issues and conundrums
This page considers particular privacy issues.
It covers -
Information is the primary commodity in the information
As a result disagreement about privacy - who controls
much of that information - is a central feature of debate
about regulation of cyberspace. It is also a key area
of uncertainty for business and consumers.
That uncertainty reflects an innate tension - many consumers
want the benefits of being a 'market of one' (which presupposes
other entities are familiar with their needs/tastes) without
surrendering control of that data. It reflects community
ambivalence about the media and celebrity (many people
cherish their own privacy but endorse abuses by paparazzi
or Megan's Law registers),
examined later in this guide and in a supplementary profile.
It also reflects the slow emergence of digital rules of
the road - do we rely on legislation (which model), are
stories of abuse legitimate, do we develop a brave new
lex informatica or instead - as suggested by Stuart
Biegel in Beyond Our Control? Confronting the Limits
of Our Legal System in the Age of Cyberspace (Cambridge:
MIT Press 2001) - build viable national/international
regimes by 'muddling through'.
US scholar Lillian Bevier commmented that
is a chameleon-like word, used denotatively to designate
a range of wildly disparate interests - from confidentiality
of personal information to reproductive autonomy - and
connatively to generate goodwill on behalf of whatever
interest is being asserted in its name
a fundamental right?
Is privacy a fundamental right?
US business advocacy group Privacilla for example answers
is actually a value that is protected by the right to
control one's personal information. In general, people
use their right to property in their persons — controlling
their actions — to protect personal information consistent
with their senses of privacy. This is how privacy fits
into a scheme of fundamental rights. Privacy results
from the exercise of a property right in personal information.
distinguish between informational privacy (the
"claim of individuals, groups or institutions to determine
for themselves when, how, and to what extent information
about them is communicated to others") and financial
privacy (the "rights of individuals to control the
collection, storing, use, and dissemination of information
concerning their personal financial affairs by financial
institutions and third parties").
Some advocates, particularly in dealing with emerging
technologies such as RFIDs,
have taken an overly bleak of regulatory regimes (in particular
articulation of principles in privacy law) and the preparedness
of some consumers to commoditise their privacy.
One Australian pundit accordingly commented in 2004 that
privacy laws are almost entirely limited to the data
privacy, and provide zero protection for the other dimensions
of privacy of the person, privacy of personal behaviour,
and privacy of personal communications.
Data protection laws were not motivated by human rights,
but were created to protect business and government
administration from interference by complainants about
invasions of privacy. You can see this by reading the
preamble to the OECD Guidelines, and the second reading
speeches of the various statutes, and of course by reading
publications that catalogue the vast array of inadequacies
of such laws.
Data protection laws are frozen in the 1970s, and do
not deal with technologies that have developed, or been
further developed since then.
privacy is likely to be contentious for at least a generation.
We can expect to see successive legislative amendments
and industry codes, punctuated by examples of bad practice
in how information is collected, utilised and disseminated.
Our advice to clients is to be aware of issues and act
Privacy, as the following pages note, is culturally conditioned:
expectations (and regulation, formal or informal) reflect
personal circumstances, historical contingency, cultural
values and attributes such as gender, class and sexual
affinity. It is not an absolute; it varies from one region
to another. One sense of that variation is provided in
Dan Burk's 'Privacy and Property in the Global Datasphere'
in Information Technology Ethics: Global Perspectives
(Hershey: IGI Global 2007) edited by Soraj Hongladarom
& Charles Ess.
areas of concern
This guide centres on online aspects of privacy, particularly
principles and practice regarding web sites. However,
as we move into a world of pervasive computing (and networking)
many of the traditional demarcations are dissolving.
The following pages accordingly encompass five areas -
data protection (or information privacy) - rules
(including legislation and industry codes) concerned
with the collection and handling of personal data such
as credit information, and medical and government records.
privacy - including privacy of email, voice telecommunications
and postal mail
territorial privacy - limits on intrusion into
domestic, professional, civil and and recreational environments,
including the workplace,
public streets, retail premises, libraries and homes.
This includes searches, video surveillance and ID checks
locational privacy - regimes for managing
geolocation technologies that link an individual to
a physical location
bodily privacy - respecting the integrity of
an individual's body through restrictions on invasive
activity such as cavity searches and (more broadly)
genetic or drug testing
associational privacy - what is the
impact on democracy (and more broadly on civil society)
of political profiling?
of government and commercial secrecy are discussed in
the complementary Secrecy
The penultimate page of this guide comments that perceptions
of privacy vary considerably, depending on circumstances
and whether an individual is referring to his/her privacy
or to the privacy of others.
Past Caslon surveys suggest that consumer concerns about
privacy equal worries about the security of online purchasing/payment
as a major roadblock for Australian electronic commerce.
Over 80% of the top 200 Australian sites seek personal
meets the national Privacy Commissioner's principles.
Government agencies sometimes have the legal boilerplate
but don't practice what they preach. (One major offender,
for example, proudly proclaimed that it was a totally
cookie free site, after we'd encountered three cookies
en route to that proclamation).
Overseas studies demonstrate that privacy is one of the
major potholes in the information highway. Some show that
consumers (individuals and businesses) refuse to interact
with many sites that demand particular information. That
is a problem, because the competitor may be just a few
clicks away. Others show that users respond by supplying
false information. Others fuel a growing demand for more
comprehensive and more effective regulation.
Scott McNealey of Sun claims that privacy is already history:
it is gone, so get over it. Solveig Singleton's Privacy
as Censorship: A Skeptical View of Proposals to Regulate
Privacy in the Private Sector, a paper
for the US Cato Institute, argues that there is "little
to fear from private collection and transfer of consumer
information", a view contested in Wolfgang Sofsky's Privacy:
A Manifesto (Princeton: Princeton Uni Press 2008)
and Daniel Solove's persuasive Understanding Privacy
(Cambridge: Harvard Uni Press 2008).
Singleton's assertion is inconsistent with statements
by industry leaders and with a history of government responses
to bad practice.
It is clear that new technology, such as automated collection
of data about online activity, large-scale data profiling
and data trading, offers
significant opportunities for privacy abuses. It also
provides a major incentive, in an environment where the
right information may be the crucial factor in a sale
or an election. Ontario Privacy Commissioner Ann Cavoukian's
Privacy: The Key to Electronic Commerce and paper
on Data Mining: Staking a Claim on Your Privacy
illustrate those points.
More importantly, it is inconsistent with consumer and
business perceptions that there are substantive concerns.
Irrespective of whether those concerns are firmly based
in reality - and documents highlighted in the following
pages demonstrate that there are problems - the perceptions
need to be addressed.
Theorists such as David Brin, author of The Transparent
Society (Reading: Perseus Books 1998), argue
that if privacy is history, that is not the issue. For
them the issue is equality of exposure. Data harvesters
know quite a lot about you; you know very little about
them and to conduct a normal life you can not escape their
invisible clutches. James Katz's 1996 paper
on Understanding communication privacy: Unlisted telephone
subscribers in the United States notes that in Japan
and Europe there are few unlisted numbers compared to
the US (where around 25% of numbers unlisted nationally
and 33% in California are unlisted).
In practice the information liberationism espoused by
Brin or Brian Martin
- eliminate the mass media, abolish intellectual property,
abandon concepts such as defamation? - is unlikely to
extend beyond a few enthusiasts. Most users of the web
will need to grapple with issues discussed in the following
the evolving privacy landscape
The nature of privacy - and the scope for abuses such
as spam - have changed
over time. As George Williams notes in his lucid Human
Rights Under The Australian Constitution (Melbourne:
Oxford Uni Press 1999), privacy is not enshrined in the
constitution. Instead there is a patchwork of individual
Commonwealth and State/Territory legislation and guidelines.
That regime was initially restricted to the public sector;
it is being progressively - some say haphazardly and too
slowly - extended to cover the private sector. It is being
driven by consumer and business concerns.
It is also being driven by overseas legislation, in particular
the EU Data Directive (reflected in Canada
and New Zealand), and
guidelines such as the OECD Guidelines on the Protection
of Privacy & Transborder Flows of Personal Data
examined by Graham Greenleaf in his paper
on Stopping Surveillance: Beyond 'efficiency' &
In the US, home of privacy luddites such as the Cato Institute,
there is a powerful move to extend existing international
agreements such as Safe
Harbor to cover domestic markets.
The 2003 Americans & Online Privacy: The System
is Broken study (PDF)
notes that despite strong concerns about privacy, 64%
of online US adults expressing concern about privacy have,
however, never searched for information about how to protect
their information on the web. 40% say that they know "almost
nothing" about stopping sites from collecting information
about them, 26% say they know just "a little"
and a mere 9% claim to "know a lot".
Lawrence Lessig, author of the influential Code &
Other Laws of Cyberspace (New York: Basic Books 1999)
wrote in 2001 that
after years of inaction, Congress is finally coming
to see that privacy on the internet won't take care
of itself. The mystery isn't that self-regulation failed;
the mystery is why anyone thought it would succeed.
Data is money. It is a resource that the present architecture
of the net gives away for free. And just as the industrialists
of the 19th century were not about to give up free air
and water without legislative intervention (read: pollution
laws), so too will net commerce not relinquish free
data in the name of something as obscure as privacy.
Australia, whether we like it or not, privacy is an issue.
Australians need to understand why that is so and need
to act accordingly, as information owners, users and intermediaries.