Privacy (UK: /ˈprɪvəsiː/, US: /ˈpraɪ-/)[1][2] is the ability of an individual or group to seclude themselves or information about themselves, and thereby express themselves selectively.
The domain of privacy partially overlaps with security, which can include the concepts of appropriate use and protection of information. Privacy may also take the form of bodily integrity.
Throughout history, there have been various conceptions of privacy. Most cultures acknowledge the right of individuals to keep aspects of their personal lives out of the public domain. The right to be free from unauthorized invasions of privacy by governments, corporations, or individuals is enshrined in the privacy laws of many countries and, in some instances, their constitutions.
With the rise of technology, the debate regarding privacy has expanded from a bodily sense to include a digital sense. In most countries, the right to digital privacy is considered an extension of the original right to privacy, and many countries have passed acts that further protect digital privacy from public and private entities.
There are multiple techniques to invade privacy, which may be employed by corporations or governments for profit or political reasons. Conversely, in order to protect privacy, people may employ encryption or anonymity measures.
The word privacy is derived from the Latin word "privatus", which means set apart from what is public, personal and belonging to oneself, and not to the state.[3] It is also derived from the Latin word 'privo,' which conveys the idea of deprivation or being robbed of.[4]
The concept of privacy has been explored and discussed by numerous philosophers throughout history.
Privacy has historical roots in ancient Greek philosophical discussions. The most well-known of these was Aristotle's distinction between two spheres of life: the public sphere of the polis, associated with political life, and the private sphere of the oikos, associated with domestic life.[5] Privacy is valued along with other basic necessities of life in the Jewish deutero-canonical Book of Sirach.[6]
English philosopher John Locke’s (1632-1704) writings on natural rights and the social contract laid the groundwork for modern conceptions of individual rights, including the right to privacy. In his Second Treatise of Civil Government(1689), Locke argued that a man is entitled to his own self through one’s natural rights of life, liberty, and property.[7] He believed that the government was responsible for protecting these rights so individuals were guaranteed private spaces to practice personal activities.[8]
In the political sphere, philosophers hold differing views on the right of private judgment. German philosopher Georg Wilhelm Friedrich Hegel (1770-1831) makes the distinction between moralität, which refers to an individual’s private judgment, and sittlichkeit, pertaining to one’s rights and obligations as defined by an existing corporate order. On the contrary, Jeremy Bentham (1748-1832), an English philosopher, interpreted law as an invasion of privacy. His theory of utilitarianism argued that legal actions should be judged by the extent of their contribution to human wellbeing, or necessary utility.[9]
Hegel’s notions were modified by prominent 19th century English philosopher John Stuart Mill. Mill’s essay On Liberty (1859) argued for the importance of protecting individual liberty against the tyranny of the majority and the interference of the state. His views emphasized the right of privacy as essential for personal development and self-expression.[10]
Discussions surrounding surveillance coincided with philosophical ideas on privacy. Jeremy Bentham developed the phenomenon known as the Panoptic effect through his 1791 architectural design of a prison called Panopticon. The phenomenon explored the possibility of surveillance as a general awareness of being watched that could never be proven at any particular moment.[11] French philosopher Michel Foucault (1926-1984) concluded that the possibility of surveillance in the instance of the Panopticon meant a prisoner had no choice but to conform to the prison's rules.[11]
A medida que la tecnología ha avanzado, la forma en que se protege y viola la privacidad ha cambiado con ella. En el caso de algunas tecnologías, como la imprenta o Internet , la mayor capacidad para compartir información puede conducir a nuevas formas en que se puede violar la privacidad. En general, se acepta que la primera publicación que defendía la privacidad en los Estados Unidos fue el artículo de 1890 de Samuel Warren y Louis Brandeis , "The Right to Privacy", [12] y que fue escrito principalmente en respuesta al aumento de periódicos y fotografías. posible gracias a las tecnologías de impresión. [13]
En 1948 se publicó 1984 , escrito por George Orwell . Una novela distópica clásica, 1984 describe la vida de Winston Smith en 1984, ubicado en Oceanía, un estado totalitario. El Partido que todo lo controla, el partido en el poder dirigido por el Gran Hermano, es capaz de controlar el poder mediante la vigilancia masiva y la libertad limitada de expresión y pensamiento. George Orwell ofrece comentarios sobre los efectos negativos del totalitarismo , particularmente en la privacidad y la censura . [14] Se han establecido paralelos entre 1984 y la censura y la privacidad modernas, un ejemplo notable es que las grandes empresas de redes sociales, en lugar del gobierno, pueden monitorear los datos de un usuario y decidir qué se puede decir en línea a través de sus políticas de censura. , en última instancia con fines monetarios. [15]
En la década de 1960, la gente empezó a considerar cómo los cambios en la tecnología estaban provocando cambios en el concepto de privacidad. [16] The Naked Society , de Vance Packard , fue un libro popular sobre privacidad de esa época y lideró el discurso estadounidense sobre privacidad en ese momento. [16] Además, Privacidad y Libertad de Alan Westin cambió el debate sobre la privacidad desde un sentido físico, cómo el gobierno controla el cuerpo de una persona (es decir, Roe v. Wade ) y otras actividades como las escuchas telefónicas y la fotografía. A medida que se digitalizaron registros importantes, Westin argumentó que los datos personales se estaban volviendo demasiado accesibles y que una persona debería tener jurisdicción completa sobre sus datos, sentando las bases para el debate moderno sobre la privacidad. [17]
New technologies can also create new ways to gather private information. In 2001, the legal case Kyllo v. United States (533 U.S. 27) determined that the use of thermal imaging devices that can reveal previously unknown information without a warrant constitutes a violation of privacy. In 2019, after developing a corporate rivalry in competing voice-recognition software, Apple and Amazon required employees to listen to intimate moments and faithfully transcribe the contents.[18]
Police and citizens often conflict on what degree the police can intrude a citizen's digital privacy. For instance, in 2012, the Supreme Court ruled unanimously in United States v. Jones (565 U.S. 400), in the case of Antoine Jones who was arrested of drug possession using a GPS tracker on his car that was placed without a warrant, that warrantless tracking infringes the Fourth Amendment. The Supreme Court also justified that there is some "reasonable expectation of privacy" in transportation since the reasonable expectation of privacy had already been established under Griswold v. Connecticut (1965). The Supreme Court also further clarified that the Fourth Amendment did not only pertain to physical instances of intrusion but also digital instances, and thus United States v. Jones became a landmark case.[19]
In 2014, the Supreme Court ruled unanimously in Riley v. California (573 U.S. 373), where David Leon Riley was arrested after he was pulled over for driving on expired license tags when the police searched his phone and discovered that he was tied to a shooting, that searching a citizen's phone without a warrant was an unreasonable search, a violation of the Fourth Amendment. The Supreme Court concluded that the cell phones contained personal information different from trivial items, and went beyond to state that information stored on the cloud was not necessarily a form of evidence. Riley v. California evidently became a landmark case, protecting the digital protection of citizen's privacy when confronted with the police.[20]
A recent notable occurrence of the conflict between law enforcement and a citizen in terms of digital privacy has been in the 2018 case, Carpenter v. United States (585 U.S. ____). In this case, the FBI used cell phone records without a warrant to arrest Timothy Ivory Carpenter on multiple charges, and the Supreme Court ruled that the warrantless search of cell phone records violated the Fourth Amendment, citing that the Fourth Amendment protects "reasonable expectations of privacy" and that information sent to third parties still falls under data that can be included under "reasonable expectations of privacy".[21]
Beyond law enforcement, many interactions between the government and citizens have been revealed either lawfully or unlawfully, specifically through whistleblowers. One notable example is Edward Snowden, who released multiple operations related to the mass surveillance operations of the National Security Agency (NSA), where it was discovered that the NSA continues to breach the security of millions of people, mainly through mass surveillance programs whether it was collecting great amounts of data through third party private companies, hacking into other embassies or frameworks of international countries, and various breaches of data, which prompted a culture shock and stirred international debate related to digital privacy.[22]
The Internet and technologies built on it enable new forms of social interactions at increasingly faster speeds and larger scales. Because the computer networks which underlie the Internet introduce such a wide range of novel security concerns, the discussion of privacy on the Internet is often conflated with security.[23] Indeed, many entities such as corporations involved in the surveillance economy inculcate a security-focused conceptualization of privacy which reduces their obligations to uphold privacy into a matter of regulatory compliance,[24] while at the same time lobbying to minimize those regulatory requirements.[25]
The Internet's effect on privacy includes all of the ways that computational technology and the entities that control it can subvert the privacy expectations of their users.[26][27] In particular, the right to be forgotten is motivated by both the computational ability to store and search through massive amounts of data as well as the subverted expectations of users who share information online without expecting it to be stored and retained indefinitely. Phenomena such as revenge porn and deepfakes are not merely individual because they require both the ability to obtain images without someone's consent as well as the social and economic infrastructure to disseminate that content widely.[28] Therefore, privacy advocacy groups such as the Cyber Civil Rights Initiative and the Electronic Frontier Foundation argue that addressing the new privacy harms introduced by the Internet requires both technological improvements to encryption and anonymity as well as societal efforts such as legal regulations to restrict corporate and government power.[29][30]
While the Internet began as a government and academic effort up through the 1980s, private corporations began to enclose the hardware and software of the Internet in the 1990s, and now most Internet infrastructure is owned and managed by for-profit corporations.[31] As a result, the ability of governments to protect their citizens' privacy is largely restricted to industrial policy, instituting controls on corporations that handle communications or personal data.[32][33] Privacy regulations are often further constrained to only protect specific demographics such as children,[34] or specific industries such as credit card bureaus.[35]
Several online social network sites (OSNs) are among the top 10 most visited websites globally. Facebook for example, as of August 2015, was the largest social-networking site, with nearly 2.7 billion[36] members, who upload over 4.75 billion pieces of content daily. While Twitter is significantly smaller with 316 million registered users, the US Library of Congress recently announced that it will be acquiring and permanently storing the entire archive of public Twitter posts since 2006.[26]
A review and evaluation of scholarly work regarding the current state of the value of individuals' privacy of online social networking show the following results: "first, adults seem to be more concerned about potential privacy threats than younger users; second, policy makers should be alarmed by a large part of users who underestimate risks of their information privacy on OSNs; third, in the case of using OSNs and its services, traditional one-dimensional privacy approaches fall short".[37] This is exacerbated by deanonymization research indicating that personal traits such as sexual orientation, race, religious and political views, personality, or intelligence can be inferred based on a wide variety of digital footprints, such as samples of text, browsing logs, or Facebook Likes.[38]
Intrusions of social media privacy are known to affect employment in the United States. Microsoft reports that 75 percent of U.S. recruiters and human-resource professionals now do online research about candidates, often using information provided by search engines, social-networking sites, photo/video-sharing sites, personal web sites and blogs, and Twitter. They also report that 70 percent of U.S. recruiters have rejected candidates based on internet information. This has created a need by many candidates to control various online privacy settings in addition to controlling their online reputations, the conjunction of which has led to legal suits against both social media sites and US employers.[26]
Selfies are popular today. A search for photos with the hashtag #selfie retrieves over 23 million results on Instagram and 51 million with the hashtag #me.[39] However, due to modern corporate and governmental surveillance, this may pose a risk to privacy.[40] In a research study which takes a sample size of 3763, researchers found that for users posting selfies on social media, women generally have greater concerns over privacy than men, and that users' privacy concerns inversely predict their selfie behavior and activity.[41]
An invasion of someone's privacy may be widely and quickly disseminated over the Internet. When social media sites and other online communities fail to invest in content moderation, an invasion of privacy can expose people to a much greater volume and degree of harassment than would otherwise be possible. Revenge porn may lead to misogynist or homophobic harassment, such as in the suicide of Amanda Todd and the suicide of Tyler Clementi. When someone's physical location or other sensitive information is leaked over the Internet via doxxing, harassment may escalate to direct physical harm such as stalking or swatting.
Despite the way breaches of privacy can magnify online harassment, online harassment is often used as a justification to curtail freedom of speech, by removing the expectation of privacy via anonymity, or by enabling law enforcement to invade privacy without a search warrant. In the wake of Amanda Todd's death, the Canadian parliament proposed a motion purporting to stop bullying, but Todd's mother herself gave testimony to parliament rejecting the bill due to its provisions for warrantless breaches of privacy, stating "I don't want to see our children victimized again by losing privacy rights."[42][43][44]
Even where these laws have been passed despite privacy concerns, they have not demonstrated a reduction in online harassment. When the Korea Communications Commission introduced a registration system for online commenters in 2007, they reported that malicious comments only decreased by 0.9%, and in 2011 it was repealed.[45] A subsequent analysis found that the set of users who posted the most comments actually increased the number of "aggressive expressions" when forced to use their real name.[46]
In the US, while federal law only prohibits online harassment based on protected characteristics such as gender and race,[47] individual states have expanded the definition of harassment to further curtail speech: Florida's definition of online harassment includes "any use of data or computer software" that "Has the effect of substantially disrupting the orderly operation of a school."[48]
Increasingly, mobile devices facilitate location tracking. This creates user privacy problems. A user's location and preferences constitute personal information, and their improper use violates that user's privacy. A recent MIT study by de Montjoye et al. showed that four spatio-temporal points constituting approximate places and times are enough to uniquely identify 95% of 1.5M people in a mobility database. The study further shows that these constraints hold even when the resolution of the dataset is low. Therefore, even coarse or blurred datasets confer little privacy protection.[49]
Several methods to protect user privacy in location-based services have been proposed, including the use of anonymizing servers and blurring of information. Methods to quantify privacy have also been proposed, to calculate the equilibrium between the benefit of obtaining accurate location information and the risks of breaching an individual's privacy.[50]
There have been scandals regarding location privacy. One instance was the scandal concerning AccuWeather, where it was revealed that AccuWeather was selling locational data. This consisted of a user's locational data, even if they opted out within Accuweather, which tracked users' location. Accuweather sold this data to Reveal Mobile, a company that monetizes data related to a user's location.[51] Other international cases are similar to the Accuweather case. In 2017, a leaky API inside the McDelivery App exposed private data, which consisted of home addresses, of 2.2 million users.[52]
In the wake of these types of scandals, many large American technology companies such as Google, Apple, and Facebook have been subjected to hearings and pressure under the U.S. legislative system. In 2011, US Senator Al Franken wrote an open letter to Steve Jobs, noting the ability of iPhones and iPads to record and store users' locations in unencrypted files.[53][54] Apple claimed this was an unintentional software bug, but Justin Brookman of the Center for Democracy and Technology directly challenged that portrayal, stating "I'm glad that they are fixing what they call bugs, but I take exception with their strong denial that they track users."[55] In 2021, the U.S. state of Arizona found in a court case that Google misled its users and stored the location of users regardless of their location settings.[56]
The Internet has become a significant medium for advertising, with digital marketing making up approximately half of the global ad spending in 2019.[57] While websites are still able to sell advertising space without tracking, including via contextual advertising, digital ad brokers such as Facebook and Google have instead encouraged the practice of behavioral advertising, providing code snippets used by website owners to track their users via HTTP cookies. This tracking data is also sold to other third parties as part of the mass surveillance industry. Since the introduction of mobile phones, data brokers have also been planted within apps, resulting in a $350 billion digital industry especially focused on mobile devices.[58]
Digital privacy has become the main source of concern for many mobile users, especially with the rise of privacy scandals such as the Facebook–Cambridge Analytica data scandal.[58] Apple has received some reactions for features that prohibit advertisers from tracking a user's data without their consent.[59] Google attempted to introduce an alternative to cookies named FLoC which it claimed reduced the privacy harms, it later retracted the proposal due to antitrust probes and analyses that contradicted their claims of privacy.[60][61][62]
The ability to do online inquiries about individuals has expanded dramatically over the last decade. Importantly, directly observed behavior, such as browsing logs, search queries, or contents of a public Facebook profile, can be automatically processed to infer secondary information about an individual, such as sexual orientation, political and religious views, race, substance use, intelligence, and personality.[63]
In Australia, the Telecommunications (Interception and Access) Amendment (Data Retention) Act 2015 made a distinction between collecting the contents of messages sent between users and the metadata surrounding those messages.
Most countries give citizens rights to privacy in their constitutions.[16] Representative examples of this include the Constitution of Brazil, which says "the privacy, private life, honor and image of people are inviolable"; the Constitution of South Africa says that "everyone has a right to privacy"; and the Constitution of the Republic of Korea says "the privacy of no citizen shall be infringed."[16] The Italian Constitution also defines the right to privacy.[64] Among most countries whose constitutions do not explicitly describe privacy rights, court decisions have interpreted their constitutions to intend to give privacy rights.[16]
Many countries have broad privacy laws outside their constitutions, including Australia's Privacy Act 1988, Argentina's Law for the Protection of Personal Data of 2000, Canada's 2000 Personal Information Protection and Electronic Documents Act, and Japan's 2003 Personal Information Protection Law.[16]
Beyond national privacy laws, there are international privacy agreements.[65] The United Nations Universal Declaration of Human Rights says "No one shall be subjected to arbitrary interference with [their] privacy, family, home or correspondence, nor to attacks upon [their] honor and reputation."[16] The Organisation for Economic Co-operation and Development published its Privacy Guidelines in 1980. The European Union's 1995 Data Protection Directive guides privacy protection in Europe.[16] The 2004 Privacy Framework by the Asia-Pacific Economic Cooperation is a privacy protection agreement for the members of that organization.[16]
Approaches to privacy can, broadly, be divided into two categories: free market or consumer protection.[66]
One example of the free market approach is to be found in the voluntary OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data.[67] The principles reflected in the guidelines, free of legislative interference, are analyzed in an article putting them into perspective with concepts of the GDPR put into law later in the European Union.[68]
In a consumer protection approach, in contrast, it is claimed that individuals may not have the time or knowledge to make informed choices, or may not have reasonable alternatives available. In support of this view, Jensen and Potts showed that most privacy policies are above the reading level of the average person.[69]
The Privacy Act 1988 is administered by the Office of the Australian Information Commissioner. The initial introduction of privacy law in 1998 extended to the public sector, specifically to Federal government departments, under the Information Privacy Principles. State government agencies can also be subject to state based privacy legislation. This built upon the already existing privacy requirements that applied to telecommunications providers (under Part 13 of the Telecommunications Act 1997), and confidentiality requirements that already applied to banking, legal and patient / doctor relationships.[70]
In 2008 the Australian Law Reform Commission (ALRC) conducted a review of Australian privacy law and produced a report titled "For Your Information".[71] Recommendations were taken up and implemented by the Australian Government via the Privacy Amendment (Enhancing Privacy Protection) Bill 2012.[72]
In 2015, the Telecommunications (Interception and Access) Amendment (Data Retention) Act 2015 was passed, to some controversy over its human rights implications and the role of media.
Canada is a federal state whose provinces and territories abide by the common law save the province of Quebec whose legal tradition is the civil law. Privacy in Canada was first addressed through the Privacy Act,[73] a 1985 piece of legislation applicable to personal information held by government institutions. The provinces and territories would later follow suit with their own legislation. Generally, the purposes of said legislation are to provide individuals rights to access personal information; to have inaccurate personal information corrected; and to prevent unauthorized collection, use, and disclosure of personal information.[74] In terms of regulating personal information in the private sector, the federal Personal Information Protection and Electronic Documents Act [75] ("PIPEDA") is enforceable in all jurisdictions unless a substantially similar provision has been enacted on the provincial level.[76] However, inter-provincial or international information transfers still engage PIPEDA.[76] PIPEDA has gone through two law overhaul efforts in 2021 and 2023 with the involvement of the Office of the Privacy Commissioner and Canadian academics.[77] In the absence of a statutory private right of action absent an OPC investigation, the common law torts of intrusion upon seclusion and public disclosure of private facts, as well as the Civil Code of Quebec may be brought for an infringement or violation of privacy.[78][79] Privacy is also protected under ss. 7 and 8 of the Canadian Charter of Rights and Freedoms[80] which is typically applied in the criminal law context.[81] In Quebec, individuals' privacy is safeguarded by articles 3 and 35 to 41 of the Civil Code of Quebec[82] as well as by s. 5 of the Charter of human rights and freedoms.[83]
In 2016, the European Union passed the General Data Protection Regulation (GDPR), which was intended to reduce the misuse of personal data and enhance individual privacy, by requiring companies to receive consent before acquiring personal information from users.[84]
Although there are comprehensive regulations for data protection in the European Union, one study finds that despite the laws, there is a lack of enforcement in that no institution feels responsible to control the parties involved and enforce their laws.[85] The European Union also champions the Right to be Forgotten concept in support of its adoption by other countries.[86]
Desde la introducción del proyecto Aadhaar en 2009, que dio como resultado que los 1.200 millones de indios estuvieran asociados con un número de seguridad biométrica de 12 dígitos. Aadhaar ha ayudado a los pobres en la India [ ¿cómo? ] [ ¿promoción? ] proporcionándoles una forma de identidad y evitando el fraude y el desperdicio de recursos, ya que normalmente el gobierno no podría asignar sus recursos a los destinatarios previstos debido a problemas de identificación. [ cita necesaria ] Con el surgimiento de Aadhaar, India ha debatido si Aadhaar viola la privacidad de un individuo y si cualquier organización debería tener acceso al perfil digital de un individuo, ya que la tarjeta Aadhaar se asoció con otros sectores económicos, lo que permite el seguimiento de individuos por organismos tanto públicos como privados. [87] Las bases de datos de Aadhaar también han sufrido ataques a la seguridad y el proyecto también fue recibido con desconfianza con respecto a la seguridad de las infraestructuras de protección social. [88] En 2017, cuando se impugnó el Aadhar, la Corte Suprema de la India declaró la privacidad como un derecho humano, pero pospuso la decisión sobre la constitucionalidad de Aadhaar para otro tribunal. [89] En septiembre de 2018, la Corte Suprema de la India determinó que el proyecto Aadhaar no violaba el derecho legal a la privacidad. [90]
En el Reino Unido no es posible interponer una acción por invasión de la privacidad. Se puede interponer una acción por otro agravio (normalmente abuso de confianza) y entonces la privacidad debe considerarse según la legislación de la CE. En el Reino Unido, a veces se defiende que la divulgación de información privada era de interés público. [91] Sin embargo, existe la Oficina del Comisionado de Información (ICO), un organismo público independiente creado para promover el acceso a la información oficial y proteger la información personal. Lo hacen promoviendo buenas prácticas, resolviendo quejas elegibles, brindando información a individuos y organizaciones y tomando medidas cuando se infringe la ley. Las leyes pertinentes del Reino Unido incluyen: Ley de Protección de Datos de 1998 ; Ley de Libertad de Información de 2000 ; Reglamento de Información Ambiental de 2004 ; Reglamento de privacidad y comunicaciones electrónicas de 2003 . La ICO también ha proporcionado un "Kit de herramientas de información personal" en línea que explica con más detalle las diversas formas de proteger la privacidad en línea. [92]
In the United States, more systematic treatises of privacy did not appear until the 1890s, with the development of privacy law in America.[93] Although the US Constitution does not explicitly include the right to privacy, individual as well as locational privacy may be implicitly granted by the Constitution under the 4th Amendment.[94] The Supreme Court of the United States has found that other guarantees have penumbras that implicitly grant a right to privacy against government intrusion, for example in Griswold v. Connecticut and Roe v. Wade. Dobbs v. Jackson Women's Health Organization later overruled Roe v. Wade, with Supreme Court Justice Clarence Thomas characterizing Griswold's penumbral argument as having a "facial absurdity",[95] casting doubt on the validity of a constitutional right to privacy in the United States and of previous decisions relying on it.[96] In the United States, the right of freedom of speech granted in the First Amendment has limited the effects of lawsuits for breach of privacy. Privacy is regulated in the US by the Privacy Act of 1974, and various state laws. The Privacy Act of 1974 only applies to federal agencies in the executive branch of the federal government.[97] Certain privacy rights have been established in the United States via legislation such as the Children's Online Privacy Protection Act (COPPA),[98] the Gramm–Leach–Bliley Act (GLB), and the Health Insurance Portability and Accountability Act (HIPAA).[99]
Unlike the EU and most EU-member states, the US does not recognize the right to privacy of non-US citizens. The UN's Special Rapporteur on the right to privacy, Joseph A. Cannataci, criticized this distinction.[100]
The theory of contextual integrity,[101] developed by Helen Nissenbaum, defines privacy as an appropriate information flow, where appropriateness, in turn, is defined as conformance with legitimate, informational norms specific to social contexts.
In 1890, the United States jurists Samuel D. Warren and Louis Brandeis wrote "The Right to Privacy", an article in which they argued for the "right to be let alone", using that phrase as a definition of privacy.[102] This concept relies on the theory of natural rights and focuses on protecting individuals. The citation was a response to recent technological developments, such as photography, and sensationalist journalism, also known as yellow journalism.[103]
There is extensive commentary over the meaning of being "let alone", and among other ways, it has been interpreted to mean the right of a person to choose seclusion from the attention of others if they wish to do so, and the right to be immune from scrutiny or being observed in private settings, such as one's own home.[102] Although this early vague legal concept did not describe privacy in a way that made it easy to design broad legal protections of privacy, it strengthened the notion of privacy rights for individuals and began a legacy of discussion on those rights in the US.[102]
Limited access refers to a person's ability to participate in society without having other individuals and organizations collect information about them.[104]
Various theorists have imagined privacy as a system for limiting access to one's personal information.[104] Edwin Lawrence Godkin wrote in the late 19th century that "nothing is better worthy of legal protection than private life, or, in other words, the right of every man to keep his affairs to himself, and to decide for himself to what extent they shall be the subject of public observation and discussion."[104][105] Adopting an approach similar to the one presented by Ruth Gavison[106] Nine years earlier,[107] Sissela Bok said that privacy is "the condition of being protected from unwanted access by others—either physical access, personal information, or attention."[104][108]
Control over one's personal information is the concept that "privacy is the claim of individuals, groups, or institutions to determine for themselves when, how, and to what extent information about them is communicated to others." Generally, a person who has consensually formed an interpersonal relationship with another person is not considered "protected" by privacy rights with respect to the person they are in the relationship with.[109][110] Charles Fried said that "Privacy is not simply an absence of information about us in the minds of others; rather it is the control we have over information about ourselves. Nevertheless, in the era of big data, control over information is under pressure.[111][112][This quote needs a citation][check quotation syntax]
Alan Westin defined four states—or experiences—of privacy: solitude, intimacy, anonymity, and reserve. Solitude is a physical separation from others;[113] Intimacy is a "close, relaxed; and frank relationship between two or more individuals" that results from the seclusion of a pair or small group of individuals.[113] Anonymity is the "desire of individuals for times of 'public privacy.'"[113] Lastly, reserve is the "creation of a psychological barrier against unwanted intrusion"; this creation of a psychological barrier requires others to respect an individual's need or desire to restrict communication of information concerning themself.[113]
In addition to the psychological barrier of reserve, Kirsty Hughes identified three more kinds of privacy barriers: physical, behavioral, and normative. Physical barriers, such as walls and doors, prevent others from accessing and experiencing the individual.[114] (In this sense, "accessing" an individual includes accessing personal information about them.)[114] Behavioral barriers communicate to others—verbally, through language, or non-verbally, through personal space, body language, or clothing—that an individual does not want the other person to access or experience them.[114] Lastly, normative barriers, such as laws and social norms, restrain others from attempting to access or experience an individual.[114]
Psychologist Carl A. Johnson has identified the psychological concept of “personal control” as closely tied to privacy. His concept was developed as a process containing four stages and two behavioural outcome relationships, with one’s outcomes depending on situational as well as personal factors.[115] Privacy is described as “behaviors falling at specific locations on these two dimensions”.[116]
Johnson examined the following four stages to categorize where people exercise personal control: outcome choice control is the selection between various outcomes. Behaviour selection control is the selection between behavioural strategies to apply to attain selected outcomes. Outcome effectance describes the fulfillment of selected behaviour to achieve chosen outcomes. Outcome realization control is the personal interpretation of one’s achieved outcome. The relationship between two factors– primary and secondary control, is defined as the two-dimensional phenomenon where one reaches personal control: primary control describes behaviour directly causing outcomes, while secondary control is behaviour indirectly causing outcomes.[117] Johnson explores the concept that privacy is a behaviour that has secondary control over outcomes.
Acknowledging other conceptions of privacy while arguing that the fundamental concern of privacy is behavior selection control, Johnson converses with other interpretations including those of Maxine Wolfe and Robert S. Laufer, and Irwin Altman. He clarifies the continuous relationship between privacy and personal control, where outlined behaviours not only depend on privacy, but the conception of one’s privacy also depends on his defined behavioural outcome relationships.[118]
Privacy is sometimes defined as an option to have secrecy. Richard Posner said that privacy is the right of people to "conceal information about themselves that others might use to their disadvantage".[119][120]
In various legal contexts, when privacy is described as secrecy, a conclusion is reached: if privacy is secrecy, then rights to privacy do not apply for any information which is already publicly disclosed.[121] When privacy-as-secrecy is discussed, it is usually imagined to be a selective kind of secrecy in which individuals keep some information secret and private while they choose to make other information public and not private.[121]
Privacy may be understood as a necessary precondition for the development and preservation of personhood. Jeffrey Reiman defined privacy in terms of a recognition of one's ownership of their physical and mental reality and a moral right to self-determination.[122] Through the "social ritual" of privacy, or the social practice of respecting an individual's privacy barriers, the social group communicates to developing children that they have exclusive moral rights to their bodies—in other words, moral ownership of their body.[122] This entails control over both active (physical) and cognitive appropriation, the former being control over one's movements and actions and the latter being control over who can experience one's physical existence and when.[122]
Alternatively, Stanley Benn defined privacy in terms of a recognition of oneself as a subject with agency—as an individual with the capacity to choose.[123] Privacy is required to exercise choice.[123] Overt observation makes the individual aware of himself or herself as an object with a "determinate character" and "limited probabilities."[123] Covert observation, on the other hand, changes the conditions in which the individual is exercising choice without his or her knowledge and consent.[123]
In addition, privacy may be viewed as a state that enables autonomy, a concept closely connected to that of personhood. According to Joseph Kufer, an autonomous self-concept entails a conception of oneself as a "purposeful, self-determining, responsible agent" and an awareness of one's capacity to control the boundary between self and other—that is, to control who can access and experience him or her and to what extent.[124] Furthermore, others must acknowledge and respect the self's boundaries—in other words, they must respect the individual's privacy.[124]
The studies of psychologists such as Jean Piaget and Victor Tausk show that, as children learn that they can control who can access and experience them and to what extent, they develop an autonomous self-concept.[124] In addition, studies of adults in particular institutions, such as Erving Goffman's study of "total institutions" such as prisons and mental institutions,[125] suggest that systemic and routinized deprivations or violations of privacy deteriorate one's sense of autonomy over time.[124]
Privacy may be understood as a prerequisite for the development of a sense of self-identity. Privacy barriers, in particular, are instrumental in this process. According to Irwin Altman, such barriers "define and limit the boundaries of the self" and thus "serve to help define [the self]."[126] This control primarily entails the ability to regulate contact with others.[126] Control over the "permeability" of the self's boundaries enables one to control what constitutes the self and thus to define what is the self.[126]
In addition, privacy may be seen as a state that fosters personal growth, a process integral to the development of self-identity. Hyman Gross suggested that, without privacy—solitude, anonymity, and temporary releases from social roles—individuals would be unable to freely express themselves and to engage in self-discovery and self-criticism.[124] Such self-discovery and self-criticism contributes to one's understanding of oneself and shapes one's sense of identity.[124]
In a way analogous to how the personhood theory imagines privacy as some essential part of being an individual, the intimacy theory imagines privacy to be an essential part of the way that humans have strengthened or intimate relationships with other humans.[127] Because part of human relationships includes individuals volunteering to self-disclose most if not all personal information, this is one area in which privacy does not apply.[127]
James Rachels advanced this notion by writing that privacy matters because "there is a close connection between our ability to control who has access to us and to information about us, and our ability to create and maintain different sorts of social relationships with different people."[127][128] Protecting intimacy is at the core of the concept of sexual privacy, which law professor Danielle Citron argues should be protected as a unique form of privacy.[129]
Physical privacy could be defined as preventing "intrusions into one's physical space or solitude."[130] An example of the legal basis for the right to physical privacy is the U.S. Fourth Amendment, which guarantees "the right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures".[131]
Physical privacy may be a matter of cultural sensitivity, personal dignity, and/or shyness. There may also be concerns about safety, if, for example one is wary of becoming the victim of crime or stalking.[132] There are different things that can be prevented to protect one's physical privacy, including people watching (even through recorded images) one's intimate behaviours or intimate parts and unauthorized access to one's personal possessions or places. Examples of possible efforts used to avoid the former, especially for modesty reasons, are clothes, walls, fences, privacy screens, cathedral glass, window coverings, etc.
Government agencies, corporations, groups/societies and other organizations may desire to keep their activities or secrets from being revealed to other organizations or individuals, adopting various security practices and controls in order to keep private information confidential. Organizations may seek legal protection for their secrets. For example, a government administration may be able to invoke executive privilege[133] or declare certain information to be classified, or a corporation might attempt to protect valuable proprietary information as trade secrets.[131]
Privacy self-synchronization is a hypothesized mode by which the stakeholders of an enterprise privacy program spontaneously contribute collaboratively to the program's maximum success. The stakeholders may be customers, employees, managers, executives, suppliers, partners or investors. When self-synchronization is reached, the model states that the personal interests of individuals toward their privacy is in balance with the business interests of enterprises who collect and use the personal information of those individuals.[134]
David Flaherty believes networked computer databases pose threats to privacy. He develops 'data protection' as an aspect of privacy, which involves "the collection, use, and dissemination of personal information". This concept forms the foundation for fair information practices used by governments globally. Flaherty forwards an idea of privacy as information control, "[i]ndividuals want to be left alone and to exercise some control over how information about them is used".[135]
Richard Posner and Lawrence Lessig focus on the economic aspects of personal information control. Posner criticizes privacy for concealing information, which reduces market efficiency. For Posner, employment is selling oneself in the labour market, which he believes is like selling a product. Any 'defect' in the 'product' that is not reported is fraud.[136] For Lessig, privacy breaches online can be regulated through code and law. Lessig claims "the protection of privacy would be stronger if people conceived of the right as a property right",[137] and that "individuals should be able to control information about themselves".[138]
There have been attempts to establish privacy as one of the fundamental human rights, whose social value is an essential component in the functioning of democratic societies.[139]
Priscilla Regan believes that individual concepts of privacy have failed philosophically and in policy. She supports a social value of privacy with three dimensions: shared perceptions, public values, and collective components. Shared ideas about privacy allows freedom of conscience and diversity in thought. Public values guarantee democratic participation, including freedoms of speech and association, and limits government power. Collective elements describe privacy as collective good that cannot be divided. Regan's goal is to strengthen privacy claims in policy making: "if we did recognize the collective or public-good value of privacy, as well as the common and public value of privacy, those advocating privacy protections would have a stronger basis upon which to argue for its protection".[140]
Leslie Regan Shade argues that the human right to privacy is necessary for meaningful democratic participation, and ensures human dignity and autonomy. Privacy depends on norms for how information is distributed, and if this is appropriate. Violations of privacy depend on context. The human right to privacy has precedent in the United Nations Declaration of Human Rights: "Everyone has the right to freedom of opinion and expression; this right includes freedom to hold opinions without interference and to seek, receive and impart information and ideas through any media and regardless of frontiers."[141] Shade believes that privacy must be approached from a people-centered perspective, and not through the marketplace.[142]
Dr. Eliza Watt, Westminster Law School, University of Westminster in London, UK, proposes application of the International Human Right Law (IHRL) concept of “virtual control” as an approach to deal with extraterritorial mass surveillance by state intelligence agencies. Dr. Watt envisions the “virtual control” test, understood as a remote control over the individual's right to privacy of communications, where privacy is recognized under the ICCPR, Article 17. This, she contends, may help to close the normative gap that is being exploited by nation states.[143]
The privacy paradox is a phenomenon in which online users state that they are concerned about their privacy but behave as if they were not.[144] While this term was coined as early as 1998,[145] it was not used in its current popular sense until the year 2000.[146][144]
Susan B. Barnes similarly used the term privacy paradox to refer to the ambiguous boundary between private and public space on social media.[147] When compared to adults, young people tend to disclose more information on social media. However, this does not mean that they are not concerned about their privacy. Susan B. Barnes gave a case in her article: in a television interview about Facebook, a student addressed her concerns about disclosing personal information online. However, when the reporter asked to see her Facebook page, she put her home address, phone numbers, and pictures of her young son on the page.
The privacy paradox has been studied and scripted in different research settings. Several studies have shown this inconsistency between privacy attitudes and behavior among online users.[148] However, by now an increasing number of studies have also shown that there are significant and at times large correlations between privacy concerns and information sharing behavior,[149] which speaks against the privacy paradox. A meta-analysis of 166 studies published on the topic reported an overall small but significant relation between privacy concerns and informations sharing or use of privacy protection measures.[150] So although there are several individual instances or anecdotes where behavior appear paradoxical, on average privacy concerns and privacy behaviors seem to be related, and several findings question the general existence of the privacy paradox.[151]
However, the relationship between concerns and behavior is likely only small, and there are several arguments that can explain why that is the case. According to the attitude-behavior gap, attitudes and behaviors are in general and in most cases not closely related.[152] A main explanation for the partial mismatch in the context of privacy specifically is that users lack awareness of the risks and the degree of protection.[153] Users may underestimate the harm of disclosing information online.[154] On the other hand, some researchers argue that the mismatch comes from lack of technology literacy and from the design of sites.[155] For example, users may not know how to change their default settings even though they care about their privacy. Psychologists Sonja Utz and Nicole C. Krämer particularly pointed out that the privacy paradox can occur when users must trade-off between their privacy concerns and impression management.[156]
A study conducted by Susanne Barth and Menno D.T. de Jo demonstrates that decision making takes place on an irrational level, especially when it comes to mobile computing. Mobile applications in particular are often built up in such a way that spurs decision making that is fast and automatic without assessing risk factors. Protection measures against these unconscious mechanisms are often difficult to access while downloading and installing apps. Even with mechanisms in place to protect user privacy, users may not have the knowledge or experience to enable these mechanisms.[157]
Users of mobile applications generally have very little knowledge of how their personal data are used. When they decide which application to download, they typically are not able to effectively interpret the information provided by application vendors regarding the collection and use of personal data.[158] Other research finds that this lack of interpretability means users are much more likely to be swayed by cost, functionality, design, ratings, reviews and number of downloads than requested permissions for usage of their personal data.[159]
The willingness to incur a privacy risk is suspected to be driven by a complex array of factors including risk attitudes, personal value for private information, and general attitudes to privacy (which are typically measured using surveys).[160] One experiment aiming to determine the monetary value of several types of personal information indicated relatively low evaluations of personal information.[158] Despite claims that ascertaining the value of data requires a "stock-market for personal information",[161] surveillance capitalism and the mass surveillance industry regularly place price tags on this form of data as it is shared between corporations and governments.
Users are not always given the tools to live up to their professed privacy concerns, and they are sometimes willing to trade private information for convenience, functionality, or financial gain, even when the gains are very small.[162] One study suggests that people think their browser history is worth the equivalent of a cheap meal.[163] Another finds that attitudes to privacy risk do not appear to depend on whether it is already under threat or not.[160] The methodology of user empowerment describes how to provide users with sufficient context to make privacy-informed decisions.
It is suggested by Andréa Belliger and David J. Krieger that the privacy paradox should not be considered a paradox, but more of a privacy dilemma, for services that cannot exist without the user sharing private data.[163] However, the general public is typically not given the choice whether to share private data or not,[18][56] making it difficult to verify any claim that a service truly cannot exist without sharing private data.
The privacy calculus model posits that two factors determine privacy behavior, namely privacy concerns (or perceived risks) and expected benefits.[164][165] By now, the privacy calculus has been supported by several studies.[166][167]
As with other conceptions of privacy, there are various ways to discuss what kinds of processes or actions remove, challenge, lessen, or attack privacy. In 1960 legal scholar William Prosser created the following list of activities which can be remedied with privacy protection:[168][169]
De 2004 a 2008, basándose en este y otros precedentes históricos, Daniel J. Solove presentó otra clasificación de acciones perjudiciales para la privacidad, incluida la recopilación de información que ya es algo pública, el procesamiento de información, el intercambio de información y la invasión del espacio personal para obtener información privada. [170]
En el contexto de dañar la privacidad, la recopilación de información significa recopilar cualquier información que se pueda obtener haciendo algo para obtenerla. [170] Los ejemplos incluyen la vigilancia y el interrogatorio . [170] Otro ejemplo es cómo los consumidores y los especialistas en marketing también recopilan información en el contexto empresarial a través del reconocimiento facial, lo que recientemente ha causado preocupación por aspectos como la privacidad. Actualmente se están realizando investigaciones relacionadas con este tema. [171]
Empresas como Google y Meta recopilan grandes cantidades de datos personales de sus usuarios a través de diversos servicios y plataformas. Estos datos incluyen hábitos de navegación, historial de búsqueda, información de ubicación e incluso comunicaciones personales. Luego, estas empresas analizan y agregan estos datos para crear perfiles de usuario detallados, que se venden a anunciantes y otros terceros. Esta práctica suele realizarse sin el consentimiento explícito del usuario, lo que provoca una invasión de la privacidad, ya que los individuos tienen poco control sobre cómo se utiliza su información. La venta de datos personales puede dar lugar a publicidad dirigida, manipulación e incluso posibles riesgos de seguridad, ya que la información confidencial puede ser explotada por actores malintencionados. Esta explotación comercial de datos personales socava la confianza de los usuarios y plantea importantes preocupaciones éticas y legales con respecto a la protección de datos y los derechos de privacidad. [172]
Puede suceder que la privacidad no se vea perjudicada cuando hay información disponible, pero que el daño puede producirse cuando esa información se recopila como un conjunto y luego se procesa en conjunto de tal manera que la presentación colectiva de fragmentos de información invada la privacidad. [173] Las acciones en esta categoría que pueden disminuir la privacidad incluyen las siguientes: [173]
Count not him among your friends who will retail your privacies to the world.
Information dissemination is an attack on privacy when information which was shared in confidence is shared or threatened to be shared in a way that harms the subject of the information.[173]
There are various examples of this.[173] Breach of confidentiality is when one entity promises to keep a person's information private, then breaks that promise.[173] Disclosure is making information about a person more accessible in a way that harms the subject of the information, regardless of how the information was collected or the intent of making it available.[173] Exposure is a special type of disclosure in which the information disclosed is emotional to the subject or taboo to share, such as revealing their private life experiences, their nudity, or perhaps private body functions.[173] Increased accessibility means advertising the availability of information without actually distributing it, as in the case of doxing.[173] Blackmail is making a threat to share information, perhaps as part of an effort to coerce someone.[173] Appropriation is an attack on the personhood of someone, and can include using the value of someone's reputation or likeness to advance interests which are not those of the person being appropriated.[173] Distortion is the creation of misleading information or lies about a person.[173]
Invasion of privacy, a subset of expectation of privacy, is a different concept from the collecting, aggregating, and disseminating information because those three are a misuse of available data, whereas invasion is an attack on the right of individuals to keep personal secrets.[173] An invasion is an attack in which information, whether intended to be public or not, is captured in a way that insults the personal dignity and right to private space of the person whose data is taken.[173]
An intrusion is any unwanted entry into a person's private personal space and solitude for any reason, regardless of whether data is taken during that breach of space.[173] Decisional interference is when an entity somehow injects itself into the personal decision-making process of another person, perhaps to influence that person's private decisions but in any case doing so in a way that disrupts the private personal thoughts that a person has.[173]
Similarly to actions which reduce privacy, there are multiple angles of privacy and multiple techniques to improve them to varying extents. When actions are done at an organizational level, they may be referred to as cybersecurity.
Individuals can encrypt e-mails via enabling either two encryption protocols, S/MIME, which is built into companies like Apple or Outlook and thus most common, or PGP.[174] The Signal messaging app, which encrypts messages so that only the recipient can read the message, is notable for being available on many mobile devices and implementing a form of perfect forward secrecy.[175] Signal has received praise from whistleblower Edward Snowden.[176] Encryption and other privacy-based security measures are also used in some cryptocurrencies such as Monero and ZCash.[177][178]
Anonymizing proxies or anonymizing networks like I2P and Tor can be used to prevent Internet service providers (ISP) from knowing which sites one visits and with whom one communicates, by hiding IP addresses and location, but does not necessarily protect a user from third party data mining. Anonymizing proxies are built into a user's device, in comparison to a Virtual Private Network (VPN), where users must download software.[179] Using a VPN hides all data and connections that are exchanged between servers and a user's computer, resulting in the online data of the user being unshared and secure, providing a barrier between the user and their ISP, and is especially important to use when a user is connected to public Wi-Fi. However, users should understand that all their data does flow through the VPN's servers rather than the ISP. Users should decide for themselves if they wish to use either an anonymizing proxy or a VPN.
In a more non-technical sense, using incognito mode or private browsing mode will prevent a user's computer from saving history, Internet files, and cookies, but the ISP will still have access to the users' search history. Using anonymous search engines will not share a user's history, clicks, and will obstruct ad blockers.[180]
Concrete solutions on how to solve paradoxical behavior still do not exist. Many efforts are focused on processes of decision making, like restricting data access permissions during application installation, but this would not completely bridge the gap between user intention and behavior. Susanne Barth and Menno D.T. de Jong believe that for users to make more conscious decisions on privacy matters, the design needs to be more user-oriented.[157]
In a social sense, simply limiting the amount of personal information that users posts on social media could increase their security, which in turn makes it harder for criminals to perform identity theft.[180] Moreover, creating a set of complex passwords and using two-factor authentication can allow users to be less susceptible to their accounts being compromised when various data leaks occur. Furthermore, users should protect their digital privacy by using anti-virus software, which can block harmful viruses like a pop-up scanning for personal information on a users' computer.[181]
Aunque existen leyes que promueven la protección de los usuarios, en algunos países, como Estados Unidos, no existe una ley federal de privacidad digital y la configuración de privacidad está esencialmente limitada por el estado de las leyes de privacidad vigentes. Para promover su privacidad, los usuarios pueden comenzar a conversar con representantes, haciéndoles saber que la privacidad es una preocupación principal, lo que a su vez aumenta la probabilidad de que se promulguen más leyes de privacidad. [182]
David Attenborough , biólogo e historiador natural , afirmó que los gorilas "valoran su privacidad" mientras hablaba de una breve fuga de un gorila en el Zoológico de Londres . [183]
La falta de privacidad en los espacios públicos, causada por el hacinamiento, aumenta los problemas de salud de los animales, incluidas enfermedades cardíacas y presión arterial alta . Además, el estrés causado por el hacinamiento está relacionado con un aumento de las tasas de mortalidad infantil y del estrés materno. La falta de privacidad que conlleva el hacinamiento está relacionada con otros problemas de los animales, lo que hace que sus relaciones con los demás disminuyan. La forma en que se presentan ante los demás de su especie es una necesidad en su vida, y la superpoblación provoca que las relaciones se vuelvan desordenadas. [184]
Por ejemplo, David Attenborough afirma que se viola el derecho de los gorilas a la privacidad cuando se les observa a través de recintos de cristal. Son conscientes de que están siendo observados y, por lo tanto, no tienen control sobre cuánto pueden ver de ellos los espectadores. Los gorilas y otros animales pueden estar en los recintos por razones de seguridad, sin embargo Attenborough afirma que esto no es excusa para que sean vigilados constantemente por ojos innecesarios. Además, los animales empezarán a esconderse en espacios no observados. [184] Se ha descubierto que los animales en los zoológicos exhiben comportamientos dañinos o diferentes debido a la presencia de visitantes que los observan: [185]