I’ve been trying lately, in preparation for the speech I’m giving at SASI conference on Saturday (there is still time to register!), to distill a definition of privacy that is easy and palatable to understand. I keep returning to the notion that privacy is ultimately about control of information, not about keeping things secret (a popular misconception). This is really an “aha” moment that I’ve had that most people don’t yet understand. Hopefully, this post will give you that aha moment.
On one of the mailing lists I’m on, a question was posted about ownership of data. Who owns certain data about you? As a list participant pointed out, ownership of data is really not an operative term. Data, unlike creative works, can’t be copyrighted. Data are facts. Data are opinions. Data could consist of copyrightable material but need not be. Data is not owned so much as it is possessed and controlled. Ultimately, control over data is what privacy is all about.
Often companies try to give users putative control over their data. Google, for instance, has an entire suite of tools and settings at your disposal to ostentatiously give you control of the information that they collect and maintain about you. However, control here is illusory. It only serves as an instruction to Google of your preferences and wishes, but it’s up to Google to abide by that preference. Google, could, at it’s discretion, ignore your desire. In layman’s terms we would call that a violation of one’s privacy. I’m not suggesting Google does this, merely illustrating the illusory nature of their privacy “controls.”
A company may make certain statements about your privacy and the efforts they will go to to adhere to your wishes. Some of those statements may be legally binding. The company may have additional obligations under the law or maybe moral obligations that are implied under the context of your relationship. Legally binding or not, there is no recourse once those binds are broken; the information is released; it escapes or is set free; the genie is out of the bottle. While you may take solace in seeking monetary compensation, the information can not be contained. You have NO real control.
Now, let me turn my attention to the third party doctrine. The third party doctrine essentially provides that any information you provide to a third party (i.e. not a party to the communication), is fair game for a government subpoena. In other words, despite any promises or obligations of the third party to adhere to your wishes regarding the release of the information, a government request trumps all. Again, you have NO real control.
Real privacy comes from real control. If past, present and future decisions about information are yours and yours alone, then and only then you have real privacy.