Governing the Digital Commons

Permanent URI for this collectionhttps://hdl.handle.net/10125/112508

Browse

Recent Submissions

Now showing 1 - 3 of 3
  • Thumbnail Image
    Item type: Item ,
    Governing Manipulative and Synthetic Content on Social Media Platforms
    (2026-01-06) Kaushik, Smirity; Sanfilippo, Madelyn Rose
    Social media platforms are immensely popular among young adults (13-20 years old). However, these platforms also pose distinct risks, including fraudulent advertisements and scams. The rise of Generative AI (GenAI) based advertising has exacerbated these risks, including deepfake scams. Using the integrated Governing Knowledge Commons-Contextual Integrity (GKC-CI) framework, we perform a structured content analysis of the policies from three stakeholders: social media platforms, foundational GenAI model providers, and GenAI-based advertising services. We analyze how these entities define and constrain the use of GenAI in social media advertising, with particular attention to protection for young adults against manipulative and synthetic GenAI content. We found that current governance lacks enforceable rules regarding GenAI, and are especially lacking in protecting young adults. We discuss implications for platforms and regulators to strengthen institutional governance for GenAI-based advertising targeting young adults.
  • Thumbnail Image
    Item type: Item ,
    Privacy Fragility in Direct-to-Consumer Genetic Testing: Lessons from the 23andMe Journey
    (2026-01-06) Kotlan, Anna; Magoon, Janelle; Yates, David
    This study investigates how structural, legal, and organizational dynamics erode user privacy in Direct-to-Consumer Genetic Testing (DTC-GT), using 23andMe as a critical case. We categorize privacy risks into three harm types: knowledge harms, autonomy and trust harms, and data misuse harms. Our analysis focuses on 23andMe’s 2023 cyberattack, data-sharing practices that changed over time, and the privacy consequences of its 2025 bankruptcy and sale. The breach exposed 6.9 million genetic profiles, many of which were later sold on illicit forums. These privacy risks stem from opaque consent mechanisms, affiliate transfers, and the sale of genetic data in bankruptcy. Regulatory gaps and permissive contracts further enable third-party access, often contradicting consumer-facing assurances. To explain how such vulnerabilities accumulate, we introduce the construct of privacy fragility, which captures how delayed breach responses, irrevocable data permissions, and commercial failure interact to undermine institutional safeguards. We argue these are not isolated failures but interconnected conditions that systematically weaken privacy protections. Our findings support a roadmap of legal, technical, and behavioral mitigations tailored to high-risk platforms. By tracing how privacy protections deteriorate amid shifting business and regulatory pressures, we contribute a scalable framework for evaluating privacy risk in consumer data ecosystems. This framework underscores the urgent need for adaptive governance, particularly in underregulated markets like DTC-GT where data sensitivity is high and user protections remain weak.
  • Thumbnail Image
    Item type: Item ,
    Introduction to the Minitrack on Governing the Digital Commons
    (2026-01-06) Frischmann, Brett; Strandburg, Katherine; Sanfilippo, Madelyn Rose; Madison, Michael