Privacy

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search
Privacy may be lessened by surveillance – in this case through CCTV.

Privacy is the ability of an individual or group to seclude themselves or information about themselves, and thereby express themselves selectively.

When something is private to a person, it usually means that something is inherently special or sensitive to them. The domain of privacy partially overlaps with security, which can include the concepts of appropriate use, as well as protection of information. Privacy may also take the form of bodily integrity. The right not to be subjected to unsanctioned invasions of privacy by the government, corporations or individuals is part of many countries' privacy laws, and in some cases, constitutions.

In the business world, a person may volunteer personal details, including for advertising, in order to receive some sort of benefit. Public figures may be subject to rules on the public interest. Personal information which is voluntarily shared but subsequently stolen or misused can lead to identity theft.

The concept of universal individual privacy is a modern concept primarily associated with Western culture, British and North American in particular, and remained virtually unknown in some cultures until recent times. Most cultures, however, recognize the ability of individuals to withhold certain parts of their personal information from wider society, such as closing the door to one's home.

Privacy aspects[edit]

Right to be let alone[edit]

In 1890 the United States jurists Samuel D. Warren and Louis Brandeis wrote The Right to Privacy, an article in which they argued for the "right to be let alone", using that phrase as a definition of privacy.[1] There is extensive commentary over the meaning of being "let alone", and among other ways, it has been interpreted to mean the right of a person to choose seclusion from the attention of others if they wish to do so, and the right to be immune from scrutiny or being observed in private settings, such as one's own home.[1] Although this early vague legal concept did not describe privacy in a way that made it easy to design broad legal protections of privacy, it strengthened the notion of privacy rights for individuals and began a legacy of discussion on those rights.[1]

Limited access[edit]

Limited access refers to a person's ability to participate in society without having other individuals and organizations collect information about them.[2]

Various theorists have imagined privacy as a system for limiting access to one's personal information.[2] Edwin Lawrence Godkin wrote in the late 19th century that "nothing is better worthy of legal protection than private life, or, in other words, the right of every man to keep his affairs to himself, and to decide for himself to what extent they shall be the subject of public observation and discussion."[2][3] Adopting an approach similar to the one presented by Ruth Gavison[4] Nine years earlier,[5] Sissela Bok said that privacy is "the condition of being protected from unwanted access by others—either physical access, personal information, or attention."[2][6]

Control over information[edit]

Control over one's personal information is the concept that "privacy is the claim of individuals, groups, or institutions to determine for themselves when, how, and to what extent information about them is communicated to others." Generally, a person who has consensually formed an interpersonal relationship with another person is not considered "protected" by privacy rights with respect to the person they are in the relationship with. [7][8] Charles Fried said that "Privacy is not simply an absence of information about us in the minds of others; rather it is the control we have over information about ourselves. Nevertheless, in the era of big data, control over information is under pressure.[9]

States of privacy[edit]

Alan Westin defined four states—or experiences—of privacy: solitude, intimacy, anonymity, and reserve. Solitude is a physical separation from others.[10] Intimacy is a "close, relaxed, and frank relationship between two or more individuals" that results from the seclusion of a pair or small group of individuals.[10] Anonymity is the "desire of individuals for times of 'public privacy.'"[10] Lastly, reserve is the "creation of a psychological barrier against unwanted intrusion"; this creation of a psychological barrier requires others to respect an individual's need or desire to restrict communication of information concerning himself or herself.[10]

In addition to the psychological barrier of reserve, Kirsty Hughes identified three more kinds of privacy barriers: physical, behavioral, and normative. Physical barriers, such as walls and doors, prevent others from accessing and experiencing the individual.[11] (In this sense, "accessing" an individual includes accessing personal information about him or her.)[11] Behavioral barriers communicate to others—verbally, through language, or non-verbally, through personal space, body language, or clothing—that an individual does not want them to access or experience him or her.[11] Lastly, normative barriers, such as laws and social norms, restrain others from attempting to access or experience an individual.[11]

Secrecy[edit]

Privacy is sometimes defined as an option to have secrecy. Richard Posner said that privacy is the right of people to "conceal information about themselves that others might use to their disadvantage". [12][13]

In various legal contexts, when privacy is described as secrecy, a conclusion if privacy is secrecy then rights to privacy do not apply for any information which is already publicly disclosed.[14] When privacy-as-secrecy is discussed, it is usually imagined to be a selective kind of secrecy in which individuals keep some information secret and private while they choose to make other information public and not private.[14]

Personhood and autonomy[edit]

Privacy may be understood as a necessary precondition for the development and preservation of personhood. Jeffrey Reiman defined privacy in terms of a recognition of one's ownership of his or her physical and mental reality and a moral right to his or her self-determination.[15] Through the "social ritual" of privacy, or the social practice of respecting an individual's privacy barriers, the social group communicates to the developing child that he or she has exclusive moral rights to his or her body—in other words, he or she has moral ownership of his or her body.[15] This entails control over both active (physical) and cognitive appropriation, the former being control over one's movements and actions and the latter being control over who can experience one's physical existence and when.[15]

Alternatively, Stanley Benn defined privacy in terms of a recognition of oneself as a subject with agency—as an individual with the capacity to choose.[16] Privacy is required to exercise choice.[16] Overt observation makes the individual aware of himself or herself as an object with a "determinate character" and "limited probabilities."[16] Covert observation, on the other hand, changes the conditions in which the individual is exercising choice without his or her knowledge and consent.[16]

In addition, privacy may be viewed as a state that enables autonomy, a concept closely connected to that of personhood. According to Joseph Kufer, an autonomous self-concept entails a conception of oneself as a "purposeful, self-determining, responsible agent" and an awareness of one's capacity to control the boundary between self and other—that is, to control who can access and experience him or her and to what extent.[17] Furthermore, others must acknowledge and respect the self's boundaries—in other words, they must respect the individual's privacy.[17]

The studies of psychologists such as Jean Piaget and Victor Tausk show that, as children learn that they can control who can access and experience them and to what extent, they develop an autonomous self-concept.[17] In addition, studies of adults in particular institutions, such as Erving Goffman's study of "total institutions" such as prisons and mental institutions,[18] suggest that systemic and routinized deprivations or violations of privacy deteriorate one's sense of autonomy over time.[17]

Self-identity and personal growth[edit]

Privacy may be understood as a prerequisite for the development of a sense of self-identity. Privacy barriers, in particular, are instrumental in this process. According to Irwin Altman, such barriers "define and limit the boundaries of the self" and thus "serve to help define [the self]."[19] This control primarily entails the ability to regulate contact with others.[19] Control over the "permeability" of the self's boundaries enables one to control what constitutes the self and thus to define what is the self.[19]

In addition, privacy may be seen as a state that fosters personal growth, a process integral to the development of self-identity. Hyman Gross suggested that, without privacy—solitude, anonymity, and temporary releases from social roles—individuals would be unable to freely express themselves and to engage in self-discovery and self-criticism.[17] Such self-discovery and self-criticism contributes to one's understanding of oneself and shapes one's sense of identity.[17]

Intimacy[edit]

In a way analogous to how the personhood theory imagines privacy as some essential part of being an individual, the intimacy theory imagines privacy to be an essential part of the way that humans have strengthened or intimate relationships with other humans.[20] Because part of human relationships includes individuals volunteering to self-disclose most if not all personal information, this is one area in which privacy does not apply.[20]

James Rachels advanced this notion by writing that privacy matters because "there is a close connection between our ability to control who has access to us and to information about us, and our ability to create and maintain different sorts of social relationships with different people."[20][21] Protecting intimacy is at the core of the concept of sexual privacy, which law professor Danielle Citron argues should be protected as a unique form of privacy.[22]

Personal privacy[edit]

Physical privacy could be defined as preventing "intrusions into one's physical space or solitude."[23] An example of the legal basis for the right to physical privacy is the U.S. Fourth Amendment, which guarantees "the right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures".[24]

Physical privacy may be a matter of cultural sensitivity, personal dignity, and/or shyness. There may also be concerns about safety, if for example one is wary of becoming the victim of crime or stalking.[25]

Organizational[edit]

Government agencies, corporations, groups/societies and other organizations may desire to keep their activities or secrets from being revealed to other organizations or individuals, adopting various security practices and controls in order to keep private information confidential. Organizations may seek legal protection for their secrets. For example, a government administration may be able to invoke executive privilege[26] or declare certain information to be classified, or a corporation might attempt to protect valuable proprietary information as trade secrets.[24]

History[edit]

Privacy has historical roots in philosophical discussions, the most well-known being Aristotle's distinction between two spheres of life: the public sphere of the polis, associated with political life, and the private sphere of the oikos, associated with domestic life.[27] More systematic treatises of privacy in the United States did not appear until the 1890s, with the development of privacy law in America.[27]

Technology[edit]

Advertisement for dial telephone service available to delegates to the 1912 Republican convention in Chicago. A major selling point of dial telephone service was that it was "secret", in that no operator was required to connect the call.

As technology has advanced, the way in which privacy is protected and violated has changed with it. In the case of some technologies, such as the printing press or the Internet, the increased ability to share information can lead to new ways in which privacy can be breached. It is generally agreed that the first publication advocating privacy in the United States was the article by Samuel Warren and Louis Brandeis, "The Right to Privacy",[28] that was written largely in response to the increase in newspapers and photographs made possible by printing technologies.[29]

New technologies can also create new ways to gather private information. For example, in the United States it was thought that heat sensors intended to be used to find marijuana-growing operations would be acceptable. However, in 2001 in Kyllo v. United States (533 U.S. 27) it was decided that the use of thermal imaging devices that can reveal previously unknown information without a warrant does indeed constitute a violation of privacy.[30]

Internet[edit]

The Internet has brought new concerns about privacy in an age where computers can permanently store records of everything: "where every online photo, status update, Twitter post and blog entry by and about us can be stored forever", writes law professor and author Jeffrey Rosen.[31]

This currently has an effect on employment. Microsoft reports that 75 percent of U.S. recruiters and human-resource professionals now do online research about candidates, often using information provided by search engines, social-networking sites, photo/video-sharing sites, personal web sites and blogs, and Twitter. They also report that 70 percent of U.S. recruiters have rejected candidates based on internet information. This has created a need by many to control various online privacy settings in addition to controlling their online reputations, both of which have led to legal suits against various sites and employers.[31]

The ability to do online inquiries about individuals has expanded dramatically over the last decade. Facebook for example, as of August 2015, was the largest social-networking site, with nearly 1,490 million members, who upload over 4.75 billion pieces of content daily. Over 83.09 million accounts were fake. Twitter has more than 316 million registered users and over 20 million are fake users. The Library of Congress recently announced that it will be acquiring—and permanently storing—the entire archive of public Twitter posts since 2006, reports Rosen.[31]

Importantly, directly observed behaviour, such as browsing logs, search queries, or contents of the Facebook profile can be automatically processed to infer secondary information about an individual, such as sexual orientation, political and religious views, race, substance use, intelligence, and personality.[32]

According to some experts, many commonly used communication devices may be mapping every move of their users. Senator Al Franken has noted the seriousness of iPhones and iPads having the ability to record and store users' locations in unencrypted files,[33] although Apple denied doing so.[34]

Andrew Grove, co-founder and former CEO of Intel Corporation, offered his thoughts on internet privacy in an interview published in May 2000:[35]

Privacy is one of the biggest problems in this new electronic age. At the heart of the Internet culture is a force that wants to find out everything about you. And once it has found out everything about you and two hundred million others, that's a very valuable asset, and people will be tempted to trade and do commerce with that asset. This wasn't the information that people were thinking of when they called this the information age.

Actions which reduce privacy[edit]

As with other concepts about privacy, there are various ways to discuss what kinds of processes or actions remove, challenge, lessen, or attack privacy. In 1960 legal scholar William Prosser created the following list of activities which can be remedied with privacy protection:[36][37]

  1. Intrusion into a person's private space, own affairs, or wish for solitude[36]
  2. Public disclosure of personal information about a person which could be embarrassing for them to have revealed[36]
  3. Promoting access to information about a person which could lead the public to have incorrect beliefs about them[36]
  4. Encroaching someone's personality rights, and using their likeness to advance interests which are not their own[36]

Building from this and other historical precedents, Daniel J. Solove presented another classification of actions which are harmful to privacy, including collection of information which is already somewhat public, processing of information, sharing information, and invading personal space to get private information.[38]

Collecting information[edit]

In the context of harming privacy, information collection means gathering whatever information can be obtained by doing something to obtain it.[39] Surveillance is an example of this, when someone decides to begin watching and recording someone or something, and interrogation is another example of this, when someone uses another person as a source of information.[39]

Aggregating information[edit]

It can happen that privacy is not harmed when information is available, but that the harm can come when that information is collected as a set then processed in a way that the collective reporting of pieces of information encroaches on privacy.[40] Actions in this category which can lessen privacy include the following:[40]

  • data aggregation, which is connecting many related but unconnected pieces of information[40]
  • identification, which can mean breaking the de-identification of items of data by putting it through a de-anonymization process, thus making facts which were intended to not name particular people to become associated with those people[40]
  • insecurity, such as lack of data security, which includes when an organization is supposed to be responsible for protecting data instead suffers a data breach which harms the people whose data it held[40]
  • secondary use, which is when people agree to share their data for a certain purpose, but then the data is used in ways without the data donors’ informed consent[40]
  • exclusion is the use of a person's data without any attempt to give the person an opportunity to manage the data or participate in its usage[40]

Information dissemination[edit]

Count not him among your friends who will retail your privacies to the world.

Information dissemination is an attack on privacy when information which was shared in confidence is shared or threatened to be shared in a way that harms the subject of the information.[40]

There are various examples of this.[40] Breach of confidentiality is when one entity promises to keep a person's information private, then breaks that promise.[40] Disclosure is making information about a person more accessible in a way that harms the subject of the information, regardless of how the information was collected or the intent of making it available.[40] Exposure is a special type of disclosure in which the information disclosed is emotional to the subject or taboo to share, such as revealing their private life experiences, their nudity, or perhaps private body functions.[40] Increased accessibility means advertising the availability of information without actually distributing it, as in the case of doxxing.[40] Blackmail is making a threat to share information, perhaps as part of an effort to coerce someone.[40] Appropriation is an attack on the personhood of someone, and can include using the value of someone's reputation or likeness to advance interests which are not those of the person being appropriated.[40] Distortion is the creation of misleading information or lies about a person.[40]

Invasions[edit]

Invasion of privacy, a subset of expectation of privacy, is a different concept from the collecting, aggregating, and disseminating information because those three are a misuse of available data, whereas invasion is an attack on the right of individuals to keep personal secrets.[40] An invasion is an attack in which information, whether intended to be public or not, is captured in a way that insults the personal dignity and right to private space of the person whose data is taken.[40]

An intrusion is any unwanted entry into a person's private personal space and solitude for any reason, regardless of whether data is taken during that breach of space.[40] "Decisional interference" is when an entity somehow injects itself into the personal decision making process of another person, perhaps to influence that person's private decisions but in any case doing so in a way that disrupts the private personal thoughts that a person has.[40]

Right to privacy[edit]

Privacy uses the theory of natural rights, and generally responds to new information and communication technologies. In North America, Samuel D. Warren and Louis D. Brandeis wrote that privacy is the "right to be let alone" (Warren & Brandeis, 1890) focuses on protecting individuals. This citation was a response to recent technological developments, such as photography, and sensationalist journalism, also known as yellow journalism.[41]

Definitions[edit]

In recent years there have been only few attempts to clearly and precisely define a "right to privacy." Some experts assert that in fact the right to privacy "should not be defined as a separate legal right" at all. By their reasoning, existing laws relating to privacy in general should be sufficient.[42] It has therefore proposed a working definition for a "right to privacy":

The right to privacy is our right to keep a domain around us, which includes all those things that are part of us, such as our body, home, property, thoughts, feelings, secrets and identity. The right to privacy gives us the ability to choose which parts in this domain can be accessed by others, and to control the extent, manner and timing of the use of those parts we choose to disclose.[42]

An individual right[edit]

David Flaherty believes networked computer databases pose threats to privacy. He develops 'data protection' as an aspect of privacy, which involves "the collection, use, and dissemination of personal information". This concept forms the foundation for fair information practices used by governments globally. Flaherty forwards an idea of privacy as information control, "[i]ndividuals want to be left alone and to exercise some control over how information about them is used".[43]

Richard Posner and Lawrence Lessig focus on the economic aspects of personal information control. Posner criticizes privacy for concealing information, which reduces market efficiency. For Posner, employment is selling oneself in the labour market, which he believes is like selling a product. Any 'defect' in the 'product' that is not reported is fraud.[44] For Lessig, privacy breaches online can be regulated through code and law. Lessig claims "the protection of privacy would be stronger if people conceived of the right as a property right", and that "individuals should be able to control information about themselves".[45]

A collective value and a human right[edit]

There have been attempts to establish privacy as one of the fundamental human rights, whose social value is an essential component in the functioning of democratic societies.[46] Amitai Etzioni suggests a communitarian approach to privacy. This requires a shared moral culture for establishing social order.[47] Etzioni believes that "[p]rivacy is merely one good among many others",[48] and that technological effects depend on community accountability and oversight (ibid). He claims that privacy laws only increase government surveillance by weakening informal social controls.[49] Furthermore, the government is no longer the only or even principle threat to people's privacy. Etzioni notes that corporate data miners, or "Privacy Merchants," stand to profit by selling massive dossiers personal information, including purchasing decisions and Internet traffic, to the highest bidder. And while some might not find collection of private information objectionable when it is only used commercially by the private sector, the information these corporations amass and process is also available to the government, so that it is no longer possible to protect privacy by only curbing the State.[50]

Priscilla Regan believes that individual concepts of privacy have failed philosophically and in policy. She supports a social value of privacy with three dimensions: shared perceptions, public values, and collective components. Shared ideas about privacy allows freedom of conscience and diversity in thought. Public values guarantee democratic participation, including freedoms of speech and association, and limits government power. Collective elements describe privacy as collective good that cannot be divided. Regan's goal is to strengthen privacy claims in policy making: "if we did recognize the collective or public-good value of privacy, as well as the common and public value of privacy, those advocating privacy protections would have a stronger basis upon which to argue for its protection".[51]

Leslie Regan Shade argues that the human right to privacy is necessary for meaningful democratic participation, and ensures human dignity and autonomy. Privacy depends on norms for how information is distributed, and if this is appropriate. Violations of privacy depend on context. The human right to privacy has precedent in the United Nations Declaration of Human Rights: "Everyone has the right to freedom of opinion and expression; this right includes freedom to hold opinions without interference and to seek, receive and impart information and ideas through any media and regardless of frontiers."[52] Shade believes that privacy must be approached from a people-centered perspective, and not through the marketplace.[53]

Protection[edit]

Privacy International 2007 privacy ranking
green: Protections and safeguards
red: Endemic surveillance societies

Most countries give citizen rights to privacy in their constitutions.[54] Representative examples of this include the Constitution of Brazil, which says "the privacy, private life, honor and image of people are inviolable"; the Constitution of South Africa says that "everyone has a right to privacy"; and the Constitution of the Republic of Korea says "the privacy of no citizen shall be infringed."[54] Among most countries whose constitutions do not explicitly describe privacy rights, court decisions have interpreted their constitutions to intend to give privacy rights.[54]

Many countries have broad privacy laws outside their constitutions, including Australia's Privacy Act 1988, Argentina's Law for the Protection of Personal Data of 2000, Canada's 2000 Personal Information Protection and Electronic Documents Act, and Japan's 2003 Personal Information Protection Law.[54]

Beyond national privacy laws, there are international privacy agreements.[55] The United Nations Universal Declaration of Human Rights says "No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honor and reputation."[54] The Organisation for Economic Co-operation and Development published its Privacy Guidelines in 1980. The European Union's 1995 Data Protection Directive guides privacy protection in Europe.[54] The 2004 Privacy Framework by the Asia-Pacific Economic Cooperation is a privacy protection agreement for the members of that organization.[54]

In the 1960s people began to consider how changes in technology were bringing changes in the concept of privacy.[54] Vance Packard’s The Naked Society was a popular book on privacy from that era and led discourse on privacy at that time.[54]

Free market versus consumer protection approaches[edit]

Approaches to privacy can, broadly, be divided into two categories: free market or consumer protection.[56]

One example of the free market approach is to be found in the voluntary OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data.[57] The principles reflected in the guidelines are analysed in an article putting them into perspective with concepts of the GDPR put into law later in the European Union.[58]

In a consumer protection approach, in contrast, it is claimed that individuals may not have the time or knowledge to make informed choices, or may not have reasonable alternatives available.[59] In support of this view, Jensen and Potts showed that most privacy policies are above the reading level of the average person.[60]

Australia[edit]

The Privacy Act 1988 is administered by the Office of the Australian Information Commissioner. Privacy law has been evolving in Australia for a number of years. The initial introduction of privacy law in 1998 extended to the public sector, specifically to Federal government departments, under the Information Privacy Principles. State government agencies can also be subject to state based privacy legislation. This built upon the already existing privacy requirements that applied to telecommunications providers (under Part 13 of the Telecommunications Act 1997), and confidentiality requirements that already applied to banking, legal and patient / doctor relationships.[61]

In 2008 the Australian Law Reform Commission (ALRC) conducted a review of Australian Privacy Law. The resulting report "For Your Information".[62] This recommendation, and many others, were taken up and implemented by the Australian Government via the Privacy Amendment (Enhancing Privacy Protection) Bill 2012[63]

European Union[edit]

Although there are comprehensive regulations for data protection, some studies show that despite the laws, there is a lack of enforcement in that no institution feels responsible to control the parties involved and enforce their laws.[64] The European Union is also championing for the 'Right to be Forgotten' concept (which allows individuals to ask that links leading to information about themselves be removed from internet search engine results) to be adopted by other countries.[65]

India[edit]

Due to the introduction of the Aadhaar project inhabitants of India were afraid that their privacy could be invaded. The project was also met with mistrust regarding the safety of the social protection infrastructures.[66] To tackle the fear amongst the people, India's supreme court put a new ruling into action that stated that privacy from then on was seen as a fundamental right.[67]

Italy[edit]

In Italy the right to privacy is enshrined in Article 15 of the Constitution, which states:[68]

United Kingdom[edit]

In the United Kingdom, it is not possible to bring an action for invasion of privacy. An action may be brought under another tort (usually breach of confidence) and privacy must then be considered under EC law. In the UK, it is sometimes a defence that disclosure of private information was in the public interest.[69] There is, however, the Information Commissioner's Office (ICO), an independent public body set up to promote access to official information and protect personal information. They do this by promoting good practice, ruling on eligible complaints, giving information to individuals and organisations, and taking action when the law is broken. The relevant UK laws include: Data Protection Act 1998; Freedom of Information Act 2000; Environmental Information Regulations 2004; Privacy and Electronic Communications Regulations 2003. The ICO has also provided a "Personal Information Toolkit" online which explains in more detail the various ways of protecting privacy online.[70]

United States[edit]

Although the US Constitution does not explicitly include the right to privacy, individual as well as locational privacy are implicitly granted by the Constitution under the 4th Amendment. The Supreme Court of the United States has found that other guarantees have "penumbras" that implicitly grant a right to privacy against government intrusion, for example in Griswold v. Connecticut (1965). In the United States, the right of freedom of speech granted in the First Amendment has limited the effects of lawsuits for breach of privacy. Privacy is regulated in the US by the Privacy Act of 1974, and various state laws. The Privacy Act of 1974 only applies to Federal agencies in the executive branch of the Federal government.[71] Certain privacy rights have been established in the United States via legislation such as the Children's Online Privacy Protection Act (COPPA),[72] the Gramm–Leach–Bliley Act (GLB), and the Health Insurance Portability and Accountability Act (HIPAA). [73]

Unlike the EU and most EU-member states the US does not recognize the right to privacy to others than US citizens.

Privacy on the Internet[edit]

There are many means to protect one's privacy on the internet. For example, e-mails can be encrypted (via S/MIME or PGP) and anonymizing proxies or anonymizing networks like I2P and Tor can be used to prevent the internet service providers from knowing which sites one visits and with whom one communicates. Covert collection of personally identifiable information has been identified as a primary concern by the U.S. Federal Trade Commission.[74] Although some privacy advocates recommend the deletion of original and third-party HTTP cookies, Anthony Miyazaki, marketing professor at Florida International University and privacy scholar, warns that the "elimination of third-party cookie use by Web sites can be circumvented by cooperative strategies with third parties in which information is transferred after the Web site's use of original domain cookies."[75] As of December 2010, the Federal Trade Commission is reviewing policy regarding this issue as it relates to behavioral advertising.[74] Another aspect of privacy on the Internet relates to online social networking. Several online social network sites (OSNs) are among the top 10 most visited websites globally. A review and evaluation of scholarly work regarding the current state of the value of individuals' privacy of online social networking show the following results: "first, adults seem to be more concerned about potential privacy threats than younger users; second, policy makers should be alarmed by a large part of users who underestimate risks of their information privacy on OSNs; third, in the case of using OSNs and its services, traditional one-dimensional privacy approaches fall short".[76] This is exacerbated by the research indicating that personal traits such as sexual orientation, race, religious and political views, personality, or intelligence can be inferred based on the wide variety of digital footprint, such as samples of text, browsing logs, or Facebook Likes.[77]

Privacy and location-based services[edit]

Increasingly, mobile devices facilitate location tracking. This creates user privacy problems. A user's location and preferences constitute personal information. Their improper use violates that user's privacy. A recent MIT study by de Montjoye et al. showed that 4 spatio-temporal points, approximate places and times, are enough to uniquely identify 95% of 1.5M people in a mobility database. The study further shows that these constraints hold even when the resolution of the dataset is low. Therefore, even coarse or blurred datasets provide little anonymity.[78]

Several methods to protect user privacy in location-based services have been proposed, including the use of anonymizing servers, blurring of information e.a. Methods to quantify privacy have also been proposed, to calculate the equilibrium between the benefit of providing accurate location information and the drawbacks of risking personal privacy.[79]

In recent years, seen with the increasing importance of mobile devices and paired with the National Do Not Call Registry, telemarketers have turned attention to mobiles.[80]

Additionally, Apple and Google are constantly improving their privacy. With iOS 13, Apple introduced Sign in with Apple in order to protect the user data being taken[81] and Google introduced allowing location access only when the app is in-use.[82]

Privacy self-synchronization[edit]

Privacy self-synchronization is the mode by which the stakeholders of an enterprise privacy program spontaneously contribute collaboratively to the program's maximum success. The stakeholders may be customers, employees, managers, executives, suppliers, partners or investors. When self-synchronization is reached, the model states that the personal interests of individuals toward their privacy is in balance with the business interests of enterprises who collect and use the personal information of those individuals.[83]

Privacy paradox and economic valuation[edit]

The privacy paradox[edit]

The privacy paradox is a phenomenon in which online users state that they are concerned about their privacy but behave as if they were not.[84] While this term was coined as early as 1998,[85] it wasn't used in its current popular sense until the year 2000.[86][84]

Susan B. Barnes similarly used the term “privacy paradox” to refer to the ambiguous boundary between private and public space on social media.[87] When compared to adults, young people tend to disclose more information on social media. However, this does not mean that they are not concerned about their privacy. Susan B. Barnes gave a case in her article: in a television interview about Facebook, a student addressed her concerns about disclosing personal information online. However, when the reporter asked to see her Facebook page, she put her home address, phone numbers, and pictures of her young son on the page.

The privacy paradox has been studied and scripted in different research settings. Although several studies have shown this inconsistency between privacy attitudes and behavior among online users, the reason for the paradox still remains unclear.[88] A main explanation for the privacy paradox is that users lack awareness of the risks and the degree of protection.[89] Users may underestimate the harm of disclosing information online. On the other hand, some researchers argue the privacy paradox comes from lack of technology literacy and from the design of sites.[90] For example, users may not know how to change their default settings even though they care about their privacy. Psychologists particularly pointed out that the privacy paradox occurs because users must trade-off between their privacy concerns and impression management.[91]

Some researchers believe that decision making takes place on irrational level especially when it comes to mobile computing. Mobile applications are built up in a way that decision making is fast. Restricting one's profile on social networks is the easiest way to protect against privacy threats and security intrusions. However, such protection measures are not easily accessible while downloading and installing apps. Even if there would be mechanisms to protect your privacy then most of the users do not have the knowledge or experience to protective behavior.[92] Mobile applications consumers also have very little knowledge of how their personal data are used, they do not rely on the information provided by application vendors on the collection and use of personal data, when they decide which application to download.[93] Users claim that permissions are important while downloading app, but research shows that users do not value privacy and security related aspects to be important when downloading and installing app. Users value cost, functionality, design, ratings, reviews and downloads more important than requested permissions.[94]

A study by Zafeiropoulou specifically examined location data, which is a form of personal information increasingly used by mobile applications.[95] Their survey also found evidence that supports the existence of privacy paradox for location data.[93] Privacy risk perception in relation to the use of privacy enhancing technologies survey data indicates that a high perception of privacy risk is an insufficient motivator for people to adopt privacy protecting strategies, while knowing they exist.[93] It also raises a question on what the value of data is, as there is no equivalent of a stock-market for personal information.[96]

The economic valuation of privacy[edit]

The willingness to incur a privacy risk is driven by a complex array of factors including risk attitudes, self-reported value for private information, and general attitudes to privacy (derived from surveys).[97] Experiments aiming to determine the monetary value of several types of personal information indicate low evaluations of personal information. On the other hand, it appears that consumers are willing to pay a premium for privacy, albeit a small one.[93]  Users do not always act in accordance with their professed privacy concerns and they are sometimes willing to trade private information for convenience, functionality, or financial gain, even when the gains are very small.[98] One of the studies suggest that people think their browser history is worth the equivalent of a cheap meal.[99] Attitudes to privacy risk do not appear to depend on whether it is already under threat or not. People do not either get discouraged in protecting their information, or come to value it more if it is under threat.[100]

Concrete solutions on how to solve paradoxical behavior still do not exist. Many efforts are focused on processes of decision making like restricting data access permissions during the applications installation. However, nothing that would solve the gap between user intention and behavior. Susanne Barth and Menno D.T. de Jong believe that for users to make more conscious decisions on privacy matters the design needs to be more user oriented. Meaning, the ownership of data related risks will be better perceived if psychological ownership of data is being considered as ‘mine’ rather than ‘not mine’.[92]

There are many opinions related to privacy paradox. It is also suggested that it should not be considered a paradox anymore. It's maybe more of a privacy dilemma, because people would like to do more but they also want to use services that would not exist without sharing their data. It is suggested to be, that people do understand that they pay with personal data, but believe they get a fair deal.[99]

Selfie culture[edit]

Selfies are popular today. A search for photos with the hashtag #selfie retrieves over 23 million results on Instagram and "a whopping 51 million with the hashtag #me" However, due to modern corporate and governmental surveillance, this may pose a risk to privacy.[101] In a research which takes a sample size of 3763, researchers found that for selfies, females generally have greater concerns than male social media users. Users who have greater concerns inversely predict their selfie behavior and activity.[102]

See also[edit]

References[edit]

  1. ^ a b c Solove 2008, pp. 15–17.
  2. ^ a b c d Solove 2008, p. 19.
  3. ^ Godkin, E.L. (December 1880). "Libel and its Legal Remedy". Atlantic Monthly. 46 (278): 729–39.
  4. ^ Oulasvirta, Antti; Suomalainen, Tiia; Hamari, Juho; Lampinen, Airi; Karvonen, Kristiina (2014). "Transparency of Intentions Decreases Privacy Concerns in Ubiquitous Surveillance". Cyberpsychology, Behavior, and Social Networking. 17 (10): 633–38. doi:10.1089/cyber.2013.0585. PMID 25226054.
  5. ^ Gavison, Ruth (1980). "Privacy and the Limits of Law". Yale Law Journal. 89 (3): 421–71. doi:10.2307/795891. JSTOR 795891.
  6. ^ Bok, Sissela (1989). Secrets : on the ethics of concealment and revelation (Vintage Books ed.). New York: Vintage Books. pp. 10–11. ISBN 978-0-679-72473-5.
  7. ^ Solove 2008, p. 24.
  8. ^ The quotation is from Alan Westin.Westin, Alan F.; Blom-Cooper, Louis (1970). Privacy and freedom. London: Bodley Head. p. 7. ISBN 978-0-370-01325-1.
  9. ^ B.H.M., Custers; Metajuridica, Instituut voor. "Predicting Data that People Refuse to Disclose; How Data Mining Predictions Challenge Informational Self-Determination". openaccess.leidenuniv.nl. Retrieved 2017-07-19. Note: this reference does not contain the quote (& the quote opens without closing).
  10. ^ a b c d Westin, Alan (1967). Privacy and Freedom. New York: Atheneum.
  11. ^ a b c d Hughes, Kirsty (2012). "A Behavioural Understanding of Privacy and Its Implications for Privacy Law". The Modern Law Review. 75 (5): 806–836. doi:10.1111/j.1468-2230.2012.00925.x.
  12. ^ Solove 2008, p. 21.
  13. ^ Posner, Richard A. (1983). The economics of justice (5. print ed.). Cambridge, Massachusetts: Harvard University Press. p. 271. ISBN 978-0-674-23526-7.
  14. ^ a b Solove 2008, pp. 22–23.
  15. ^ a b c Reiman, Jeffrey (1976). "Privacy, Intimacy, and Personhood". Philosophy & Public Affairs.
  16. ^ a b c d Benn, Stanley. "Privacy, freedom, and respect for persons". In Schoeman, Ferdinand (ed.). Philosophical Dimensions of Privacy: An Anthology. New York: Cambridge University Press.
  17. ^ a b c d e f Kufer, Joseph (1987). "Privacy, Autonomy, and Self-Concept". American Philosophical Quarterly.
  18. ^ Goffman, Erving (1968). Asylums: Essays on the Social Situation of Mental Patients and Other Inmates. New York: Doubleday.
  19. ^ a b c Altman, Irwin (1975). The Environment and Social Behavior: Privacy, Personal Space, Territory, and Crowding. Monterey: Brooks/Cole Publishing Company.
  20. ^ a b c Solove 2008, p. 35.
  21. ^ Rachels, James (Summer 1975). "Why Privacy is Important". Philosophy & Public Affairs. 4 (4): 323–33. JSTOR 2265077.
  22. ^ Citron, Danielle (2019). "Sexual Privacy". Yale Law Journal. 128: 1877, 1880.
  23. ^ H. Jeff Smith (14 April 1994). Managing Privacy: Information Technology and Corporate America. UNC Press Books. ISBN 9780807821473.
  24. ^ a b "Fixing the Fourth Amendment with trade secret law: A response to Kyllo v. United States". Georgetown Law Journal. 2002.
  25. ^ "Security Recommendations For Stalking Victims". Privacyrights. 11 January 2012.
  26. ^ "FindLaw's Writ – Amar: Executive Privilege". Writ.corporate.findlaw.com. 2004-04-16. Retrieved 2012-01-01.
  27. ^ a b DeCew, Judith (2015-01-01). Zalta, Edward N. (ed.). Privacy (Spring 2015 ed.).
  28. ^ "4 Harvard Law Review 193 (1890)". Groups.csail.mit.edu. 1996-05-18. Retrieved 2019-08-22.
  29. ^ Information Privacy, Official Reference for the Certified Information privacy Professional (CIPP), Swire, 2007}}
  30. ^ "Privacy (Stanford Encyclopedia of Philosophy)". plato.stanford. Retrieved 2012-01-01.
  31. ^ a b c Jeffrey Rosen. "The Web Means the End of Forgetting" New York Times, July 19, 2010
  32. ^ Kosinski, Michal; Stillwell, D.; Graepel, T. (2013). "Private traits and attributes are predictable from digital records of human behavior". Proceedings of the National Academy of Sciences. 110 (15): 5802–5805. Bibcode:2013PNAS..110.5802K. doi:10.1073/pnas.1218772110. PMC 3625324. PMID 23479631.
  33. ^ Popkin, Helen A.S., "Gov't officials want answers to secret iPhone tracking" MSNBC, "Technology", April 21, 2011
  34. ^ "Apple denies tracking iPhone users, but promises changes", Computerworld, 27 April 2011
  35. ^ "What I've Learned: Andy Grove", Esquire Magazine, 1 May 2000
  36. ^ a b c d e Solove 2008, p. 101.
  37. ^ Prosser, William (1960). "Privacy". California Law Review. 48 (383): 389. doi:10.2307/3478805. JSTOR 3478805.
  38. ^ Solove 2008, p. 103.
  39. ^ a b Solove, p. 103.
  40. ^ a b c d e f g h i j k l m n o p q r s t Solove 2008, pp. 104–05.
  41. ^ Warren and Brandeis, "The Right To Privacy"(1890) 4 Harvard Law Review 193
  42. ^ a b Yael Onn, et al., Privacy in the Digital Environment, Haifa Center of Law & Technology, (2005) pp. 1–12
  43. ^ Flaherty, D. (1989). Protecting privacy in surveillance societies: The federal republic of Germany, Sweden, France, Canada, and the United States. Chapel Hill, U.S.: The University of North Carolina Press.
  44. ^ Posner, R. A. (1981). "The economics of privacy". The American Economic Review. 71 (2): 405–09.
  45. ^ Lessig, L. (2006) Code: Version 2.0. New York, U.S.: Basic Books.
  46. ^ Johnson, Deborah (2009). Beauchamp, Bowie, Arnold (eds.). Ethical theory and business (8th ed.). Upper Saddle River, N.J.: Pearson/Prentice Hall. pp. 428–42. ISBN 978-0-13-612602-7.CS1 maint: uses editors parameter (link)
  47. ^ Etzioni, A. (2006). Communitarianism. In B. S. Turner (Ed.), The Cambridge Dictionary of Sociology (pp. 81–83). Cambridge, UK: Cambridge University Press.
  48. ^ Etzioni, A. (2007). Are new technologies the enemy of privacy? Knowledge, Technology & Policy, 20, 115–19.
  49. ^ Etzioni, A. (2000). A communitarian perspective on privacy. Connecticut Law Review, 32(3), 897–905.
  50. ^ Etzioni, Amitai (March 2012). "The Privacy Merchants: What is to be done?" (PDF). The Journal of Constitutional Law. 14 (4): 950. Archived from the original (PDF) on 2013-09-05.
  51. ^ Regan, P. M. (1995). Legislating privacy: Technology, social values, and public policy. Chapel Hill, U.S.: The University of North Carolina Press.
  52. ^ United Nations. (1948). Universal Declaration of Human Rights. Retrieved October 7, 2006 from "Archived copy". 2014-12-08. Archived from the original on 2014-12-08. Retrieved 2014-12-08.CS1 maint: archived copy as title (link)
  53. ^ Shade, L.R. (2008). Reconsidering the right to privacy in Canada. Bulletin of Science, Technology & Society, 28(1), 80–91.
  54. ^ a b c d e f g h i Solove 2008, pp. 3–4.
  55. ^ Solove 2008, p. 3.
  56. ^ Quinn, Michael J. (2009). Ethics for the Information Age. ISBN 978-0-321-53685-3.
  57. ^ "Privacy Guidelines". OECD. Retrieved 2019-08-22.
  58. ^ Cate, Fred H.; Collen, Peter; Mayer-Schönberger, Viktor. "Data Protection Principles for the 21st Century. Revising the 1980 OECD Guidelines" (PDF). Cite journal requires |journal= (help)
  59. ^ "Time to reclaim the Internet". Hagai Bar-El on Security. Retrieved 2020-01-01.
  60. ^ Jensen, Carlos (2004). "Privacy policies as decision-making tools: an evaluation of online privacy notices". Cite journal requires |journal= (help)
  61. ^ "Privacy Law".
  62. ^ "For Your Information". Alrc.gov.au. 2008-08-12. Retrieved 2019-08-22.
  63. ^ Privacy Amendment (Enhancing Privacy Protection) Bill 2012.
  64. ^ Burghardt, Buchmann, Böhm, Kühling, Sivridis A Study on the Lack of Enforcement of Data Protection Acts Proceedings of the 3rd int. conference on e-democracy, 2009.
  65. ^ Mark Scott (3 December 2014). "French Official Campaigns to Make 'Right to be Forgotten' Global". nytimes. Retrieved 14 April 2018.
  66. ^ Masiero, Silvia (2018-09-24). "Explaining Trust in Large Biometric Infrastructures: A Critical Realist Case Study of India's Aadhaar Project". The Electronic Journal of Information Systems in Developing Countries. 84 (6): e12053. doi:10.1002/isd2.12053.
  67. ^ "Aadhaar: 7 changes transforming India in 2018". gemalto. 2018-10-08.
  68. ^ "The Italian Constitution" (PDF). The official website of the Presidency of the Italian Republic. Archived from the original on 2016-11-27.
  69. ^ Does Beckham judgment change rules?, from BBC News (retrieved 27 April 2005).
  70. ^ "Personal Information Toolkit" Information Commissioner’s Office, UK
  71. ^ "The Privacy Act". Freedom of Information Act. US Department of State. 2015-05-22. Retrieved 2015-11-19.
  72. ^ Children’s Online Privacy Protection Act, 15 U.S.C. § 6501 et seq.
  73. ^ Fourth Amendment to the United States Constitution
  74. ^ a b Federal Trade Commission (2010), "Protecting Consumer Privacy in an Era of Rapid Change: A Proposed Framework for Businesses and Policymakers," Preliminary FTC Staff Report (December), available at [1].
  75. ^ Miyazaki, Anthony D. (2008), "Online Privacy and the Disclosure of Cookie Use: Effects on Consumer Trust and Anticipated Patronage," Journal of Public Policy & Marketing, 23 (Spring), 19–33.
  76. ^ Hugl, Ulrike (2011), "Reviewing Person’s Value of Privacy of Online Social Networking," Internet Research, 21(4), in press, http://www.emeraldinsight.com/journals.htm?issn=1066-2243&volume=21&issue=4&articleid=1926600&show=abstract.
  77. ^ Kosinski, Michal; Stillwell, D.; Graepel, T. (2013). "Private traits and attributes are predictable from digital records of human behavior". Proceedings of the National Academy of Sciences. 110 (15): 5802–05. Bibcode:2013PNAS..110.5802K. doi:10.1073/pnas.1218772110. PMC 3625324. PMID 23479631.
  78. ^ de Montjoye, Yves-Alexandre; César A. Hidalgo; Michel Verleysen; Vincent D. Blondel (March 25, 2013). "Unique in the Crowd: The privacy bounds of human mobility". Scientific Reports. 3: 1376. Bibcode:2013NatSR...3E1376D. doi:10.1038/srep01376. PMC 3607247. PMID 23524645.
  79. ^ Athanasios S. Voulodimos and Charalampos Z. Patrikakis, "Quantifying Privacy in Terms of Entropy for Context Aware Services", special issue of the Identity in the Information Society journal, "Identity Management in Grid and SOA", Springer, vol. 2, no 2, December 2009
  80. ^ "Sneaky tactics used by telemarketers and debt collectors to get your cell phone number". Businessinsider.com. Retrieved 2012-08-27.
  81. ^ "Getting Started - Sign in with Apple - Apple Developer". Apple Inc. Retrieved 2019-11-06.
  82. ^ "Android 10 privacy changes for accessing device location". ProAndroidDev. 2019-10-02. Retrieved 2019-11-06.
  83. ^ Popa, C., et. all., "Managing Personal Information: Insights on Corporate Risk and Opportunity for Privacy-Savvy Leaders", Carswell (2012), Ch. 6
  84. ^ a b Swartz, J., "'Opting In': A Privacy Paradox", The Washington Post, 03 Sep 2000, H.1.
  85. ^ Bedrick, B., Lerner, B., Whitehead, B. "The privacy paradox: Introduction", "News Media and the Law", Washington, DC, Volume 22, Issue 2, Spring 1998, pp. P1–P3.
  86. ^ J. Sweat "Privacy paradox: Customers want control—and coupons", InformationWeek, Manhasset Iss, 781, April 10, 2000, p. 52.
  87. ^ "Volume 11, Number 9 — 4 September 2006". firstmonday.org. Retrieved 2019-11-25.
  88. ^ Taddicken, M (2014). "The 'Privacy Paradox'in the Social Web: The Impact of Privacy Concerns, Individual Characteristics, and the Perceived Social Relevance on Different Forms of Self-Disclosure". Journal of Computer-Mediated Communication. 19 (2): 248–73. doi:10.1111/jcc4.12052.
  89. ^ Acquisti, A., & Gross, R. (2006, June). Imagined communities: Awareness, information sharing, and privacy on the Facebook. In Privacy enhancing technologies (pp. 36–58). Springer Berlin Heidelberg.
  90. ^ S. Livingstone (2008). "Taking risky opportunities in youthful content creation: teenagers' use of social networking sites for intimacy, privacy and self-expression" (PDF). New Media & Society. 10 (3): 393–411. doi:10.1177/1461444808089415.
  91. ^ Utz, S., & Kramer, N. (2009). The privacy paradox on social network sites revisited: The role of individual characteristics and group norms. Cyberpsychology: Journal of Psychosocial Research on Cyberspace, article 1. [2]
  92. ^ a b Barth, Susanne; de Jong, Menno D. T. (2017-11-01). "The privacy paradox – Investigating discrepancies between expressed privacy concerns and actual online behavior – A systematic literature review". Telematics and Informatics. 34 (7): 1038–1058. doi:10.1016/j.tele.2017.04.013. ISSN 0736-5853.
  93. ^ a b c d Kokolakis, Spyros (January 2017). "Privacy attitudes and privacy behaviour: A review of current research on the privacy paradox phenomenon". Computers & Security. 64: 122–134. doi:10.1016/j.cose.2015.07.002.
  94. ^ Barth, Susanne; de Jong, Menno D. T.; Junger, Marianne; Hartel, Pieter H.; Roppelt, Janina C. (2019-08-01). "Putting the privacy paradox to the test: Online privacy and security behaviors among users with technical knowledge, privacy awareness, and financial resources". Telematics and Informatics. 41: 55–69. doi:10.1016/j.tele.2019.03.003. ISSN 0736-5853.
  95. ^ Zafeiropoulou, Aristea M.; Millard, David E.; Webber, Craig; O'Hara, Kieron (2013). "Unpicking the privacy paradox: can structuration theory help to explain location-based privacy decisions?". Proceedings of the 5th Annual ACM Web Science Conference on - WebSci '13. Paris, France: ACM Press: 463–472. doi:10.1145/2464464.2464503. ISBN 978-1-4503-1889-1.
  96. ^ Burkhardt, Kai. "The privacy paradox is a privacy dilemma". Internet Citizen. Retrieved 2020-01-10.
  97. ^ Frik, Alisa; Gaudeul, Alexia (2020-03-27). "A measure of the implicit value of privacy under risk". Journal of Consumer Marketing. ahead-of-print (ahead-of-print). doi:10.1108/JCM-06-2019-3286. ISSN 0736-3761.
  98. ^ Egelman, Serge; Felt, Adrienne Porter; Wagner, David (2013), "Choice Architecture and Smartphone Privacy: There's a Price for That", The Economics of Information Security and Privacy, Springer Berlin Heidelberg, pp. 211–236, doi:10.1007/978-3-642-39498-0_10, ISBN 978-3-642-39497-3
  99. ^ a b "2. The Privacy Paradox", Network Publicy Governance, transcript Verlag, 2018-12-31, pp. 45–76, doi:10.14361/9783839442135-003, ISBN 978-3-8394-4213-5
  100. ^ Frik, Alisa; Gaudeul, Alexia (2020-03-27). "A measure of the implicit value of privacy under risk". Journal of Consumer Marketing. ahead-of-print (ahead-of-print). doi:10.1108/JCM-06-2019-3286. ISSN 0736-3761.
  101. ^ Giroux, Henry A. (2015-05-04). "Selfie Culture in the Age of Corporate and State Surveillance". Third Text. 29 (3): 155–64. doi:10.1080/09528822.2015.1082339. ISSN 0952-8822.
  102. ^ Dhir, Amandeep; Torsheim, Torbjørn; Pallesen, Ståle; Andreassen, Cecilie S. (2017). "Do Online Privacy Concerns Predict Selfie Behavior among Adolescents, Young Adults and Adults?". Frontiers in Psychology. 8: 815. doi:10.3389/fpsyg.2017.00815. ISSN 1664-1078. PMC 5440591. PMID 28588530.

External links[edit]

Articles, interviews and talks[edit]