Skip links

Who Decides what Privacy is?

Analysis: What is privacy ? When companies and governments emphasize their special role as protectors of the right to privacy, one might be led to believe that we in society have a shared understanding of what privacy is. But although we do formally have a right to privacy that is described in international agreements, we have never formally agreed upon a shared understanding of what privacy is.

On 13 June the UN’s new rapporteur on the right to privacy Joe Cannataci visited Denmark. He was invited by and Institute for Human Rights to discuss companies’ influence on the individual’s right to privacy. DuriIMG_3919ng a morning workshop with representatives from key Danish organizations and leading experts in Denmark, Cannataci emphasised the fact that there is no formally binding and universal definition of privacy. This impedes the enforcement of the right, he said. And therefore he is now working towards developing a shared understanding of the concept. For very practical reasons. Because how can we regulate a specific business practice if we do not have the same understanding of the problems it creates for the individual’s right to privacy?

Numb by definitions

Formally we have a right to privacy that is described in internationally agreed conventions and declarations, including the right to data protection. But we have never agreed upon the very content of this human right, that is; a shared understanding of what privacy is. This means that we end up silently and unformally agreeing to a variation of culturally (and heavily interest driven) definitions. In the Internet commercial era, we’ve for example accepted the terms and conditions of the “Digital Declarations”  (to quote the retired, but still very active, Harvard professor Shoshanna Zuboff) made by the big data corporations (and governments) without questioning their roots and embedded interests. “Big data” is  innovation and growth. “Privacy is social”.  “Privacy is contra security” etc. etc. We are left with a range of competing definitions which at best leaves us (the citizens and the enforcers) numb.

Oil, Needles and Genes

There is a secret battle of words going on. The battle is about the definition of what privacy is. And although privacy as such is in fact only something the individual can claim (companies and states can not) , the individual has always been very absent in the very development of the definition.

Originally privacy was defined in international agreements between governments as the absence of state interference in citizens’ private life (and family life, home and correspondence) – a ‘negative right’ so to speak. But they soon found out that this also included some obligations that secured this right in legislation and the enforcement of this – the positive obligations. (These obligations were defined and tested in a range of legal cases (check out e.g. the case law of the ECHR). And we’ve added legal data protection instruments such as the GDPR or convention 108 etc. in Europe).

That was before the time of the Internet. Today, where the default setting for our digital life is by and large public by default, new definitions are emerging. Governments are beginning to define privacy as the needle’s right not to be found in a decrypted haystack of data (the bulk data or mass surveillance model). And Silicon Valley tech giants define privacy as all the things we agree to share (“the privacy settings” or the so called “consent model”, the “privacy policy” that actually should be called “data sharing policy”) – that is, all of your data to them, zero privacy to you. But where is the individual in all of this? We are seeing a rising movement in user demands and actions. Ad and content blockers, increasing use of privacy tools. Even a big move of users to more privacy friendly services where they feel more in control of their data. But we don’t hear their voices. What are their privacy needs, demands, identity and developmental requirements? What type of privacy empowers them?

There’s a battle of discourses going on and it is very difficult to see the individual, the citizen in all of this. Is privacy something we can trade with (See The Second Digital Divide)? Is our data the new oil? Is it the property of our governments that can choose whenever they want to look for us in a gigantic haystack of online data? Or is it something completely different? Perhaps data is in fact like a person’s genes, the individual’s unique characteristics, and perhaps the analysis of this data should be likened to genetics? (and if this is the case, then the concept of privacy is intrinsically linked to our online data… if anyone was wondering about that). How do we talk about enforcement then? Do we need trading rules for the tools that deal with our valuable data oil ? Or is what we actually need a new ethics of our digital data genetics?


Data Ethical Businesses to Define Privacy

There is a rising movement within business development that is responding to the privacy needs and demands of individuals. These new businesses are innovating from the point of view of the individual. A strangely enough new definition of privacy, but only strange because it is actually a new thing to take into account the “privacy needs” of the individual when privacy is defined in the corporate world and society in general. And its even done in a very business like manner. The privacy demands of the individual are by these businesses prioritized just like any other customer demand that a business normally would cater to when it explores the market, innovate and develop. We are for example seeing new business models that are not based on the monetization of personal data. New tech developed to minimize data collection, not maximize it. Ethical businesses that go beyond the mere compliance with the law. Innovation driven by privacy by design principles.

A Universal Understanding of Privacy

Joe Cannataci is in his latest report urging to create a Universal Definition of Privacy: “A priority issue such as up-dating legal instruments through an expanded understanding of what is meant by the right to privacy would seem to be an essential starting point. There appears to be a consensus amongst several stakeholders that one of these legal instruments could take the form of an additional protocol to Art. 17 of the ICCPR26 wherein the SRP is being urged “to promote the opening of negotiations on this additional protocol during his first mandate” “(p.19) As part of his mandate as Privacy Rapporteur he is therefore now launching public debates in different world regions that aim to build a better understanding of what privacy is.

Cannataci sets of the debate by describing the right to privacy as an “enabling right”, interlinked with human dignity and the ability to develop one’s personality freely and unhindered. That sounds very much like a definition of privacy from the individual’s point of view. At last we hear this definition…. and at last we see an actual move towards a definition based on the interests of the individual (whose privacy and life this actually concerns). (and let’s please be quick, because just around the corner awaits the complex privacy implications of new intelligent, autonomous systems)