The Meaning and Value of Privacy

Our privacy is under assault. Businesses are collecting an unprecedented amount of personal data, recording the items we buy at the supermarket, the books we buy online, our web surfing activity, our financial transactions, the movies we watch, the videos we rent, and much more. Nearly every organization and company we interact with now has tons of personal data about us. Companies we’ve never heard of also possess profiles of us. Digital dossiers about our lives and personalities are being assembled in distant databases, and they are being meticulously studied and analysed to make judgments about us: What products are we likely to buy? Are we a good credit risk? What price would we be willing to pay for certain items? How good of a customer are we? Are we likely to be cooperative and not likely to return items or complain or call customer service?

Today, government has an unprecedented hunger for personal data. It is tapping into the data possessed by businesses and other organizations, including libraries. Many businesses readily comply with government requests for data. Government agencies are mining this personal data, trying to determine whether a person might likely engage in criminal or terrorist activity in the future based on patterns of behaviour, purchases and interests.2 If a government computer decides that you are a likely threat, then you might find yourself on a watch list, you might have difficulty flying, and there might be further negative consequences in the future.

The threat to privacy involves more than just records. Surveillance cameras are popping up everywhere. It is getting increasingly harder to have an unrecorded moment in public. In the USA, the National Security Agency is engaging in massive telephone surveillance. In the UK, millions of CCTV cameras monitor nearly every nook and cranny of public space.3 At work, many employers monitor nearly everything – every call their employees make, every keystroke they type, every website they visit.

Beyond the government and businesses, we’re increasingly invading each other’s privacy – and exposing our own personal information. The generation of young people growing up today are using blogs and social network websites at an unprecedented rate, spilling intimate details about their personal lives online that are available for anybody anywhere in the world to read.4 The gossip that circulates in high school and college is no longer ephemeral and fleeting – it is now permanently available on the Internet, and it can readily be accessed by doing a Google search under a person’s name.

With all these developments, many are asking whether privacy is still alive. With so much information being gathered, with so much surveillance, with so much disclosure, how can people expect privacy anymore? If we can’t expect privacy, is it possible to protect it? Many contend that fighting for privacy is a losing battle, so we might as well just grin and bear it.

Privacy is often understood narrowly, and these restrictive concepts lead to people neglecting to recognize privacy harms. For example, it may be true that many businesses hold a lot of personal data about you. Does this mean you lack a privacy interest in that data? Those who view privacy narrowly as keeping information totally secret might say that you no longer have privacy in information that others possess.

But privacy is about much more than keeping secrets. It is also about confidentiality – data can be known by others, yet we have social norms about maintaining that information in confidence. For example, although librarians know information about the books we read, they understand that they have an obligation to keep the information confidential. Doctors know our medical information, but they, too, are under a duty of confidentiality.

Privacy also involves maintaining data security. Those who possess data should have an obligation to keep it secure and out of the hands of identity thieves and fraudsters. They should have an obligation to prevent data leaks.

Another dimension of privacy is having control over our information. Just because companies and the government have data about you doesn’t mean that they should be allowed to use it however they desire. We can readily agree that they shouldn’t be able to use personal information to engage in discrimination. The law can and should impose many other limits on the kinds of decisions that can be made using personal data.

Those that use data about us should have the responsibility of notifying us about the data they have and how they plan to use it. People should have some say in how their information is used. There needs to be better ‘data due process’. Currently, innocent people are finding themselves on terrorist watch lists and with no recourse to challenge their inclusion on the list. Financial and employment decisions are made about people based on profiles and information they don’t even know exist.

Privacy thus involves more than keeping secrets – it is about how we regulate information flow, how we ensure that others use our information responsibly, how we exercise control over our information, how we should limit the way others can use our data.

Some argue that it is impossible for the law to limit how others use our data, but this is false. Copyright law is a clear example of the law regulating the way information is used and providing control over that data. I’m not suggesting that copyright law is the answer to privacy, but it illustrates that it is possible for the law to restrict uses of data if it wants to.

We can protect privacy, even in light of all the collection, dissemination and use of our information. And it is something we must do if we want to protect our freedom and intellectual activity in the future. But how? The first steps involve rethinking the concept and value of privacy.

Many attempts to conceptualize privacy do so by attempting to locate the common denominator for all things we view as private. This method of conceptualizing privacy, however, faces a difficult dilemma. If we choose a common denominator that is broad enough to encompass nearly everything, then the conception risks the danger of being overinclusive or too vague. If we choose a narrower common denominator, then the risk is that the conception is too restrictive.

There is a way out of this dilemma: We can conceptualize privacy in a different way. The philosopher Ludwig Wittgenstein argued that some concepts are best understood as family resemblances – they include things that ‘are related to one another in many different ways’.5 Some things share a network of similarities without one particular thing in common. They are related in the way family members are related. You might have your mother’s eyes, your brother’s hair, your sister’s nose – but you all might not have one common feature. There is no common denominator. Nevertheless, you bear a resemblance to each other.6 We should understand privacy in this way. Privacy is not one thing, but a plurality of many distinct yet related things.

One of the key issues in developing a theory of privacy is how to deal with the variability of attitudes and beliefs about privacy. Privacy is a product of norms, activities, and legal protections. As a result, it is culturally and historically contingent. For example, it is widely accepted today that the naked body is private in the sense that it is generally concealed. But that was far from the case in ancient Greece and Rome. At the gymnasium in ancient Greece, people exercised in the nude. In ancient Rome, men and women would bathe naked together.7 In the Middle Ages, people bathed in front of others and during social gatherings.8 Norms about nudity, bathing and concealing bodily functions have varied throughout history and in different cultures. Likewise, although the home has long been viewed as a private space, in the past it was private in a different way than it is now. Until the seventeenth century, many homes merely consisted of one large room where there was scant seclusion for ‘private’ activities such as sex and intimacy. A married couple would often sleep in the same bed as their children, and would share it with houseguests.9 Like the body, the home is not inherently private – at least not in the same way we view it as private today.

Many theories of privacy focus on the nature of the information or matter involved. They seek to identify various types of information and matters that are private. But as I illustrated with the body and the home, no particular kind of information or matter is inherently private. Others contend that we should define privacy with the reasonable expectation of privacy test. This method defines privacy based on expectations that society considers reasonable. This is the prevailing method that American courts, as well as courts in many other countries and the European Court of Human Rights, use to identify privacy interests protected by the Fourth Amendment as well as other areas of law.10

But how are reasonable expectations of privacy to be determined? The US Supreme Court has never engaged in empirical evidence when applying the reasonable expectation of privacy test. It merely guesses at what society expects. One way of determining societal expectations is to take polls. But people’s stated views about privacy often differ dramatically from their actions. A person might say she values privacy greatly, but then she’ll trade away her personal data for tiny discounts or minor increases in convenience. For this reason, others contend that we should examine behavioural data rather than polls. There are several factors, however, that make people’s behaviour unreliable as a measure for their views on privacy. In many circumstances, people relinquish personal information to businesses because they don’t have much of a choice or because they lack knowledge about how the information will be used in the future.

Even with a reliable way of measuring societal expectations of privacy, such expectations only inform us about existing privacy norms. Privacy law and policy depend on more than merely preserving current expectations. The history of communications privacy best illustrates this point. In colonial America, mail was often insecure. Letters, sealed only with wax, left many people concerned that they were far from secure. For example, Thomas Jefferson, Alexander Hamilton and George Washington all complained about the lack of confidentiality in their correspondence.11 Despite the expectation that mail was not very private, the law evolved to provide strong protection of the privacy of letters. Benjamin Franklin, the colonial postmaster general before the Revolution, made postal workers take an oath not to open mail.12 After the Revolution, the US Congress passed several statutes to protect the privacy of letters. In 1877, the US Supreme Court held that the Fourth Amendment protected sealed parcels despite the fact that people handed them to the government for delivery.13 The extensive protection of the privacy of written correspondence stemmed from a public desire to keep them private, not from an expectation that they were already private.

A similar story can be told with electronic communications. Concerns over telegraph privacy were legion in its early days during the mid-nineteenth century. Laws in almost every state ensured that telegraph employees could not improperly disclose telegrams. State laws also prohibited the interception of telegraph communications. During the telephone’s early days, calls were far from private. Until well into the twentieth century, many people had party lines – telephone lines that were shared among a number of households. There were rampant concerns about eavesdropping and wiretapping. Legislatures responded by passing laws to protect the privacy of phone communications. More than half the states had made wiretapping a crime by the early twentieth century.

The moral of the story is that communications became private because people wanted them to be private. Privacy is not just about what people expect but about what they desire. Privacy is something we construct through norms and the law. Thus, we call upon the law to protect privacy because we experience a lack of privacy and desire to rectify that situation, not because we already expect privacy.

What, then, should we focus on when seeking to understand privacy? I contend that the focal point for a theory of privacy should be on the problems we want the law to address. According to John Dewey, philosophical inquiry begins with problems in experience, not with abstract universal principles.

A theory of privacy should focus on the problems that create a desire for privacy. Privacy problems arise when the activities of the government, businesses, organizations and other people disrupt the activities of others. Real problems exist, yet they are often ignored because they do not fit into a particular conception of privacy. Many problems are not even recognized because courts or policymakers can’t identify a ‘privacy’ interest involved. Instead of pondering the nature of privacy in the abstract, we should begin with concrete problems and then use theory as a way to better understand and resolve these problems. In my new book, Understanding Privacy, I develop a framework for recognizing privacy problems, and I identify and examine such problems.

There are four basic groups of harmful activities: (1) information collection, (2) information processing, (3) information dissemination, and (4) invasion. Each of these groups consists of different related subgroups of harmful activities.

I have arranged these groups around a model that begins with the data subject – the individual whose life is most directly affected by the activities classified in the taxonomy. From that individual, various entities (other people, businesses and the government) collect information. The collection of this information itself can constitute a harmful activity, though not all information collection is harmful. Those that collect the data (the ‘data holders’) then process it – that is, they store, combine, manipulate, search, and use it. I label these activities ‘information processing’. The next step is ‘information dissemination’, in which the data holders transfer the information to others or release the information. The general progression from information collection to processing to dissemination is the data moving further away from the individual’s control. The last grouping of activities is ‘invasions’, which involve impingements directly on the individual. Instead of the progression away from the individual, invasions progress towards the individual and do not necessarily involve information. The relationship between these different groupings is depicted in the figure.

The first group of activities that affect privacy is information collection. Surveillance is the watching, listening to, or recording of an individual’s activities. Interrogation consists of various forms of questioning or probing for information.

A second group of activities involves the way information is stored, manipulated and used – what I refer to collectively as ‘information processing’. Aggregation involves the combination of various pieces of data about a person. Identification is linking information to particular individuals. Insecurity involves carelessness in protecting stored information from leaks and improper access. Secondary use is the use of collected information for a purpose different from the use for which it was collected without the data subject’s consent. Exclusion concerns the failure to allow the data subject to know about the data that others have about her and participate in its handling and use. These activities do not involve the gathering of data because it has already been collected. Instead, these activities involve the way data is maintained and used.

The third group of activities involves the dissemination of information. Breach of confidentiality is breaking a promise to keep a person’s information confidential. Disclosure involves the revelation of truthful information about a person that affects the way others judge her reputation. Exposure involves revealing another’s nudity, grief, or bodily functions. Increased accessibility is amplifying the accessibility of information. Blackmail is the threat to disclose personal information. Appropriation involves the use of the data subject’s identity to serve another’s aims and interests. Distortion consists of disseminating false or misleading information about individuals. Information-dissemination activities all involve the spreading or transfer of personal data or the threat to do so.

The fourth and final group of activities involves invasions into people’s private affairs. Invasion, unlike the other groupings, need not involve personal information (although in numerous instances, it does). Intrusion concerns invasive acts that disturb one’s tranquillity or solitude. Decisional interference involves incursion into the data subject’s decisions regarding her private affairs.

Privacy is not one thing, but many distinct but related things. For too long, policymakers and others have viewed privacy too myopically and narrowly, failing to recognize many important privacy problems. Understanding privacy in a more pluralistic manner will hopefully improve the way privacy problems are recognized and addressed.

Framing privacy exclusively in individualistic terms often results in privacy being under-valued in utilitarian balancing, which is the predominant way policymakers resolve conflicts between various interests. When individual interests are pitted against the common good, the latter often wins out. The interests often in tension with privacy – free speech, efficient consumer transactions, or security – are frequently understood as valuable for all of society. Privacy, in contrast, is seen as a zone of respite for the sake of the individual.

There is a way, however, to justify privacy from a utilitarian basis. Pragmatist philosopher John Dewey has articulated the most coherent theory of how protecting individual rights furthers the common good. For Dewey, there is no strict dichotomy between individual and society. The individual is shaped by society, and the good of both the individual and society are often interrelated rather than antagonistic: ‘We cannot think of ourselves save as to some extent social beings. Hence we cannot separate the idea of ourselves and our own good from our idea of others and of their good.’16 Dewey contended that the value of protecting individual rights emerges from their contribution to society. In other words, individual rights are not trumps, but are protections by society from its intrusiveness. Society makes space for the individual because of the social benefits this space provides. Therefore, Dewey argues, rights should be valued based on ‘the contribution they make to the welfare of the community’.17 Otherwise, in any kind of utilitarian calculus, individual rights would not be valuable enough to outweigh most social interests, and it would be impossible to justify individual rights. As such, Dewey argued, we must insist upon a ‘social basis and social justification’ for civil liberties.18

I contend, like Dewey, that the value of protecting the individual is a social one. Society involves a great deal of friction, and we are constantly clashing with each other. Part of what makes a society a good place in which to live is the extent to which it allows people freedom from the intrusiveness of others. A society without privacy protection would be suffocating, and it might not be a place in which most would want to live. When protecting individual rights, we as a society decide to hold back in order to receive the benefits of creating the kinds of free zones for individuals to flourish.

As Spiros Simitis declares, ‘privacy considerations no longer arise out of particular individual problems; rather, they express conflicts affecting everyone’.19 Privacy, then, is not the trumpeting of the individual against society’s interests but the protection of the individual based on society’s own norms and practices. Privacy is not simply a way to extricate individuals from social control, as it is itself a form of social control that emerges from the norms and values of society.

We protect individual privacy as a society because we recognize that a good society protects against excessive intrusion and nosiness into people’s lives. Norms exist not to peak into our neighbour’s windows or sneak into people’s houses. Privacy is thus not an external restraint on society but is in fact an internal dimension of society.20 Therefore, privacy has a social value. Even when it protects the individual, it does so for the sake of society. It thus should not be weighed as an individual right against the greater social good. Privacy issues involve balancing societal interests on both sides of the scale.

Because privacy involves protecting against a plurality of different harms or problems, the value of privacy is different depending upon which particular problem or harm is being protected. Not all privacy problems are equal; some are more harmful than others. Therefore, we cannot ascribe an abstract value to privacy. Its value will differ substantially depending upon the kind of problem or harm we are safeguarding against. Thus, to understand privacy, we must conceptualize it and its value more pluralistically. Privacy is a set of protections against a related set of problems. These problems are not all related in the same way, but they resemble each other. There is a social value in protecting against each problem, and that value differs depending upon the nature of each problem.