Today, every moment of our waking lives is being charted. From CCTV cameras tracking our every step and the proliferation of cameras in the hands of mobile phone users and the loyalty cards that we hand over at the supermarket.
Even in the solitude of our own homes, we leave a trail of virtual breadcrumbs, as advertisers track how we flit from one website to another. Microbloggers can disseminate gossip at lightning speeds. And if the UK government gets its way, the very firms we rely on to provide us with access to the information superhighway will be recording our every move.
In all, our lives are now subject to an unprecedented level of snooping that Jonathan Zittrain, Harvard University professor of Internet law, describes as a “hyperscrutinised reality”.
Our privacy, it seems, is under threat.
Indeed, privacy has been declared dead on numerous occasions. At the turn of the millennium, Andy Grove, then chairman of chipmaker Intel, warned Esquire magazine that privacy was to be “one of the biggest problems in this new electronic age”.
“At the heart of the Internet culture is a force that wants to find out everything about you. And once it has found out everything about you and 200 million others, that’s a very valuable asset, and people will be tempted to trade and do commerce with that asset,” he said.
And while comments made by Facebook’s fresh-faced chief executive, Mark Zuckerberg, in 2010 created a deluge of criticism – few people respond warmly to being told that the era of privacy is over – he was hardly the first to say it.
A decade earlier, then Sun chief executive Scott McNealy created a similar stink when asked about privacy protection in one of his company’s new gizmos. “You have zero privacy anyway. Get over it,” he retorted.
But not everyone has called time on privacy. Jörg Pohle, a political and computer scientist at Berlin’s Humboldt University, argues that privacy is not dead.
In fact, he says, it is far too broad and context-dependent a concept to ever really die.
Privacy, Pohle says, is a “multi- dimensional concept on different layers of abstraction, in different realms, and in different domains of science. It is therefore no surprise that privacy has many different meanings.”
To Pohle, privacy is a concept that is inextricably linked to how individuals perceive their freedoms within modern Western societies. “Privacy will never be outdated unless we abolish the liberal and humanistic democracy that we’re living in today,” he argues.
This is what makes privacy one of the gnarliest challenges for those with responsibility for handling personal data. It is culturally malleable, and some people think it doesn’t even exist. But others care for it deeply, and invading a customer’s privacy – as they perceive it – is a good way to lose their business.
Subjective interpretations of privacy
Pohle’s view of privacy has its roots in the conception espoused by Boston lawyers Louis Brandeis and Samuel Warren in a landmark article published in the Harvard Law Reviewin 1890. In it, the two partners argue for a right to privacy – an inalienable component of people’s fundamental rights – that the state should protect with the same vigour as people’s right to be protected from physical violence.
“The intensity and complexity of life, attendant upon advancing civilization, have rendered necessary some retreat from the world, and man, under the refining influence of culture, has become more sensitive to publicity, so that solitude and privacy have become more essential to the individual; but modern enterprise and invention have, through invasions upon his privacy, subjected him to mental pain and distress, far greater than could be inflicted by mere bodily injury,” they wrote.
Their view that the law should be able to protect people from outside prying was inspired by the “idle gossip” that they saw filling the newspapers, but the notion that people should be able to expect privacy within their own homes resonates powerfully, even today.
But whereas Brandeis and Warren regarded privacy as a fixed aspect of human dignity, today’s legal ideas of privacy suggest that it is a far more fluid concept.
In the UK, there was no legal basis for a right to privacy until the Human Rights Act came into force over a century after Brandeis and Warren’s seminal paper. The HRA gave Britons a right to private family life and correspondence, but the legal position on what constitutes this view of privacy has emerged following a series of legal tussles, largely centred on what the media has said about celebrities, says Tim Pinto, senior counsel at law firm Taylor Wessing.
And there are some important caveats to this right to privacy, as defined by the HRA, says Pinto: “For a start, it is not absolute.” The HRA, much like Brandeis & Warren’s paper, notes that there are limitations to the right to privacy. Most notably, Article 10 gives people the right to freedom of expression, so the courts have often had to test where to strike the balance, Pinto adds.
The tensions between those two aspects of the HRA were evident in a recent legal dispute concerning footballer Rio Ferdinand, says Pinto. Ferdinand had hoped to use the HRA to prevent newspapers from printing articles about an extramarital affair, but the court ruled that his right to privacy was outweighed by the papers’ right to freedom of expression in part because the public had expectations about his conduct as captain of the England team.
Being England captain of course makes Ferdinand an exceptional case, but how ordinary individuals behave can have an impact upon their legal right to privacy.
Pinto points to social networking services such as Twitter, which allows users to broadcast the minutiae of their daily lives to anyone who wants to listen in, and Foursquare, which allows users to tell the world about where they have been. “If you use social media with little consideration about privacy settings then that may well affect how courts see you as a private individual,” he says.
Privacy and data handling
For most businesses, the risk of infringing customers’ privacy arises when they need or want to share data with other organisations. In this context, using human intuition to align intricate data handling processes with such a subjective concept as privacy is difficult, if not impossible, so conscientious businesses have typically addressed privacy as a compliance issue. In the UK, that means adhering to the Data Protection Act.
One of the Act’s key tenets, as imposed by the European Commission’s Data Protection Directive, is that any information that can be used to identify an individual cannot be shared with a third party without their consent. If an individual is happy for data to be shared, it is fair to assume that their privacy is not being breached.
That consent is typically granted when a customer agrees to the terms and conditions of a product or service. But the law requires that consent is informed – i.e. they understand what they are agreeing to. Whether or not an impenetrable ream of text followed by a tick box constitutes informed consent is highly debatable, and pressure is mounting on organisations to provide greater clarity on what customers are signing up for.
Sally Annereau, a data protection analyst at Taylor Wessing, says, “The changes to European data protection legislation currently being proposed would make the requirements to gain explicit consent to data sharing even more rigorous.”
But it is not just data sharing that threatens to infringe on customer privacy. Even within an organisation, drawing connections between items of data relating to an individual may infringe on what Pohle describes as a fundamental human right – to choose which facets of their persona they wish to present to society, and how.
As individuals, we may demonstrate distinct behaviours based on particular roles – and it is the individual that has the right to dictate which face they present in public, Pohle says. For example, an iron- fisted prison guard may be as soft as cygnet down when playing with his grandchildren.
If organisations are able to correlate data in such a way that connects the different roles of an individual, they know more about that person than “is commensurate with our Western, democratic, humanistic idea of man,” he says.
The current trend in enterprise technology – towards advanced analytics and big data – could boost organisations’ ability to pull together seemingly unconnected information about our lives. Does big data threaten our ability to control how we are perceived?
Jeff Jonas, IBM’s chief scientist in its Entity Analytics Group, hopes not. He has been working on a real-time big data analytics engine – dubbed Sensemaking – that aims to make sense of new observations as they happen, fast enough to make meaningful interventions. So far, so much like any number of big data projects.
Where Sensemaking is different, he claims, is in its approach to privacy. “This technology may have more baked-in privacy and civil liberties enhancing features than any advanced analytics software ever engineered,” boasts Jonas.
Jonas has worked with Anna Cavoukian, information and privacy commissioner in Ontario, Canada, to develop an analytics framework entitled ‘Privacy by design in the era of big data’.
Privacy by design describes an approach that ensures safeguards are built “directly into the design, not only of technology, but also of how a system is operationalised – work processes, management structures, physical spaces and networked infrastructure”.
In effect, the privacy by design approach demands that systems are engineered to consider the privacy implications of analyses before they are undertaken. For that to be possible, it has to be assumed that those designing systems are able to define what they believe privacy to be.
Jonas admits that his team spent the first year of Sensemaking’s design process trying to assemble “as many advances in privacy and civil liberty protections as we could fathom at the time”.
Others, such as Harvard’s Zittrain, argue that, rather than looking for technology to accommodate our need for privacy, our attitudes towards privacy will shift to accommodate technology. So while today’s recruiters might look on in horror at a candidate’s Facebook-documented shenanigans, before too long those recruiters will have an unexpurgated, Internet-documented life history too.
As Taylor Wessing’s Annereau says, “It might be that new generations are more used to dealing with privacy settings. But it might just mean that they’re more accepting of teenage follies.”