinwhyaccesscontroldoesnotsufficetoprotectprivacy.122Mundiegivesacogentandmorecompleteexnationofthisissueandadvocatesthatprivacyprotectionisbetterservedbycontrollingtheuseofaldata,broadlyconstrued,includingmetadataanddataderivedfromyticsthanbycontrollingcollection.123Inacomplementaryvein,Nissenbaumexinsthatboththecontextofusageandtheprevailingsocialnormscontributetoacceptableuse.124Toimplementinameaningfulwaytheapplicationofprivacypoliciestotheuseofaldataforaparticularpurpose(i.e.,incontext),thosepoliciesneedtobeassociatedbothwithdataandwiththecodethatoperatesonthedata.Forexample,itmustbepossibletoensurethatonlyappswithparticularpropertiescanbeappliedtocertaindata.Thepoliciesmightbeexpressedinwhatcomputerscientistscallnaturallanguage(inEnglishortheequivalent)andtheassociationdonebytheuser,orthepoliciesmightbestatedformallyandtheirassociationandenmentdoneautomatically.Ineithercase,theremustalsobepoliciesassociatedwiththeoutputsofthecomputation,sincetheyaredataaswell.Theprivacypoliciesoftheoutputdatamustbecomputedfromthepoliciesassociatedwiththeinputs,thepoliciesassociatedwiththecode,andtheintendeduseoftheoutputs(i.e.,thecontext).Theseprivacypropertiesareakindofmetadata.Toachieveareasonablelevelofreliability,theirimplementationmustbetamper‐proofand“sticky”whendataarecopied.122Abelson,HalandLalanaKagal,“AccessControlisanInadequateFrameworkforPrivacyProtection,”W3CWorkshoponPrivacyforAdvancedWebAPIs12/13,July2010,London.‐privacy‐ws/papers.html124Nissenbaum,H.,“PrivacyinContext:Technology,,andtheIntegrityofSocialLife,”StanfordLawBooks,Therehasbeenconsiderableresearchinareasthatwouldcontributetosuchacapability,someofwhichisbeginningtobecommercialized.Thereisahistoryofusingmetadata(“tags”or“attributes”)indatabasesystemstocontroluse.Whiletheformalizationofprivacypoliciesandtheirsynthesisisaresearchtopic,125manualinterpretationofsuchpoliciesandthehumandeterminationofusagetagscanbefoundinrecentproducts.Identitymanagementsystems(toauthenticateusersandtheirroles,i.e.,theircontext)arealsoevidentbothinresearch126andinpractice.127CommercialprivacysystemsforimplementingusecontrolexisttodayunderthenameofTrustedDataFormat(TDF)implementations,developedprincipallyfortheUnitedStatesin ligencecommunity.128TDFoperatesatthefilelevel.Thesystemsareprimarilybeingimplementedonacustombasisbylargeconsultingfirms,oftenassembledfromopen‐sourcesoftwarecomponents.Customerstodayareprimarilyernmentagencies,suchasFederalinligenceagenciesorlocal‐ernmentcriminalinligenceunits,orlargecommercialcompaniesinverticallyintegratedindustrieslikefinancialservicesandpharmaceuticalcompanieslookingtoimprovetheiraccountabilityandauditingcapabilities.Consultingservicesthathaveexpertiseinbuildingsuchsystemsinclude,forexample,BoozAllen,Ernst&Young,IBM,NorthropGrumman,andLockheed;product‐basedcompanieslikePalantirandnewstartupspioneeringinternalusageauditing, ytics,andreasoningengineshavesuchexpertise,aswell.Withsufficientmarketdemand,morewidespreadmarketpenetrationcouldhappeninthenextfiveyears.Marketpenetrationwouldbefurtheracceleratediftheleadingcloud‐tfor likeAmazon,,andimpleentedusage‐controlledsystemintheirWider‐scaleusethroughtheernmentwouldhelpmotivatethecreationofoff‐the‐shelfstandard mentandPrivacypoliciesandthecontrolofuseincontextareonlyeffectivetotheextentthattheyarerealizedandend.Technicalmeasuresthatincreasetheprobabilitythataviolatoriscaughtcanbeeffectiveonlywhenthereareregulationsandlawswithcivilorcriminalpenaltiestodetertheviolators.Thenthereisbothdeterrenceofharmfulactionsandincentivetodeployprivacy‐protectingItistodaystraightforwardtechnicallytoassociatemetadatawithdata,withvaryingdegreesofgranularityrangingfromanindividualdatum,toarecord,toanentirecollection.Thesemetadatacanrecordawealthofauditableinformation,forexample,provenance,detailedaccessandusepolicies,authorizations,logsofactualaccessanduse,anddestructiondates.Extendingsuchmetadatatoderivedorshareddata(secondaryuse)togetherwithprivacy‐awareloggingcanfacilitateauditing.Althoughthestateoftheartisstillsomewhatadhoc,andauditingisoftennotautomated,so‐calledaccountablesystemsarebeginningtobedeployed(Section125Seereferencesatfootnote107andalso:(1)Weitzner,D.J.,etal.,“InformationAccountability,”CommunicationsoftheACM,June2008,pp.82‐87.(2)Tschantz,MichaelCarl,AnupamDatta,andnnetteM.Wing,“FormalizingandEnforcingPurposeRestrictionsinPrivacyPolicies.”126Forexample,atCarnegieMellonUniversity,LorrieCranordirectstheCyLabUsablePrivacyandSecurity().Also,see2ndInternationalWorkshoponAccountability:Science,Technologyand,ComputerScienceandArtificialInligenceLaboratory,January29‐30,127Oracle’seXtensibleAccessControlMarkupLanguage(XACML)hasbeenusedtoimplementattribute‐basedaccesscontrolsforidentitymanagementsystems.(alcommunication,MarkGorenbergandPeterGuerraofBoozAllen)128OfficeoftheDirectorofNationalIn ligence,“ICCIOEnterpriseIntegration&Architecture:TrustedDataFormat.”4.5.2).Theabilitytodetectviolationsofprivacypolicies,particularlyiftheauditingisautomatedandcontinuous,canbeusedbothtodeterprivacyviolationsandtoensurethatviolatorsarepunished.Inthenextfiveyears,withregulationormarket‐drivenencouragement,thelargecloud‐basedinfrastructuresystems(e.g.,,Amazon, ,Rackspace)could,asoneexample,incorporatethedata‐provenanceandusage‐complianceaspectsofaccountablesystemsintotheircloudapplication‐programminginterfaces(APIs)andadditionallyprovideAPIsforawareness.Thesecapabilitiescouldthenreadilybeincludedinopen‐source‐basedsystemslikeOpenStack(associatedwithRackspace)129andotherprovidertfors.Applicationsintendedtorunonsuchcloud‐basedsystemscouldbebuiltwithprivacyconcepts“bakedthem,”evenwhentheyaredevelopedbysmallenterprisesorindividualOperationalizingtheConsumerPrivacyBillofInFebruary2012,theAdministrationissuedareportsettingforthaConsumerPrivacyBillofRights(CPBR).TheCPBRaddressescommercial(notpublicsector)usesofaldataandisastrongstatementofAmericanprivacyvalues.Forpurposesofthisdiscussion,theprinciplesembodiedinCPBRcanbedividedintotwocategories.First,thereareobligationsfordataholders,yzers,orcommercialusers.Thesearepassivefromtheconsumer’sstandpoint–theobligationsshouldbemetwhetherornottheconsumerknows,cares,oracts.Second,anddifferent,thereareconsumerempowerments,thingsthattheconsumershouldbeempoweredtoinitiateactively.ItisusefulheretorearrangetheCPBR’sprinciplesbycategory.InthecategoryofobligationsaretheseRespectforContext:Consumershavearighttoexpectthatcompanieswillcollect,use,anddisclosealdatainwaysthatareconsistentwiththecontextinwhichconsumersprovidethedata.FocusedCollection:Consumershavearighttoreasonablelimitsonthealdatathatcompaniescollectandretain.Security:ConsumershavearighttosecureandresponsiblehandlingofalAccountability:ConsumershavearighttohavealdatahandledbycompanieswithappropriatemeasuresincetoassuretheyadheretotheConsumerPrivacyBillofRights.InthecategoryofconsumerempowermentsaretheseIndividualControl:Consumershavearighttoexercisecontroloverwhataldatacompaniescollectfromthemandhowtheyuseit.Transparency:Consumershavearighttoeasilyunderstandableandaccessibleinformationaboutprivacyandsecuritypractices.AccessandAccuracy:Consumershavearighttoaccessandcorrectaldatainusableformats,inamannerthatisappropriatetothesensitivityofthedataandtheriskofadverseconsequencestoconsumersifthedataareinaccurate.PCASTendorsesassoundtheprinciplesunderlyingCPBR.Becauseoftherapidlychangingassociatedwithbigdata,however,effectiveoperationalizationofCPBRisatrisk.Uptonow,debateoverhowtooperationalizeCPBRhasfocusedonthecollection,storage,andretentionofdata,withanemphasisonthe129See:“small‐data”contextsthatmotivatedCPBRdevelopment.But,asdiscussedatmultiplecesinthisreport(e.g.,Sections3.1.2,4.4and4.5.2),PCASTbelievesthatsuchafocuswillnotprovideatechnologicallyrobustfoundationonwhichtobasefuturethatalsoappliestobigdata.Further,theincreasingcomplexityofapplicationsandusesofdataunderminesevenasimpleconceptlike“noticeandconsent.”PCASTbelievesthattheprinciplesofCPBRcanreadilybeadaptedtoamorerobustregimebasedonrecognizingandcontrollingharmfulusesofthedata.Somespecificsuggestionsfollow.TurnfirsttotherightsclassifiedaboveasobligationsonthedataTheprincipleofRespectforContextneedsaugmentation.Asthisreporthasrepeatedlydiscussed,thereareinstancesinwhichaldataarenotprovidedbythecustomer.Suchdatamayemergeasaproductofysiswellafterthedatawerecollectedandaftertheymayhavepassedthroughseveralhands.Whiletheintentoftherightisappropriate,namelythatdatabeusedforlegitimatepurposesthatdonotproducecertainadverseconsequencesorharmstoindividuals,theCPBR’sarticulationinwhich“consumersprovidethedata”istoolimited.Thisrightneedstostateinsomewaythatdataaboutanindividual–howeveracquired–notbeusedsoastocausecertainadverseconsequencesorharmstothatindividual.(SeeSection1.4forapossiblelistofadverseconsequencesandharmsthatmightbesubjecttosomeregulation.)Asinitiallyconceived,therighttoFocusedCollectionwastobeachievedbytechniqueslikede‐identificationanddatadeletion.AsdiscussedinSection4.4.1,however,de‐identification(anonymization)isnotarobusttechnologyforbigdatainthefaceofdatafusion;insomeinstances,theremaybecompellingreasonstoretaindataforbeneficialpurposes.Thisrightshouldbeaboutuseratherthancollection.Itshouldemphasizeutilizingbestpracticestopreventinappropriateuseofdataduringthedata’swholelifecycle,ratherthandependingonde‐identification.Itshouldnotdependona’sbeingableitselftorecognize“all”thedataaboutaconsumerthatitholds,whichisincreasinglytechnicallyinfeasible.TheprinciplesunderlyingCPBR’sSecurityandAccountabilityremainvalidinause‐basedregime.Theyneedtobeappliedthroughoutthevaluechainthatincludesdatacollection,ysis,anduse.TurnnexttotherightshereclassifiedasconsumerWhereconsumerempowermentshave epracticallyimpossiblefortheconsumertoexercisemea