It is not an understatement that technology has dramatically altered virtually every aspect of our life in recent years. While technology has always driven change, these changes are occurring more rapidly and more extensively than ever before. We are fully entrenched in the world of Big Data, the Internet of Things, and Smart Cities--and we are never going back. As always, society and its laws must evolve, but it is not always an easy process.
The notion of privacy has certainly changed in our data-driven world and continues to change daily. While it has always been difficult to define exactly what privacy is, it is even more difficult to propose what privacy should become. Technology and its uses--or abuses--are altering the notion of privacy into something that may be unrecognizable in the near future.
Studies show that people say they are still concerned about privacy, but their behavior does not reflect that. (1) Like any value, the importance of privacy varies from person to person. This makes it even more difficult to establish a one-size-fits-all concept of privacy. This paper explores some of the historical, legal, and ethical development of privacy; discusses how some of the normative values of privacy may survive or change; and examines how outrage has been--and will continue to be--a driver of such change.
While a legally protected right to privacy in the United States traces its roots back little more than a century and a quarter, (2) privacy as a social value or norm arguably has roots as old as humankind. In fact, one of the fathers of the notion of modern privacy, Alan Westin, believed that the importance of privacy as a basic characteristic is seen even among other species in the animal kingdom--"men and animals share several basic mechanisms for claiming privacy among their own fellows." (3)
Westin described four basic states of privacy: 1) solitude--the desire of an individual to separate from the group and be free, at least temporarily, from observation by others; 2) intimacy--the ability of an individual to have a close relationship with someone else in a pairing (e.g., marriage) or small group (e.g., family); 3) anonymity--the ability of a person to participate in a public forum or venue, while being free from identification or surveillance; and 4) reserve--the most subtle state, the "creation of a psychological barrier against unwanted intrusion." (4) Westin also defined privacy as "the claim of individuals, groups, or institutions to determine for themselves when, how, and to what extent information about them is communicated to others." (5) We will see that this becomes a dominant theme in privacy scholarship and is certainly relevant today.
Charles Fried stated that "[p]rivacy is not simply an absence of information about what is in the minds of others; rather it is the control we have over information about ourselves." (6) Similarly, Ruth Gavison described privacy as a form of limiting access to oneself, and stated that the "concept of privacy... is a complex of... three independent and irreducible elements: secrecy, anonymity, and solitude." (7)
More recently Daniel Solove summarized six different conceptions of privacy: 1) the right to be left alone; 2) limited access to the self; 3) secrecy; 4) control over personal information; 5) personhood--"the protection of one's personality, individuality, and dignity;" and 6) intimacy. (8) He noted that there may be overlap between and among the conceptions and that they are not independent of one another, "[f]or example, control over personal information can be seen as a subset of limited access to the self, which in turn bears significant similarities to the right to be let alone." (9)
There have been many different approaches to describing what privacy is and what privacy should be throughout history (10). It is a fundamental aspect of humankind that has evolved and continues to evolve. Technology often drives social change, and with respect to privacy, that has certainly been the case. As society adapts, so does the notion of privacy.
NORMATIVE VALUES OF PRIVACY AND CONTEXT
Robert Post wrote about the normative values of privacy behind the rationale for the four branches of the common law invasion of privacy tort (11.) In discussing the intrusion branch, he cited Erving Goffman's notion of "territories" or "preserves" that help define a space in which someone could expect to have privacy (12). These spaces are not defined by objective standards like feet or inches, but rather by subjective standards that are socially determined based upon context. In discussing the public disclosure branch, he again refers to Goffman's notion of "information preserves" or "boundaries" within which information is contained and which are normatively determined (13). "[J]ust as individuals expect to control certain spatial territories, so they expect to control certain informational territories." (14) The boundaries of these information spaces are determined by local custom and by "the norm of the ordinary man" and are important in defining the standards of civility which support the public disclosure tort. (15) "Information preserves, like spatial territories, provide a normative framework for the development of individual personality. Just as we feel violated when our bedrooms are invaded, so we experience the inappropriate disclosure of private information as 'pollutions or defilements'". (16)
Jeffrey Rosen continued the theme of privacy and context, describing how, in "a world of short attention spans," information can easily be taken out of context. (17) If personal information is shared in a group of people familiar with the subject of the information, they can digest that information in context, weighing it against other information they know about that person's character and personality (18). If, however, that same information is shared with strangers, there is no context against which the information can be judged (19).
In her classic paper, Privacy as Contextual Integrity, Helen Nissenbaum emphasized the importance of context: "A central tenet of contextual integrity is that there are no arenas of life not governed by norms of information flow, no information or spheres of life for which 'anything goes'" (20). Almost everything we do "happens in a context not only of place but of politics, convention, and cultural expectation." (21) In virtually every aspect of our daily life, we move among various spheres, realms, or contexts--being at home with one's family, visiting a doctor, going to church--that are, to various degrees, defined by distinct sets of norms. These spheres "offer a platform for a normative account of privacy in terms of contextual integrity." (22)
Nissenbaum stated that contextual norms can come from various sources, including history, culture and law (23). Many of them involve information. She proposed "two types of informational norms: norms of appropriateness, and norms of flow or distribution. Contextual integrity is maintained when both types of norms are upheld, and it is violated when either of the norms is violated." (24)
Contextual integrity often explains how social values evolve and become part of the social structure and law. Nissenbaum stated that the "context of elections for political office is [an example] of a settled normative framework." (25) There are high expectations of privacy when people vote. They vote without anyone knowing for whom or for what they voted. Unless they decide to share this information, no one else will know. They fully control the flow of information.
In the United States, there are only a few areas in which individuals have control over their information. If it is credit-related, medical-related or pertains to video rental habits (amazingly), laws provide a degree of control over the information flow (26).For the most part, however, if the information pertains to anything else, there is very little law that controls the flow. Changes in law are often driven by changes in values. Is it possible that sufficient change in the normative values of privacy--particularly in the flow of information--can dictate changes in the law? Is it possible that such changes in normative values can sufficiently modify behavior even without changes in the law?
One of the cases that Nissenbaum examined in her 2004 article dealt with consumer profiling and data mining (27). The issues she presented then have only been exacerbated over time. With regard to consumer profiling and data mining, Nissenbaum noted that "the crucial issue is not whether the information is private or public, gathered from private or public settings, but whether the action breaches contextual integrity." (28) With the proliferation of collection of data from sensors, smart phones and the Web, and the advent of Smart Cities, and the trend towards the merger of public and private data, this observation becomes even more significant and more prescient.
Nissenbaum shows how Amazon.com's use of data analytics on information provided to it by its customers arguably does not breach either the norm of appropriateness or the norm of flow (29). A grocer's collection of information about customers' vacation or movie choices might not breach the norm of appropriateness. But if that grocer then sells the information to a data broker, where that information will likely be used out of context, there may very well be breaches of both the norms of appropriateness and flow. Society surpasses these examples from 2004, but is it still possible that our privacy norms can be modified? Can society develop a different value expectation regarding the collection or use of information? Is it possible to develop a new normative expectation of privacy in information?
Adam Moore gives an extreme example of the type of data shifting--or breach of contextual integrity--that Nissenbaum described (30). Actress Rebecca Schaeffer...