Expanding Our Privacy Horizons
Our intuition may lag behind our language, but both have evolved
Last week I shared a brief intro to the idea of what privacy is, in practice. But I find you can also understand the concept better by discussing what privacy is not.
Recall that our modern usage of “privacy,” particularly in digital spaces, is an adaptation to changing technologies. I have seen some argue that privacy was a brief anomaly from eras where new kinds of anonymity became possible, claiming privacy simply did not exist in ancient cultures. No one in a small village had any privacy; neighbors were never strangers until large cities grew out of the Industrial Revolution.
But through the lens of privacy as “respecting people’s expectations, agency, and interests when handling information about them,” rather than simply “the ability to keep anything hidden” or even “the ability to remain anonymous,” you can can find traces of privacy throughout history, whether or not people referred to it as such. People may have placed different priorities on what information they cared about or had less ability to exercise their agency, but nearly all societies have valued honesty, trust, and loyalty, at least for people considered worthy.
Even so, the lack of attention to such ideas in the past also reflected the lack of technologies for enabling information flows that have now made such respect so important. Ancient societies also did not worry much about pollution, climate change, or food safety, but that provides little direction for their priority in today’s world. Comparing small-town gossip to today’s precise, always-on surveillance infrastructure capable of instantly broadcasting data to anywhere in the world focuses too much on the specific term “privacy” rather than the idea it now represents.
As the blog of this title implies, the scope of privacy now goes beyond secrecy, since the risks and advantages of new technologies stem from information flows being far more fine-grained and powerful than every before. But other more narrow views of privacy can also persist.
For example, Facebook has tended to treat privacy as a notion of access control for information added to the social graph. But this overlooks a key relationship: what about Facebook’s access to and use of the data (or metadata) they gather in that process? On the other hand, Google has often treated privacy as essentially “security applied to user data,” i.e. keeping someone’s personal information safe. But once again, this tends to focus on mediating with other parties using a service and not so much the service itself.
When privacy becomes about respecting expectations, agency, and interests, it brings all information flows and relationships into play, and raises questions not simply about what to do with data or how to go about processing it, but should that data be collected or used at all. One more contrast: this is not simply a compliance issue or meeting a regulatory bar, this is a concept involving what a company values and how it builds relationships with its customers (or others who interact with it).
Privacy is about people. Yes, that makes it inherently somewhat messy, more culturally-relative, and often difficult to quantify. But none of those aspects take away from its importance. For as long as we have built tools to mine or refine information, we have implicitly confronted how we handle people’s privacy. Today, the responsibility of tech companies to more explicitly confront and define their approach to privacy grows with every new product and feature they create.