News, Developments, and Insights

high-tech technology background with eyes on computer display


In today’s Wall Street Journal, Gordon Crovitz has an op-ed arguing that we’ve gotten over privacy:

We seem to be following the advice of Scott McNealy, chairman of Sun Microsystems, who in 1999 said, “You have zero privacy anyway. Get over it.” And the observation by Oracle CEO Larry Ellison: “The privacy you’re concerned about is largely an illusion. All you have to give up is your illusions, not any of your privacy.”

These comments could be dismissed as technology executives trying to minimize complaints about technology. But whatever we say about how much we value privacy, a close look at our actual behavior suggests we have gotten over it. A recent study by AOL of privacy in Britain found that 84% of people said they would not disclose details about their income online, but in fact 89% of them willingly did.

Crovitz makes a common argument — that the fact that people express concern over their privacy but do little to protect it demonstrates that they could really care less about privacy. In my book, Understanding Privacy, I argue that this reasoning is flawed. People might be generally concerned about their privacy but not realize the specific ways that their personal information will be used when they give it out. People give out bits of data here and there, and each individual disclosure to one particular entity might be relatively innocuous. But when the data is combined, it starts to become a lot more telling about a person’s tastes and habits.

Crovitz goes on to argue:

Amazon closely records our taste in books, Gmail scans our emails to deliver relevant ads, and electronic tolls track where we drive. Profiles on MySpace and Facebook are accessible, forever. . . .

Privacy remains a virtue, or at least we still say it does. But the balance has been tipped by other values, such as transparency, a free flow of information and physical security. We’re in the early stages of adapting to more digital and visible lives, with privacy expectations better defined by what we do than by what we say.

The fact that entities have information about us doesn’t mean that we don’t view privacy as valuable. First of all, Crovitz assumes that privacy is about hiding away our information from everybody but ourselves. But this is a far too narrow way to understand privacy. In Understanding Privacy, I argue that “privacy” is not just one thing, but a group of related things. For example, there are many privacy problems that Crovitz overlooks in his analysis. It’s true, for example, that Amazon records our tastes in books. I shop on and I like its book recommendation service. But does that mean that I don’t care about my privacy? Far from it. I would be upset if Amazon kept the data insecure, if it didn’t inform me of the data it had, if it disclosed it to the government without my consent, if it started posting my book purchases online for the world to see, and so on. Caring about “privacy” is more than merely caring about hiding information.

For example, many people care about the privacy of their financial information, yet they share this data with banks, credit card companies, and various merchants. The fact that people give out this information doesn’t mean that they don’t care about “privacy.” In today’s Information Age, if people really wanted to keep all their information concealed, they’d have to live in a shack in the woods. The fact that people give out data in an age where it is nearly impossible not to do so has little bearing on the value of privacy. People give their financial data with the expectation that it will remain confidential, that it will only be used to carry out the bank’s functions or to process their commercial transactions. If the bank suddenly disclosed people’s bank records online, would Crovitz say: “Well, people don’t expect privacy in their financial information, so it’s no problem”? I don’t think so. That’s because privacy is a much more nuanced and complex concept than Crovitz has acknowledged. When privacy is understood as a pluralistic conception — as a group of related things — it becomes much more clear that people do value privacy.

Originally Posted at Concurring Opinions

* * * *

This post was authored by Professor Daniel J. Solove, who through TeachPrivacy develops computer-based privacy training, data security training, HIPAA training, and many other forms of awareness training on privacy and security topics. Professor Solove also posts at his blog at LinkedIn. His blog has more than 1 million followers.

Professor Solove is the organizer, along with Paul Schwartz, of the Privacy + Security Forum and International Privacy + Security Forum, annual events designed for seasoned professionals.

If you are interested in privacy and data security issues, there are many great ways Professor Solove can help you stay informed:
LinkedIn Influencer blog

TeachPrivacy Ad Privacy Training Security Training 01