What is privacy? This is a central question to answer, because a conception of privacy underpins every attempt to address it and protect it. Every court that holds that something is or isn’t privacy is basing its decision on a conception of privacy — often unstated. Privacy laws are also based on a conception of privacy, which informs what things the laws protect. Decisions involving privacy by design also involve a conception of privacy. When privacy is “baked into” products and services, there must be some understanding of what is being baked in.
Far too often, conceptions of privacy are too narrow, focusing on keeping secrets or avoiding disclosure of personal data. Privacy is much more than these things. Overly narrow conceptions of privacy lead to courts concluding that there is no privacy violation when something doesn’t fit the narrow conception. Narrow or incomplete conceptions of privacy lead to laws that fail to address key problems. Privacy by design can involve throwing in a few things and calling it “privacy,” but this is like cooking a dish that requires 20 ingredients but only including 5 of them.
It is thus imperative to think through what privacy is. If you have an overly narrow or incomplete conception of privacy, you’re not going to be able to effectively identify privacy risks or protect privacy.
In my work, I have attempted to develop a practical and useable conception of privacy. In what follows, I will briefly describe what I have developed.
Does scholarship really have an impact? For a long time, naysayers have attacked scholarship, especially scholarship about law. U.S. Supreme Court Chief Justice Roberts once remarked: “Pick up a copy of any law review that you see, and the first article is likely to be, you know, the influence of Immanuel Kant on evidentiary approaches in 18th Century Bulgaria, or something.” He noted that when the academy addresses legal issues at “a particularly abstract, philosophical level . . . they shouldn’t expect that it would be of any particular help or even interest to the members of the practice of the bar or judges.” Judge Harry Edwards also has attacked legal scholarship as largely irrelevant.
There were quite a number of books published about privacy and security issues last year, and I would like to highlight a few notable ones. A few books came out in late 2014 and have an early 2015 publication date. I’m including them here. The books are in no particular order.
This past Tuesday the Federal Trade Commission (FTC) filed a complaint against AT&T for allegedly throttling the Internet of its customers even though they paid for unlimited data plans. This complaint was surprising for many, who thought the Federal Communications Commission (FCC) was the agency that handled such telecommunications issues. Is the FTC supposed to be involved here?