Individuals are the subjects of accelerating commercial data collection. When two parties transact, a record of the meeting is formed. Technology allows broad aggregation of these occurrences. An individual’s interest in controlling this information leads to an interest in preventing his own identification (by others). Thus to limit information existing outside of an individual’s domain of control, he must remain anonymous. Our hope to remain anonymous is our expectation of privacy—what cryptographer Eric Hughes defined as “the power to selectively reveal oneself to the world.”
Society recognized a threat to privacy in the ability to publish photographs. A photograph was once a result of a clearly consensual sitting. Progress, however, created cameras small and robust enough to be transported, and more importantly, to be used surreptitiously. Any situation that could not be considered strictly personal was now subject to an unimpeachable archive.
Privacy is Copyright
“The Right to Privacy” was published in 1890 by the Harvard Law Review and remains one of the most influential essays in American Law. Brandeis and Warren saw protection of the private realm as key to protection of individual freedom. The authors position privacy as a reflexive equivalent of copyright- ultimately, the right to purposefully not publish.
“A man records in a letter to his son, or in his diary, that he did not dine with his wife on a certain day. No one into whose hands those papers fall could publish them to the world, even if possession of the documents had been obtained rightfully; and the prohibition would not be confined to the publication of a copy of the letter itself, or of the diary entry; the restraint extends also to a publication of the contents. What is the thing which is protected? Surely, not the intellectual act of recording the fact that the husband did not dine with his wife, but that fact itself. It is not the intellectual product, but the domestic occurrence.”
By acknowledging the right of a person to protect personal details (in this case domestic occurrences) from being released to the public, the authors promoted what Brandeis defined as the “right to be let alone.” The right to privacy ends, “upon the publication of the facts by the individual, or with his consent.”
The Issue Divided
Australian privacy expert Roger Clarke divides privacy into generally discrete parts:
- Privacy of the person, concerning the integrity of the body and physical contact
- Privacy of behavior, relating to personal behaviors such as sexual preferences, religious practices, or political activities
- Privacy of communications, the interest in communication between individuals unfettered by 3rd party monitoring
- Privacy of Data, or ‘information privacy,’ an individual’s ability to exercise control over information gathered by a 3rd party.
Mr. Clarke recognizes that these interests conflict between individuals, groups and corporations. Thus, he defines privacy protection as the process of finding balance between privacy and competing interests. An individual may be more interested in obtaining a line of credit than strictly protecting his history of financial transactions. A person wants a record of his health care to be in a doctor’s hands to ensure the highest quality of care. Yet one would not want either to be made widely available, and therein lays his interest in selectively sharing data.
American Legislative Struggle
The last hundred years has seen privacy emerge as an international legal and legislative struggle. Disparate policies restrict international business transactions. Historic civil liberties groups such as the American Civil Liberties Union now deal extensively with privacy related issues. New groups such as the Electronic Privacy Information Center (EPIC), The Privacy Rights Clearinghouse and the Electronic Frontier Foundation (EFF) were founded in the early 1990’s expressly to shape policy on data protection and transfer. The roots of personal protection extend to the U.S. Constitution and beyond. The 4th amendment prohibits unreasonable search and seizure- a tacit recognition of privacy of the person and his behavior. A citizen cannot be called on to testify against herself, hinting at Warren and Brandeis’ understanding of the right to withhold information. Subsequently American laws have been passed regulating to specific actions such as the interception of telephone conversations, the government’s identification of individuals with diseases, and the limits to which the government may collect and use personal information.
European Privacy Law is largely defined by EU Directive 95/46/EC (the data protection Directive), sweeping legislation passed in 1998 to regulate the processing of personal data. It charges data controllers (those who determine the purposes and means of data processing) with a number of rules. These responsibilities dictate that personal information must be:
- Obtained and processed fairly
- Kept only for specified purposes
- Used only for its originally specified purpose
- Kept secure, accurate, adequate, relevant and up-to-date
- Retained no longer than necessary
- Given to the individual upon his or her request
Further, this data can only be processed if:
- The subject has given consent, freely and specifically
- Processing is necessary to fulfill a contract with the subject
- Processing is required by legal obligation
- Processing is essential to preserve the subjects life
- Processing is necessary to perform an official task
- The Controller has an interest in collecting the data that does not conflict with the previously stated responsibilities
Information regarding racial origin, union membership, sexual preferences or health care receives additional protection. In contrast, the United States has a patchwork of rules and regulations protecting personal data grouped by function. While financial and health records benefit from a high level of discretion in processing, there is no general framework to address data gathering and use.
The ability of automatic identification to streamline commerce, protect those who cannot care for themselves, and markedly improve our lives is clear. Yet an individual’s innate desire to be undiscovered and left alone limits the collection of information. A delicate balance exists between the benefits of identification technology and the right to privacy. Our expanding ability to record, track and authorize means that balance, however, is far from decided.