related
Guides:

Censorship

Economy

Governance




related
Profiles:

Human
Rights

     issues and conundrums

This page considers particular privacy issues.

It covers -

• introduction
• a fundamental right?
• areas of concern
• perceptions
• the evolving privacy landscape

     introduction

Information is the primary commodity in the information economy.

As a result disagreement about privacy - who controls much of that information - is a central feature of debate about regulation of cyberspace. It is also a key area of uncertainty for business and consumers. 

That uncertainty reflects an innate tension - many consumers want the benefits of being a 'market of one' (which presupposes other entities are familiar with their needs/tastes) without surrendering control of that data. It reflects community ambivalence about the media and celebrity (many people cherish their own privacy but endorse abuses by paparazzi or Megan's Law registers), examined later in this guide and in a supplementary profile.

It also reflects the slow emergence of digital rules of the road - do we rely on legislation (which model), are stories of abuse legitimate, do we develop a brave new lex informatica or instead - as suggested by Stuart Biegel in Beyond Our Control? Confronting the Limits of Our Legal System in the Age of Cyberspace (Cambridge: MIT Press 2001) - build viable national/international regimes by 'muddling through'.

US scholar Lillian Bevier commmented that

privacy is a chameleon-like word, used denotatively to designate a range of wildly disparate interests - from confidentiality of personal information to reproductive autonomy - and connatively to generate goodwill on behalf of whatever interest is being asserted in its name

     a fundamental right?

Is privacy a fundamental right?

US business advocacy group Privacilla for example answers no �

Privacy is actually a value that is protected by the right to control one's personal information. In general, people use their right to property in their persons � controlling their actions � to protect personal information consistent with their senses of privacy. This is how privacy fits into a scheme of fundamental rights. Privacy results from the exercise of a property right in personal information.

Others distinguish between informational privacy (the "claim of individuals, groups or institutions to determine for themselves when, how, and to what extent information about them is communicated to others") and financial privacy (the "rights of individuals to control the collection, storing, use, and dissemination of information concerning their personal financial affairs by financial institutions and third parties").

Some advocates, particularly in dealing with emerging technologies such as RFIDs, have taken an overly bleak of regulatory regimes (in particular articulation of principles in privacy law) and the preparedness of some consumers to commoditise their privacy.

One Australian pundit accordingly commented in 2004 that

Existing privacy laws are almost entirely limited to the data privacy, and provide zero protection for the other dimensions of privacy of the person, privacy of personal behaviour, and privacy of personal communications.

Data protection laws were not motivated by human rights, but were created to protect business and government administration from interference by complainants about invasions of privacy. You can see this by reading the preamble to the OECD Guidelines, and the second reading speeches of the various statutes, and of course by reading publications that catalogue the vast array of inadequacies of such laws.

Data protection laws are frozen in the 1970s, and do not deal with technologies that have developed, or been further developed since then.

Online privacy is likely to be contentious for at least a generation. We can expect to see successive legislative amendments and industry codes, punctuated by examples of bad practice in how information is collected, utilised and disseminated. Our advice to clients is to be aware of issues and act strategically.

Privacy, as the following pages note, is culturally conditioned: expectations (and regulation, formal or informal) reflect personal circumstances, historical contingency, cultural values and attributes such as gender, class and sexual affinity. It is not an absolute; it varies from one region to another. One sense of that variation is provided in Dan Burk's 'Privacy and Property in the Global Datasphere' in Information Technology Ethics: Global Perspectives (Hershey: IGI Global 2007) edited by Soraj Hongladarom & Charles Ess.

     areas of concern

This guide centres on online aspects of privacy, particularly principles and practice regarding web sites. However, as we move into a world of pervasive computing (and networking) many of the traditional demarcations are dissolving.

The following pages accordingly encompass five areas -

personal data protection (or information privacy) - rules (including legislation and industry codes) concerned with the collection and handling of personal data such as credit information, and medical and government records.

communication privacy - including privacy of email, voice telecommunications and postal mail

territorial privacy - limits on intrusion into domestic, professional, civil and and recreational environments, including the workplace, public streets, retail premises, libraries and homes. This includes searches, video surveillance and ID checks

locational privacy - regimes for managing geolocation technologies that link an individual to a physical location

bodily privacy - respecting the integrity of an individual's body through restrictions on invasive activity such as cavity searches and (more broadly) genetic or drug testing

associational privacy - what is the impact on democracy (and more broadly on civil society) of political profiling?

Questions of government and commercial secrecy are discussed in the complementary Secrecy guide.

     perceptions

The penultimate page of this guide comments that perceptions of privacy vary considerably, depending on circumstances and whether an individual is referring to his/her privacy or to the privacy of others.

Past Caslon surveys suggest that consumer concerns about privacy equal worries about the security of online purchasing/payment as a major roadblock for Australian electronic commerce. 

Over 80% of the top 200 Australian sites seek personal information but fewer than 10% have a privacy policy that meets the national Privacy Commissioner's principles. Government agencies sometimes have the legal boilerplate but don't practice what they preach. (One major offender, for example, proudly proclaimed that it was a totally cookie free site, after we'd encountered three cookies en route to that proclamation).

Overseas studies demonstrate that privacy is one of the major potholes in the information highway. Some show that consumers (individuals and businesses) refuse to interact with many sites that demand particular information. That is a problem, because the competitor may be just a few clicks away. Others show that users respond by supplying false information. Others fuel a growing demand for more comprehensive and more effective regulation.

Scott McNealey of Sun claims that privacy is already history: it is gone, so get over it. Solveig Singleton's Privacy as Censorship: A Skeptical View of Proposals to Regulate Privacy in the Private Sector, a paper for the US Cato Institute, argues that there is "little to fear from private collection and transfer of consumer information", a view contested in Wolfgang Sofsky's Privacy: A Manifesto (Princeton: Princeton Uni Press 2008) and Daniel Solove's persuasive Understanding Privacy (Cambridge: Harvard Uni Press 2008). 

Singleton's assertion is inconsistent with statements by industry leaders and with a history of government responses to bad practice. 

It is clear that new technology, such as automated collection of data about online activity, large-scale data profiling and data trading, offers significant opportunities for privacy abuses. It also provides a major incentive, in an environment where the right information may be the crucial factor in a sale or an election. Ontario Privacy Commissioner Ann Cavoukian's paper Privacy: The Key to Electronic Commerce and paper on Data Mining: Staking a Claim on Your Privacy illustrate those points.

More importantly, it is inconsistent with consumer and business perceptions that there are substantive concerns. Irrespective of whether those concerns are firmly based in reality - and documents highlighted in the following pages demonstrate that there are problems - the perceptions need to be addressed.

Theorists such as David Brin, author of The Transparent Society (Reading: Perseus Books 1998), argue that if privacy is history, that is not the issue. For them the issue is equality of exposure. Data harvesters know quite a lot about you; you know very little about them and to conduct a normal life you can not escape their invisible clutches. James Katz's 1996 paper on Understanding communication privacy: Unlisted telephone subscribers in the United States notes that in Japan and Europe there are few unlisted numbers compared to the US (where around 25% of numbers unlisted nationally and 33% in California are unlisted).

In practice the information liberationism espoused by Brin or Brian Martin - eliminate the mass media, abolish intellectual property, abandon concepts such as defamation? - is unlikely to extend beyond a few enthusiasts. Most users of the web will need to grapple with issues discussed in the following pages.  

     the evolving privacy landscape

The nature of privacy - and the scope for abuses such as spam - have changed over time. As George Williams notes in his lucid Human Rights Under The Australian Constitution (Melbourne: Oxford Uni Press 1999), privacy is not enshrined in the constitution. Instead there is a patchwork of individual Commonwealth and State/Territory legislation and guidelines. 

That regime was initially restricted to the public sector; it is being progressively - some say haphazardly and too slowly - extended to cover the private sector. It is being driven by consumer and business concerns. 

It is also being driven by overseas legislation, in particular the EU Data Directive (reflected in Canada and New Zealand), and guidelines such as the OECD Guidelines on the Protection of Privacy & Transborder Flows of Personal Data (GPPD) examined by Graham Greenleaf in his paper on Stopping Surveillance: Beyond 'efficiency' & the OECD.

In the US, home of privacy luddites such as the Cato Institute, there is a powerful move to extend existing international agreements such as Safe Harbor to cover domestic markets. 

The 2003 Americans & Online Privacy: The System is Broken study (PDF) notes that despite strong concerns about privacy, 64% of online US adults expressing concern about privacy have, however, never searched for information about how to protect their information on the web. 40% say that they know "almost nothing" about stopping sites from collecting information about them, 26% say they know just "a little" and a mere 9% claim to "know a lot".

Lawrence Lessig, author of the influential Code & Other Laws of Cyberspace (New York: Basic Books 1999) wrote in 2001 that

... after years of inaction, Congress is finally coming to see that privacy on the internet won't take care of itself. The mystery isn't that self-regulation failed; the mystery is why anyone thought it would succeed. Data is money. It is a resource that the present architecture of the net gives away for free. And just as the industrialists of the 19th century were not about to give up free air and water without legislative intervention (read: pollution laws), so too will net commerce not relinquish free data in the name of something as obscure as privacy.

In Australia, whether we like it or not, privacy is an issue. Australians need to understand why that is so and need to act accordingly, as information owners, users and intermediaries.



   next page   (principles)