But What Is Privacy Anyway?
In today's newsletter, I would like to talk about what privacy is and why protecting it is essential to foster values such as freedom, autonomy, and human dignity in the digital age.
First, there are plenty of academic definitions of what privacy is. One of the first definitions and that is still very much cited, is Warren & Brandeis' "privacy is the right to be let alone." The authors famously wrote:
Thanks for reading Luiza Jarovsky's Weekly Newsletter! Subscribe for free to receive new posts and support my work.
“Recent inventions and business methods call attention to the next step which must be taken for the protection of the person, and for securing to the individual … the right ‘to be let alone’ … Numerous mechanical devices threaten to make good the prediction that ‘what is whispered in the closet shall be proclaimed from the house-tops.’”
The quote above could have been written in 2022, but it was done in 1890. Therefore, for at least 130 years, technological inventions have already been used to invade and threaten an individual's personal space.
At that time, as Luisa Rollenhagen wrote, "the concept of privacy mostly centered on limiting the government’s control over individuals’ bodily autonomy, a debate that featured most prominently in cases like Roe v. Wade" - which was recently overturned. Additionally, by 1890, the technological concerns were over activities such as unsolicited photography and wiretapping, a very different techno-economic scenario from what we see today.
The next milestone in privacy definitions can be attributed to Alan Westin. In 1967, he wrote "Privacy and Freedom", where he defined privacy as:
"the claim of individuals, groups, or institutions to determine for themselves when, how, and to what extent information about them is communicated to others"
In the 60s, Westin had already realized that privacy is not only related to the invasion of a person's personal space but also to the rules that regulate the communication about someone's personal information, which should respect autonomy and individual control. Today - differently from the 60s - there are giant platforms intermediating almost every aspect of how we interact with the world, and it is often not clear how they process or use our personal information. However, despite the difference in character and scale, the idea that there are data transactions and that individuals should be "in control" of these transactions is central to most data protection laws in the world today and is the foundation for the "informed consent" element in these laws.
Informed consent in data protection law expresses the idea that, to collect or process personal data, the data subject (the individual from whom data is being collected) must be properly informed of the operation that will be conducted and agree with it. The EU General Data Protection Regulation (GDPR), which entered into force in May 2018, can be said to represent an advancement to informed consent, as it refined what elements should be present so that a certain manifestation of consent can be deemed lawful. The GDPR, in its article 4 (11), stated that:
"‘consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her"
And in article 7, the GDPR established four conditions for consent:
Where processing is based on consent, the controller shall be able to demonstrate that the data subject has consented to processing of his or her personal data.
If the data subject’s consent is given in the context of a written declaration which also concerns other matters, the request for consent shall be presented in a manner which is clearly distinguishable from the other matters, in an intelligible and easily accessible form, using clear and plain language. 2Any part of such a declaration which constitutes an infringement of this Regulation shall not be binding.
The data subject shall have the right to withdraw his or her consent at any time. 2The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. 3Prior to giving consent, the data subject shall be informed thereof. 4It shall be as easy to withdraw as to give consent.
When assessing whether consent is freely given, utmost account shall be taken of whether, inter alia, the performance of a contract, including the provision of a service, is conditional on consent to the processing of personal data that is not necessary for the performance of that contract.
After writing a thesis about informed consent in data protection law, for a long time, I considered Westin's approach to privacy - which involves autonomy and individual control - the most relevant approach to our current data protection challenges. I used to argue that improving informed consent in the context of new technologies was among the most important goals that researchers, lawmakers, policymakers, industry leaders, and privacy advocates could focus on, as individual autonomy was at the core of what made us free in the digital world. But then it became clear that I was wrong. Privacy is much more than consent or control over how our information is transmitted or used. Privacy in a world immersed in surveillance capitalism means the protection of who we are as humans, our personal space to live our lives, explore the world, make decisions and choose what is best for us. Almost every aspect of our life today is intermediated by giant platforms and influenced by commercial entities' goals, which employ machine learning-trained algorithms and dozens of skilled professionals in various fields wanting to observe, map, classify and manipulate our choices and behavior.
It is hard to be "just human" today and compete with all those powerful systems trying to influence every aspect of how we think, behave and choose to live our lives. And that is where privacy comes into play. Privacy is also about human dignity, or simply said, about protecting our private space as humans. As Prof. Luciano Floridi said:
"The protection of privacy should be based directly on the protection of human dignity, not indirectly, through other rights such as that to property or to freedom of expression"
"privacy is essential for humans to flourish and enable individuals to build a sense of self and the world"
Therefore I went from Westin to Floridi and today, I see that privacy has a much bigger role than protecting an individual's personal space, enabling control over information flows, or regulating the lawfulness of a certain notice or consent manifestation. Privacy must be seen as a group of efforts to protect our most intimate and fundamental human characteristics.
See you next week. All the best, Luiza Jarovsky