The Concept of Privacy in America and Europe

In 1890, two American legal theorists, Warren and Brandeis, conceived of the “right to be let alone” as a critical civil principle,¹¹ a right to be protected. This begins the privacy legal discussion in the United States and is often referenced in European discussions of privacy, as well. Later, in 1967, privacy scholar Alan Westin identified “four basic states of privacy”:

Solitude

Physical separation from others

Intimacy

A “close, relaxed, and frank relationship between two or more individuals” that can arise from seclusion

Anonymity

Freedom from identification and surveillance in public places

Reserve

“The creation of a psychological barrier against unwanted intrusion”¹²

Westin wrote that privacy is “the claim of individuals, groups, or institutions to determine for themselves when, how, and to what extent information about them is communicated to others.”¹³ This view appears also in European conceptions of privacy. In 1983, a German Constitutional Court articulated a “right of informational self-determination,” which included “the authority of the individual to decide [for] himself...when and within what limits information about his private life should be communicated to others.”¹⁴ In Europe, privacy is conceived as a “fundamental right” that people are born with. European policies mainly use the term “data protection” rather than “privacy.” It’s a narrower concept, applied specifically to policies and rights that relate to organizations’ fair treatment of personal data and to good data governance. Privacy covers a broader array of topic areas and is concerned with interests beyond fairness, such as dignity, inappropriate surveillance, intrusions by the press, and others.

In 1960, American law scholar William Prosser distilled four types of harmful activities that privacy rights addressed:

• Intrusion upon someone’s seclusion or solitude, or into her private affairs

• Public disclosure of embarrassing private facts

• Publicity which places someone in a false light

• Appropriation of someone’s name or likeness for gain without her permission¹⁵

This conception of privacy is, by design, focused on harms that can befall someone, thereby giving courts a basis from which to redress them. But, as the preceding descriptions show, conceiving of privacy exclusively from the perspective of harms is too narrow.

Thinking of privacy harms tends to focus discussion on individuals. Privacy, however, must also be discussed in terms of society. Privacy and data protection, it is argued, are vital for the functioning of society and democracy. Two German academics, Hornung and Schnabel, assert:

...data protection is... a precondition for citizens’ unbiased participation in the political processes of the democratic constitutional state. [T]he right to informational self-determination is not only granted for the sake of the individual, but also in the interest of the public, to guarantee a free and democratic communication order.¹⁶

Similarly, Israeli law scholar Ruth Gavison wrote in 1980: “Privacy is...essential to democratic government because it fosters and encourages the moral autonomy of the citizen, a central requirement of a democracy.”¹⁷

In this way, privacy is “constitutive” of society,¹⁸ integrally tied to its health. Put another way, privacy laws can be seen as social policy, encouraging beneficial societal qualities and discouraging harmful ones.¹⁹

In trying to synthesize all of these views, Professor Solove created a taxonomy of privacy that yields four groups of potentially harmful activities:²⁰

• Information collection

  • Surveillance: watching, listening to, or recording an individual’s activities

  • Interrogation: questioning or probing for information

• Information processing

  • Aggregation: combining various pieces of data about a person

  • Identification: linking information to particular individuals

  • Insecurity: carelessness in protecting stored information

  • Secondary use: use of information for a purpose other than what it was originally collected for without a person’s consent

  • Exclusion: failure to allow someone to know about data others have about him, and to participate in its handling and use

• Information dissemination

  • Breach of confidentiality: breaking a promise to keep a person’s information confidential

  • Disclosure: revelation of information that affects how others judge someone

  • Exposure: revealing another’s nudity, grief, or bodily functions

  • Increased accessibility: amplifying the accessibility of information

  • Blackmail: the threat to disclose personal information

  • Appropriation: the use of someone’s identity to serve someone else’s interests

• Distortion: disseminating false or misleading information about someone

• Invasion

  • Intrusion: invading someone’s tranquillity or solitude

  • Decisional interference: incursion into someone’s decisions regarding her private affairs

Although this taxonomy is focused around the individual, it should be understood that personal losses of privacy add up to societal harms. One of these is commonly called chilling effects: if people feel like they are being surveilled, or that what they imagine to be private, intimate conversations or expressions are being monitored, recorded, or disseminated, they are less likely to say things that could be seen as deviating from established norms.²¹ This homogenization of speech and thought is contrary to liberty and democratic discourse, which relies upon a diversity of views. Dissent, unpopular opinions, and intellectual conflict are essential components of free societies—privacy helps to protect them.

One important thing to take away from this discussion is that there is no neat split between information people think of as public versus information that is private. In part, this is because there is no easy definition of either. Consider medical information shared with your doctor—it will travel through various systems and hands before its journey is complete. Nurses, pharmacists, insurance companies, labs, and administrative staff will all see information that many citizens deem private and intimate. Here again we see the problem of construing privacy as secrecy. Information is shared among many people within a given context. One theory²² within privacy scholarship says that when information crosses from one context into another—for example, medical information falling into nonmedical contexts, such as employment—people experience it as a privacy violation (see the section “Breakdown of Informational Contexts” later in this report). Advances in technology further complicate notions of the public and the private, and cause us to reflect more on where, when, and what is deserving of privacy protections.

It’s worth noting that the public/private split in American privacy regimes is different than the European conception of data protection, which focuses on restricting the flow of personal data rather than private or confidential data. The recently enacted General Data Protection Regulation defines personal data as:

any information relating to an identified or identifiable natural person...; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person²³

Much ink has been spilled in comparing the US and European approaches,²⁴ but suffice it to say that there are pros and cons to each. They yield different outcomes, and there is much to be gained from drawing upon the best elements of both.²⁵

It’s essential to remember that privacy costs money. That is, building information systems that incorporate strong security, user preferences, encryption, and privacy-preserving architectures requires investments of capital, time, and know-how—all things that organizations seek to maximize and conserve. It means that, when making devices and services, the preservation of privacy can never be divorced from economic considerations. Businesses must have a reason—an economic justification—for incorporating privacy into their designs: regulatory requirements, product/service differentiation, voluntary adherence to best practices, contractual obligation, and fear of brand damage among other reasons. There is also a view that managers, developers, engineers, and executives include privacy in their products because it is the right thing to do—that good stewardship of personal data is a social value worth embedding in technology. Recent research by Berkeley professors Kenneth Bamberger and Deirdre Mulligan, however, illustrates that the right thing might be driven by business perceptions of consumer expectations.²⁶ Often, there is no easy separation of the economic and social reasons privacy architectures are built into technology, but the point is, from an engineering or compliance perspective, someone must pay for privacy.

Privacy is not just the law nor just rules to protect data sharing and storage; it’s a shifting conversation about values and norms regarding the flow of information. Laws and rules enact the values and norms we prize, but they are “carriers” of these ideas. This means, however, that the current picture of privacy rules is not the only way to protect it. The topic of the IoT affords an opportunity to reflect. How things have been need not be how they will be going forward. Research shows that people are feeling vulnerable and exposed from the introduction of new Internet technologies.²⁷ As a wave of new devices are entering our intimate spaces, now is an excellent time to review the institutional and technical ways privacy is protected, its underlying values, and what can be done differently.