What is privacy? This is a central question to answer, because a conception of privacy underpins every attempt to address it and protect it. Every court that holds that something is or isn’t privacy is basing its decision on a conception of privacy — often unstated.
Privacy laws are also based on a conception of privacy, which informs what things the laws protect. Decisions involving privacy by design also involve a conception of privacy. When privacy is “baked into” products and services, there must be some understanding of what is being baked in.
Far too often, conceptions of privacy are too narrow, focusing on keeping secrets or avoiding disclosure of personal data. Privacy is much more than these things. Overly narrow conceptions of privacy lead to courts concluding that there is no privacy violation when something doesn’t fit the narrow conception.
Narrow or incomplete conceptions of privacy lead to laws that fail to address key problems. Privacy by design can involve throwing in a few things and calling it “privacy,” but this is like cooking a dish that requires 20 ingredients but only including 5 of them.
It is thus imperative to think through what privacy is. If you have an overly narrow or incomplete conception of privacy, you’re not going to be able to effectively identify privacy risks or protect privacy.
In my work, I have attempted to develop a practical and useable conception of privacy. In what follows, I will briefly describe what I have developed.
Privacy is a product of norms, activities, and legal protections. Privacy is about respecting the desires of individuals where compatible with the aims of the larger community. Privacy is not just about what people expect but about what they desire. Privacy is not merely an individual right – it is an important component of any flourishing community. Privacy is valuable to a community because it provides space for individuals away from the constant impingement of the community. Without this zone of freedom, the community can become oppressive and stifling to people’s freedom and welfare.
Privacy is not one thing, but a cluster of many distinct yet related things. Privacy involves the control, use, and disclosure of personal information. It involves issues such as surveillance, online gossip, identity theft, data security, online behavioral advertising, Big Data, access to records, use of cloud computing services, and much more.
In my book, Understanding Privacy (Harvard University Press 2008), I set forth a taxonomy of the different kinds of related things that fall under the rubric of privacy.
The means and process of gathering data can create privacy problems.
Surveillance is the watching, listening to, or recording of an individual’s activities. It can chill expression and political activity, give too much power to the watchers, and make people feel creepy and inhibited.
Interrogation consists of various forms of questioning or probing for information. It can be too prying and coercive in some circumstances.
Those who hold personal data process it — they store it, combine it, manipulate it, search it, use it, and do many other things with it. The manner in which they process personal data can create a host of privacy problems.
Aggregation involves the combination of various pieces of data about a person. Aggregation can create a privacy problem because combining data can reveal facts about a person that are not readily known and that a person did not expect to be known when providing the data.
Identification is linking information to particular individuals. Identification can inhibit one’s ability to be anonymous or pseudonymous.
Insecurity involves carelessness in protecting stored information from being leaked or improperly accessed. This makes people more vulnerable to fraud and identity theft.
Secondary use is the use of information collected for one purpose for a different purpose without a person’s consent. Secondary creates a harm, as it involves using information in ways a person does not consent to and might not find desirable.
Exclusion concerns the failure to allow people to know about the data that others have about them and participate in its handling and use. Exclusion reduces accountability among the entities that maintain records about individuals.
Privacy problems can be created when personal data is transferred or disclosed – and even when there is a threat it will be exposed. The nature of the dissemination can create many different problems:
Breach of confidentiality is breaking the promise to keep a person’s information confidential.
Disclosure involves the revelation of truthful information about a person.
Exposure involves revealing another’s nudity, grief, or bodily functions.
Increased accessibility is amplifying the accessibility of information. Much of our information is protected by practical obscurity – it’s hard to find it. By taking the needles out of the haystack, we greatly increase the exposure of people’s personal information.
Blackmail is the threat to disclose personal information. With blackmail, the harm is not in the actual disclosure of the information, but in the control exercised by the one who makes the threat.
Appropriation involves the dissemination of certain information about a person to serve the aims and interests of another.
Distortion consists of the dissemination of false or misleading information about individuals. Many privacy statutes have provisions for the accuracy of personal information in record systems.
Certain activities create impingements directly to the individual, interfering with the individual’s private life.
Intrusion concerns invasive acts that disturb one’s tranquility or solitude.
Decisional interference involves the government’s incursion into people’s decisions regarding their private affairs.
* * * *
None of the above activities are inherently bad. Nor is privacy inherently good. The interests that sometimes conflict with privacy – free speech, security, transparency, and efficient consumer transactions – are all quite valuable. We must balance the value of privacy and conflicting interests to determine which should prevail in any particular situation.
Excluding or ignoring various dimensions of privacy generates bad policy results. If a problem isn’t identified, then balancing might never take place or privacy might be undervalued in the balance.
In many cases, protecting privacy does not involve a zero-sum tradeoff. We can protect privacy without sacrificing a conflicting interest if we have procedures and limitations that address the problems. For example, the Fourth Amendment protects privacy not by forbidding the government from searching but by requiring procedures of oversight and limitation.
So whether or not you agree with my theory of privacy, take the time to think deeply about what privacy is. It is essential to any meaningful discussion about how to protect privacy or weigh it against other interests.
Professor Daniel J. Solove, an internationally-acclaimed expert in security and privacy, is the John Marshall Harlan Research Professor of Law at the George Washington Law School. Professor Solove founded and is CEO of TeachPrivacy, which develops computer-based privacy training, data security training, HIPAA training, and many other forms of awareness training on privacy and security topics.
Professor Solove is the organizer, along with Paul Schwartz of the Privacy + Security Forum (Oct. 21-23 in Washington, DC), an event that aims to bridge the silos between privacy and security.