Neil Richards' book "Why Privacy Matters" has been published in 2021.
He opens his book by explaining how privacy is treated nowadays. The notion of "data as the new oil" hinges on the idea that just as oil was the driving factor behind the industrial revolution, data is the driver behind our current information age. That means that data is the fuel which makes all the innovations of today run. Also, data is very valuable, just like oil was (and still is) for "traditional" industries.
Neil Richards' definition of privacy
The author finally presents his working definition of privacy:
Privacy is information about humans that is used as well as known and is a matter of degree.
That means that it is not about, for example, bathroom privacy (which would be spatial privacy), it addresses exclusively informational privacy.
It has to target human information, which means personally identifiable information - so information that can identify an individual person.
Also, the information has not only to be collected but must also be used in some way.
Finally, the qualifier that privacy is a matter of degree means, that whether a certain information is public or private depends on the person and is not binary but rather on a spectrum.
Privacy rules
Next, the author defines four privacy rules according to him:
1. Privacy is fundamentally about power. Intuitively, if someone has data about you that you wish to remain private, this entity now has power over you.
2. Struggles over privacy are in reality struggles over the rules that constrain the power that human information confers. This rule relates to privacy law, or the lack thereof, especially in the states. The US does not have an equivalent to the European GDPR yet, so privacy laws are not as well defined in the US.
3. Privacy rules of some sort are inevitable. There are no neutral baselines - the usage of private data (or information) has to be regulated somehow. It does not really matter here, how these rules look exactly, but there have to be some kind of rulesets, customers (or users - but more on that later) can trust. Otherwise, our information society would not function.
4. Privacy should be thought of in instrumental terms to promote human values. Privacy is not just about hiding your information because you would feel creeped out if someone would know certain things about you (again, more on that in a bit). Privacy is more of a necessity for society to function. I've talked about concepts such as intellectual privacy, and why it matters for democracies in another book report, which you can check out if you click the link on the top right corner of the video. Again, Neil argues, that the notion of privacy as a fundamental right is more prevalent in Europe than it is in the US.
Privacy fallacies
Consequently - and concluding the introduction about the term privacy - he presents four privacy fallacies and explains why they are indeed wrong:
1. Privacy is about hiding dark secrets, and those who have nothing to hide have nothing to fear. This argument falls flat, as everybody has some facts about their lives they do not want to be broadcast to the public. Everybody wears clothes - even im summer - to not be naked in front of others and no-one would want pictures of them on the toilet to be made public.
2. Privacy is not about creepiness. Usually people find profiling, CCTV, or other kinds of surveillance creepy and are therefor concerned for their privacy. However, there are many technologies we are unaware of and therefor not creeped out by, that are invading our privacy. Also, other technologies (such as, for example, CCTV) might even be beneficial to our wellbeing as it might reduce crime and compromises our privacy very little. Finally - and this is a very important point - creepiness is highly subjective and changes over time. People from 60 years ago would never imaging of sharing images or other information people now share freely about themselves. This is by the way also why older people tend to be more concerned about their privacy as younger people are, which many surveys show. The goal posts have changes. What we find creepy now might be pushed even further down the road until we no longer find it creepy. Facebook and Google are actively trying to move these goal posts, for example.
3. Privacy is a matter of control. People should control how their information is used. This is also part of the United States' notion of "notice and choice". Give people the possibility to choose and it is therefore their fault if they misconfigured their privacy settings.
However, people are overwhelmed by the myriad of choices and the sheer amount of sites they visit and privacy notices they claim to have read but never do. A little more on that later.
4. Privacy is dying or dead already, as Mark Zuckerberg famously claimed. I have noticed earlier that younger people care less about their privacy than older people. However, young people definitely care about their privacy in regards to people outside of their respective peer groups, for example posting information online with settings to exclude, for example, their parents.
Also, the amount of research dedicated to privacy suggests that there is profound interest in the topic. Furthermore, institutions such as the NSA which would maybe claim that privacy does not matter anyway are themselves very secretive about their operations.
Privacy values
The second part of the book lays out the authors three privacy values. The values are identity , freedom , and protection . I will present each of them briefly:
First, identity. I've already discussed intellectual privacy in another video. Brief, it describes the idea that you need privacy in order for you ideas to mature before you can "go public". That means that your ideas should be shielded from potentially destroying criticism when they are still at a state that is not yet developed enough for them to hold strong against scrutiny. In a way, privacy works as a testbed and if you present your ideas within a peer group you can trust not to leak your ideas - again, I refer you to my book review on Privacy as Trust, if you want to know more about trust.
Another worry regarding identity is the fact that moving the goal posts of privacy and perceived creepiness normalizes surveillance. If people no longer care about being surveilled, it will become more prevalent in society.
This brings us to the second value: freedom. If in fact surveillance becomes more widely accepted in society, the effects will be that conformity increases. If being an outlier makes you immediately more interesting for algorithms people tend to at least appear not to be outliers. Free flow of information between groups suffers as everybody conforms to the middle and no fringe ideas or viewpoints will be uttered.
Another point is that surveillance can be used for blackmailing from the government, if the FBI does not like a particular individual. This is also called dropping a truth bomb on an actor, the FBI, for example, wants to discredit. Also, surveillance can be used for targeted manipulation.
Finally, the third value is protection.
Drawing parallels to the beginning of the industrial age, Neil Richards argues that we need protection from those that exploit us. Just as labor conditions only bettered due to regulatory inference, so must law makers today interfere to protect their citizens' privacy rights. The author cites the EU's GDPR that - with all its flaws - still at least tries to guard the EU's citizens against companies that do not value privacy or do not protect their consumers' data.
Users vs. customers and the innovation fallacy
This brings me to an important point I want to highlight from the book. It is important to understand that we very often - and I surely am guilty of this as well - talk about users of certain products such as Facebook, Google, and the like. However, Neil argues - rightfully, I believe - that we should think about people as customers rather than users - and call them that. A user does not have any rights - a customer does. However, even as customers people suffer from decision fatigue, if privacy is handled as control as it is done today. There are in fact to many decisions to make on a daily basis and living within the online world is a major stress factor for many millennials, for example. Consequent regulation and not basing privacy on control would mitigate this issue. Also, too often companies claim that the invasion of privacy is necessary because data is needed for innovation. The author claims that the rhetoric of innovation is flawed, because innovation is a vague term, it is always used positively, without even slightly hinting at its negative aspects, and that is at the same time the most powerful thing in the world but at the same time fragile if any kind of restriction is applied to, for example, private data.
Conclusion
In summary, the author states, that privacy is not dying but it is up for grabs. We need human information rules to promote human values.
My conclusion is that this book is a great read - if you ignore the occasional partisan talking points - for all things privacy. The author goes into the history, the problems with definitions, while providing his own, common fallacies and finally, explains his three values of privacy. I hope I did a good job in explaining his fundamental points. Of course, you should always check out the book yourself if you want to learn more.
-PK, 08.03.2023