The significance of the insignificant
I watched yesterday’s parliamentary committee session on privacy and injunctions with interest – after all, privacy is one of my subjects. See here. The excellent David Allen Green (of Jack of Kent fame) gave the committee a number of lessons both in law and technology, and Guido Fawkes (Paul Staines) tormented them with the reality of the modern world. It was entertaining stuff – and yet the more I watched, the less it seemed to be connected with what I see as the biggest and fastest growing problem that the internet in particular represents in terms of privacy.
That came to a head when Guido Fawkes made the remark that ‘privacy is just a euphemism for censorship’. It was a good soundbite – and fitted some excellent subsequent tweets – and he certainly had a point when considering the way that privacy has been used to protect the rich, the famous and the influential, particularly in relation to super-injunctions, one of the key subjects being discussed by the committee. As a football fan, I’ve hardly been able to blink this year without hearing another piece of gossip that I’m not allowed to know, let alone talk about. However, there’s another side to privacy, one to which neither the committee nor the witnesses before them seemed to pay any attention. The side of the insignificant.
Insignificant people have the right to privacy too
The focus of both the committee and the witnesses, entirely understandably given their remit, was on the privacy of what might loosely be described as ‘significant’ people. And yet ordinary people, ‘insignificant’ people, have a right to privacy too. Protecting their privacy, except in unusual circumstances, isn’t anything to do with censorship. It’s about autonomy. It’s about the right, as Warren and Brandeis put it so long ago, to be left alone. The right to live, to enjoy the fruits of our modern society freely and without excessive interference.
By focussing on privacy as protecting significant information about ‘significant’ people, we miss what is, in many ways the far more important issue of the lack of control over the gathering of insignificant information about ‘insignificant’ people.
The result is that what is seen as ‘privacy’ – insofar as it is protected by law (and David Allen Green gave yesterday’s committee an excellent exposition of the inadequacies of that law) very often ends up protecting the ‘wrong’ people in the wrong ways, and failing to protect the right people in the right ways.
Insignificant invasions of privacy matter
Protections against the significant stuff, particularly for significant people is already provided. The law protects against defamation – perhaps excessively, at least in the eyes of the supporters of libel reform – and ‘significant’ people can and have used that law to provide that protection, but provides little in the way of protection for ‘insignificant’ invasions of privacy.
Why is this? To a great extent it is because these ‘insignificant’ breaches of privacy are seen as, well, insignificant. On their own, that may even be appropriate. What does it matter if someone knows what I had for breakfast this morning, or what kind of music I’m listening as I type this blog? Each individual fact gathered this way doesn’t seem to matter at all – and yet they do matter. They matter philosophically – they’re really my business, and no one else’s – but they also matter in a much more important way. In this digital world of ours, they’re used to profile me, to categorise me, to determine what advertisements I receive on the internet, perhaps what content I’m shown, what links I’m provided with. They might determine what prices I’m offered for insurance, for plane tickets and so forth. They might be used to ‘rate’ me (I’m not even going to start on Klout) in other ways. They might be used to assess my likely political leanings – perhaps just for advertising at the moment, but after that….
Yet far less attention is paid to them than the ‘obvious’ side of privacy. Even on social networking sites like Facebook, attention is paid to the ‘significant’ privacy problems – compromising or clearly embarrassing photographs for example, rather than the much more financially important detailed profiling and social mapping data that are the basis of Facebook’s business model. Do the compromising photos matter? Yes, of course they do, but ways are already being found to deal with them, through education of the users, or at least greater understanding from the users, something which has at least some chance of succeeding. As for the profiling data, few people seem to care that much at all.
Changes are needed
There are all sorts of legal problems with dealing with insignificant stuff. There is a need to show damage – and individually insignificant facts aren’t damaging, and even profiling isn’t necessarily directly ‘damaging’ in financial terms. There is the thorny issue of consent – do we consent to all this data gathering and use through the various terms and conditions we never read? Do we, as the recent Wikileaks/Twitter ruling suggests, have no real expectation of privacy in our Internet dealings?
As it stands, there is little to help. Law doesn’t seem to cut it – for all the valiant efforts of the Article 29 Working Party and others. Politicians in general seem neither to understand nor to care. Business models, particularly on the internet, almost rely on these invasions of privacy. We need to change that. To protect the insignificant, we need a change in approach, a change in infrastructure, and a change in business plans. We need to understand and control online tracking. We need opt-in, not opt-out, we need explanations that actually explain, and we need a whole lot more. Most of all, we need better understanding that privacy is more than just a way for the rich and powerful to protect themselves. It’s about all of us.
The privacy of the insignificant hasn’t needed protecting before – only in this digital age can their insignificant events be gathered, or processed into something significant – so the law hasn’t been needed to protect them, and hasn’t developed a form that can protect them. It needs to now.
This blog first appeared http://symbioticweb.blogspot.com.
Paul Bernal (@PaulbernalUK) is a lecturer in the UEA Law School, specifically in the fields of Information Technology, Intellectual Property and Media Law. His research relates most directly to human rights and the internet, and in particular privacy rights.