Ari Ezra Waldman's book "Privacy as Trust" has been released in 2018.
He starts the book by explaining a little bit about the history of privacy. Ari explains that the first notions of privacy come from the philosophers John Locke in the 17th century and, about 100 years later, Immanuel Kant.
History of privacy
Locke's argument is that we own our land and keep anyone away from it which can be extrapolated to the right to have privacy without anyone interfering in it.
Kant's argument is that people are rational human beings and that we can act with individual autonomy according to reason instead of acting on our instincts. The implication for privacy law is that Kant says that we are reasonable beings that can be trusted to choose the correct way to, for example, handle our private data.
The first true privacy debate arose when portable cameras were readily available. These cameras and the associated reporters were beginning to report about the rich and famous at the end of the 19th century. This led two scholars Samuel Warren and Louis Brandeis to their famous quote that privacy is the right to be let alone. Targeted - at that time - at reporters.
What is private? The secrecy paradigm
Their idea was that everything that happens in my own four walls is private and therefore can not be in the public's interest. This has led to dubious interpretations of privacy in US law. If anything was therefore not "within your home" but it was shared with anyone, it was no longer seen as private. If, for example, you told a friend that you were gay, there is no more secrecy attached to your sexual orientation, according to jurisdiction in the mid 20th century. The scholar Daniel Solove called this the secrecy paradigm, which he heavily criticized for not being fair to victims of privacy invasions.
Privacy as control
Another point made in the book is that privacy is important not only because we feel like we need it, but also because of a thing called intellectual privacy. This means that I can test my ideas in a close group who I can trust will not reveal my ideas, before "going public". This means that privacy is an important part to function as a society.
Most privacy regulations follow a notion of giving the user the control about their data. This goes back to Kantian ideas we discussed earlier that people are able to act rationally and that they should be in control over decisions regarding their privacy.
This is also the bedrock of the EUs GDPR, as well as the notice and choice paradigm in US law.
However, as many scholars have noted, the internet is too vast a space with too many choices and too much data to expect people to rationally decide about their data's usage. Privacy policies are in place; however, nobody reads them and it would take an individual a good time of a given year to read all the privacy policies relevant to him.
Privacy roles
Other important concepts are privacy roles and privacy context. That means that I behave differently in different groups because I play different roles within those groups. A waiter, for example, will be polite and reserved when serving a customer but will be lively and open when talking to his colleagues. These different roles provide different contexts - also for privacy. That means that what is private in one context can be perfectly reasonable to share in another.
Take, for example, a marriage. It is perfectly normal to share sexual preferences with your partner, as you trust that your partner will keep them to herself. You might not want to share your sexual preferences with your boss however, as this is not only inappropriate but might also lead to repercussions.
Another point is that sharing is also based on reciprocity. In order to take part in, for example, dating apps, you need to share some information that you might consider deeply private, such as sending nude pictures of yourself. In order for that to work, everybody shares private information so you feel safe in doing so as well, as you are simply reciprocating in the praxis everyone else is. You do however base your trust on the others not to betray your privacy as you will not theirs.
Privacy for society
Furthermore, the author explains how information travels within a society. Social groups are typically tightly knit so there are strong ties between the group members. What you share with one group you might not share with the other group. Due to this, information will not travel from one group to the other. This means also that society as whole suffers because there might be valuable information - which is not private - both groups could benefit from. However, information shared within a group usually stays within the group.
However, the reality consists also on weak ties, meaning that members of different groups might interact with each other. Those people are not themselves forming a tight group, but, they are acquainted enough to share information which in turn can be shared within both groups and the society as a whole benefits.
Privacy as trust
This all leads the author to the definition of privacy as trust. He states the following three rules, paraphrased a little by me:
1. Sharing is not only inevitable, it is necessary to participate in the online world. There is no way to function in the modern world without sharing some data online.
2. Privacy is not only for an individual's benefit but necessary for the society to function as a whole. Privacy is therefore an element of social structure that thrives on sharing information because people expect others to treat their information with the diligence it deserves.
3. If judges have to identify whether something constitutes a breach of trust they have to take into account experience of the parties involved, social cues, reciprocity and transference of information from knowns to unknowns.
Conclusion
The third and final part of the book are legal cases in which the author demonstrates how his approach to privacy as trust might have changed the outcome of same legal disputes and are worth reading; however, they are beyond the scope of this blog post.
The author concludes his book with an interesting chapter on robots which are designed to elicit trust from its users. Some people even feel more comfortable talking to and sharing private information with a robot than they would be with a human. This can lead people to forget the fact that a robot is a machine which constantly collects data which - if not protected properly - can easily be misused.
In conclusion I find Adi Ezra Waldman's ideas interesting and well formulated. I think that privacy as trust is a practical and realistic view of the world that is worth considering for policy makers. I would recommend to read the book as it is well written and never boring and he articulates his case much better than I can do in this blog post.
-PK, 26.01.2023