last modified: 2017-11-13
1. Privacy: just one aspect of data protection
2. When is personal information considered "data"?
At the most basic level, anything could count as "data" with possibly a personal character to it, including comments written about somebody in a personal notbook.
In practice, "data" starts to to be considered as such when:
This is information capable of being processed automatically
→ Hint: data on computers, not unstructured written notes
Or infomation intended to be processed automatically
→ Hint: paper records to be fed in a computer (eg, via scanning), not any pile of paper on your desk.
Or structured information that can be used to facilitate the retrieval of specific information on specific individuals
→ Hint: paper records, filing systems, databases
3. Personal data matters because of privacy
Personal data are any anonymous data that can be double checked to identify a specific individual (e.g. fingerprints, DNA, or information such as “the son of the doctor living at 11 Belleville St. in Montpellier does not perform well at school”).
Personal data is data that an individual has the right to keep private. How and why is privacy an issue?
Privacy is mentioned in the Article 12 of the 1948 Universal Declaration of Human Rights:
No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honor and reputation. Everyone has the right to the protection of the law against such interference or attacks.
This article from the Declaration is found in similar forms in most of the conventions on human rights in the world.
This right to privacy enables individuals to define their identity in relation to the world, by giving each individual the power to control what to keep for themselves, and what to reveal / share with the world.
In 2005, a report on Privacy in the Digital Environment by the Haifa Center of Law & Technology develops:
The right to privacy is our right to keep a domain around us, which includes all those things that are part of us, such as our body, home, property, thoughts, feelings, secrets and identity.
The right to privacy gives us the ability to choose which parts in this domain can be accessed by others, and to control the extent, manner and timing of the use of those parts we choose to disclose.
In addition to shaping an individual’s own personal sphere and identity, privacy also underpins the development of a relation between the individual and the society she is part of:
→ when an individual’s privacy is secured, they don’t have to fear that their personal opinions and activities (as simple as reading a newspaper) will endanger them as citizens.
→ this gives liberty to individuals to develop political expressions which do not necessarily conform with the power structure in place. This would be much harder if everyone’s political opinions could not be kept private.
4. Evolution of privacy
Privacy is a social norm which transforms as societies evolve. Since the 2000s, a couple of tendencies can be identified:
increasing tracking of the digital traces left by individuals by companies which use these traces for ad targeting and data reselling
increasing state surveillance through digital means, against security threats and unspecified goals.
broader public acceptance of new forms of violations to privacy.
For example, TV shows where participants are filmed 24/24 and where they reveal their (real or supposed) intimacy, dates back only from the late 1990s.
5. Privacy of the consumer and privacy of citizens: the relations between the two
Thanks to whistleblowers like Edward Snowden, the extent of privacy breaches by governmental agencies is now better known:
Journalists, academics, activists and NGOs such as the Electronic Frontier Foundation make the case that:
consumers are insufficently aware and sensitive of how much information is captured in the normal conduct of their lives, just by using mobile phones and apps, web browsing, and increasingly in public places.
citizens are insufficently aware and sensitive of the breach of their privacy by security agencies of their own country of residence, and by other countries.
Many citizens consider that if they don’t break the law, then they have "nothing to hide".
Similarly, consumers might find that bargaining their private data against a free service and some targeted ads, is a good deal.
Sociologist of technology Zeynep Tufekci goes further:
Her argument is that besides "surveillance" and "lack of privacy", companies like Google and Facebook developing a business model based on ad targeting by analytics on personal data, design a persuasion architecture which can be used / highjacked for political purposes.
Tufeckci does not argue that Google, Facebook or the likes inherently have anti-democratic purposes, but that:
they develop of an information architecture which has the potential to shape opinions of crowds,
they do so without transparency
some past experiments on voting in the US, and current developments on electronic surveillance in China, show that the power of these technologies has already consequences in the real world.
6. Conclusion: data protection in business, more than an regulatory obligation
The collection and treatment of personnal data by businesses has far reaching implication, and should not be considered merely from a legal standpoint by firms.
The topic engages the Corporate social responsibility of the firm.
The nature of the business model itself - profiling consumers in the most specific way - has profound consequences on the design of the environment surrounding individuals.
What are the next steps? Several trends can be identified:
legislation by political authorities to protect the public interest, especially via an obligation for transparency, in the face of more personal data being collected, for a larger variety of purposes. See our related lecture on the GDPR.
a deepening of the current model with more personal data being collected, in private spaces (homes) and behavior in relation to the public (crowd management in streets, stadiums, etc.):