Definition(s) of Privacy
I pulled most of this from my dissertation proposal and I'm publishing it in the hope that someone will find it a useful starting point for their own definition of privacy, or in their scholarly work.
While there certainly is no consensus about what privacy is, a brief discussion of the ways of understanding privacy helps to reduce our chances of misunderstanding each other, and increase our chances of agreeing on the value of privacy. After this brief overview, I will discuss two privacy frameworks useful to the analysis of preservation and privacy: the privacy framework described by Daniel Solove (2008) and the framework described by Tavani (2007). I think these two frameworks are really useful in understanding privacy.
The Social Construction of Privacy
There are a variety of ways to understand privacy, such as social norms, statutory law, case law, and “privacy frameworks,” but what we regard as privacy is socially constructed. Different cultures understand privacy differently, an understanding that changes over time, and is not necessarily internally consistent or generally accepted within the culture at any particular point in time. The concept of privacy is also constantly negotiated among individuals and among groups, and the result of these negotiations is situation dependent.
For example, standing close to a perfect stranger on the subway with your hand touching hers as you hold the sway bar may be acceptable during rush hour, but at 11:00 AM when the subway is nearly empty, this same physical closeness would most likely be considered a privacy intrusion.
I discuss social norms, statutory law and case law in more detail in the following section. Social norms can represent the values of a culture and shape statutory and case law. Statutory and case law that protects privacy can also be said to define privacy. These laws circumscribe a range of activities or states that are normatively or descriptively considered “private”. I will refer to multifaceted discussions of privacy by legal, privacy or information scholars as privacy frameworks.
Social norms can be said to represent the values and beliefs of a culture and vary over time. Changes in social norms can indicate or precipitate changes in the concept of privacy. New statutory and case law may shape and influence social norms, just as changing social norms may inspire legislators to craft new statutes and judges to interpret existing laws differently.
Literature, popular culture, and the news media can have a strong influence on establishing norms. Our shared experience with popular culture often influences the range of topics we are comfortable discussing in public. Academic research can also influence social norms and the definition of privacy, particularly if that research finds its way into popular culture. The first Kinsey report, Sexual Behavior in the Human Male in 1949 (Pomeroy, Martin, & Kinsey, 1949), is one such example.
Events that garner national attention, such as terrorist attacks, also can set or change social norms. The attacks of September 11, 2001, had a profound effect on the general perception of safety and security among United States citizens. There were a number of anecdotal reports of changes in behavior that could be indicators of changes in social norms: a shortage of American flags, increased sales of gas masks, increased sales of duct tape, and an increase in the creation of neighborhood watch programs.
Less sudden, but equally as profound changes in social norms are currently taking place according to Palfrey and Gasser in Born Digital (2008). Palfrey and Gasser talk about the effects that the Internet, social networking and pervasive access to digital technology such as cell phones and digital video cameras are having on the current generation of young people, whom they refer to as Digital Natives. “Digital Natives’ ideas about privacy, for instance, are different from those of their parents and grandparents” (p. 7). It may be that these new ideas about privacy become the social norms of the near future, or it may be that these young people come to identify the personal information and photographs they have posted on the Web as threats to their privacy.
In addition to, and often in conjunction with, social norms, statutory law can be used to understand privacy. The ideas of privacy and defending privacy from threats have deep roots in human history. Societies have used law to protect privacy since biblical times, and businesses, governments and individuals have violated these laws for equally as long. Carpenter and Meriweather explored the roots of privacy in their Supreme Court brief in Kyllo v. United States (Carpenter & Meriweather, 2000). Looking as far back as the Code of Hammurabi the authors found reference to special protections of the home. Article 21 of the Code of Hammurabi states “If any one break a hole into a house (break in to steal), he shall be put to death before that hole and be buried” (King, 2004, p. 5). The protection of the home as private makes up one part of our contemporary understanding of privacy.
The Family Educational Rights and Privacy Act (FERPA) of 1965 (20 U.S.C. § 1232, 1965) FERPA protects the privacy of students’ educational records, giving students increased control over the use and release of their educational records and personal information.
The Freedom of Information Act (FOIA) of 1966 (5 U.S.C. § 552, 1966) created a mechanism for citizens, citizen groups, and others to request access to government records, thereby increasing government transparency. The Omnibus Crime Control and Safe Streets Act of 1968 (42 U.S.C. § 3789, 1968) protected privacy by requiring federal agents to acquire a warrant prior to installing electronic surveillance devices and created other regulations governing how electronic surveillance could be conducted.
The list of examples above, while not exhaustive, offers a brief overview of different statutory laws that can be used to understand privacy.
Case law is yet another way to understand privacy. Case law codifies the societal interpretation of privacy in the context of the court case that is being decided. While this interpretation can change over time, the decisions made by courts help privacy scholars and society understand the boundaries of privacy.
The U.S. mail offers an early example of communication technology leading to a reassessment of the legal protection of privacy. The first sealed envelopes became widely available in 1845, increasing the public expectation of postal privacy (Pope, 1997). In 1878, the Supreme Court tested this privacy expectation in Ex Parte Jackson (96 U.S. 727). The court ruled that sealed letters, packages, and envelopes are protected by the Fourth Amendment from search, whereas open format mail such as newspapers, magazines, and pamphlets that can be read without intrusion into a sealed envelope are not protected.
One of the first major Supreme Court cases directly related to privacy was Olmstead v. United States in 1928 (277 U.S. 438). Olmstead focused on whether a wiretap without court oversight was a violation of the defendant’s Fourth and Fifth Amendment rights. Justice Taft wrote the opinion of the court stating that the method of acquisition of evidence did not have an effect on whether that evidence can be used at trial. The court upheld the conviction; evidence obtained through wiretapping without judicial oversight was admissible.
This Supreme Court decision affirmed the common approach to evidence gathering that law enforcement had taken to enforce prohibition laws; wiretapping was not an illegal search and seizure since the wires that carried the conversation were outside the home or office. The Fourth and Fifth Amendments would cover only the private physical space; the conversation was not protected. Justice Brandeis wrote a dissenting opinion in this case that would later be used in Katz v. United States (389 U.S. 347, 1967) to overturn this precedent.
As we see from these examples of case law, the judicial branch interprets statutory law. The meaning of a law and how that law should be applied changes over time, often influenced by social norms and statutory law. These three elements, social norms, statutory law and case law, have been combined by privacy scholars in different ways to explain privacy in what I refer to as privacy frameworks.
A number of scholars have developed explanations of privacy that include many of the components that we have already discussed, and are valuable to this study because these privacy frameworks allow for a more robust and complex discussion of privacy. The work of the scholars that I have chosen to discuss represents both respected explanations of privacy at different points in time, and a variety of different approaches to explaining privacy. This list is by no means a comprehensive one, but rather illustrative of the kinds of arguments that privacy scholars erecting frameworks typically make.
One of the most well known is discussed in an article written by Samuel Warren and Louis Brandeis for the Harvard Law Review in 1890. This article laid out what was popularly referred to as the “right to be let alone” (Warren & Brandeis, 1890).
Alan Westin published Privacy and Freedom in 1967, defining privacy using four different elements: intimacy, anonymity, solitude, and reserve. There were a number of other frameworks of privacy developed in the 1990’s. In 1992, Ken Gormley described privacy in the Wisconsin Law Review (1992). Gormley’s description relied heavily on legal terms: tort privacy, Fourth Amendment privacy, First Amendment privacy, fundamental-decision privacy, and state constitutional privacy. In 1997, Judith DeCew wrote In Pursuit of Privacy: Law, Ethics and the Rise of Technology (1997) where she asserts three categories of privacy that combine to create an overall definition of privacy: informational privacy, accessibility privacy, and expressive privacy. In the Stanford Law Review, Jerry Kang wrote “Information Privacy in Cyberspace Transactions” (1998) where he discussed three overlapping concepts that he used to explain privacy: physical space, choice, and flow of information.
James Moor (1997) and Herman Tavani (2007) describe the Restricted Access/Limited Control (RALC) model of privacy. This model distinguishes the articulation of the concept of privacy from the justification and management of privacy. The RALC model defines privacy as an affirmative state; one has privacy in a particular situation if one is protected from “intrusion, interference and information access by others” (Moor, 1997, p. 30). The RALC model allows for the separation of the description of privacy from the protection of privacy. It also allows for the articulation of whether privacy was lost, invaded or reduced, depending on a number of different contextual elements. In addition, the use of the term “situation” in the definition of privacy recognizes the social construction of privacy, allowing definitions to be context dependent.
The RALC privacy framework will be useful in analyzing whether the preservation of social networking records implicates privacy to the extent that the framework allows for the separation of the definition, justification and protection of privacy. This theoretical separation will allow me to compare the competing claims made by archivists and privacy scholars with the expectations of social networking subscribers.
In Understanding Privacy (2008), Daniel Solove proposes an inductive approach to describing privacy. Rather than discuss privacy deductively by starting with a broad concept and determining whether examples of specific acts are privacy violations and according to that concept, Solove takes what he refers to as a “bottom up” (p. 9) approach. He uses the concept of “family resemblance” (p. 42) taken from Ludwig Wittgenstein to characterize his description of privacy.
This inductive method allows for a pluralistic description of privacy. Each example of a privacy violation does not need to be included in a monolithic, unifying, top-down conception of privacy. Rather, the range of activities that Solove identifies as constituting privacy all have, according to Solove, something in common that allows them to be collectively labeled “privacy.”
Solove refers to pragmatists John Dewey and William James when he grounds his approach to determining what can be considered privacy. These “classical pragmatists” (p.46), as he refers to them, focus on specific situations and embrace pluralistic, context specific concepts. Solove uses this approach when he decides to focus first on privacy problems rather than a broad definition of privacy. By focusing on problems rather than a top-down definition, context becomes important to describing privacy. An action taken in one context may be an egregious violation of privacy, whereas in another context the action may not be a privacy violation at all. According to Solove, a privacy problem exists when particular activities are disrupted. Solove’s taxonomy facilitates the discussion of the role of context in privacy problems, which will be particularly useful as we examine whether privacy is implicated by digital preservation of social networking records.
Solove proposes four activities that create privacy problems: information collection, information processing, information dissemination, and invasion. Each activity includes the particular forms listed below:
1. Information Collection
2. Information Processing
d. Secondary use
3. Information Dissemination
a. Breach of confidentiality
d. Increased accessibility
b. Decisional interference.
The Right to Delete
The concept of “the right to delete” will also be useful in analyzing the implications of digital preservation of social networking records for privacy. Within each of the selection and appraisal methods we have discussed earlier, there is an assumption that some records may be deleted or destroyed by the records creators. This act can be intentionally thwarted, such as when an email management system creates a record of emails that have been deleted, but in social networking there are multiple layers of service providers with copies of the records that can be deleted.
Therefore, once the subscriber deletes a record he has access to on the service, copies of the records may still exist in multiple places. In addition, access to the record may be denied to the service subscriber or the public, creating the illusion that the record has been deleted, but the record may still exist on backup tapes and other hardware, including the service subscriber’s hard drive, can create a persistent threat to privacy. Ohm discusses the right to demand deletion (Ohm, 2005; see also Palfrey, 2008, p. 291), a fourth amendment protection based on the property right to destroy. This right to destroy cannot be exercised if a copy of the original record is stored somewhere out of control of the original creator.
The longer these records exist, the greater the cumulative threat to privacy. Each additional day of storage could expose those data to an additional request or data-mining attempt, such as the chance that the service provider will share records with law enforcement or third parties.
I hope this brief overview of privacy is helpful, and that it can stand as a small step in increasing the clarity of conversation around privacy, and help us estimate the value of privacy in a way that is consistent with our social norms.
Please leave a comment and let me know if I have missed anything - your favorite theory or framework of privacy, for example, or if you have found this article useful.
Carpenter, J. M., & Meriweather, R. M. (2000). Kyllo v. United States, 533 U.S. 27 (2000). Brief Amicus Curiae of the DKT Liberty Project in support of Petitioner.
DeCew, J. W. (1997). In pursuit of privacy. Ithaca, NY: Cornell University Press.
Gormley, K. (1992). One hundred years of privacy. Wisconsin Law Review, 4, 1335 - 1441.
Kang, J. (1997). Information privacy in cyberspace transactions. Stanford Law Review, 50, 1193-1297.
King, L. W. (2004). The code of Hammurabi. Whitefish, MT: Kessinger Publishing.
Moor, J. (1997). Towards a theory of privacy in the information age. Computers and Society, 27(3), 27-32.
Ohm, P. (2005). The Fourth Amendment right to delete. Harvard Law Review Forum, 119(10), 10-18.
Palfrey, J., & Gasser, U. (2008). Born digital: Understanding the first generation of digital natives. New York, NY: Basic Books.
Pomeroy, W. B., Martin, C. E., & Kinsey, A. C. (1949). Sexual behavior in the human male. W. B Saunders Company.
Pope, N. (1997). Envelopes in the machine age. EnRoute, 6(2). Retrieved from http://postalmuseum.si.edu/resources/6a2o_envelopes.html
Solove, D. J. (2008). Understanding privacy. Harvard University Press.
Warren, S. D., & Brandeis, L. D. (1890). Right to privacy. Harvard Law Review, 4, 193-220.