Roger Clarke's Web-Site
© Xamax Consultancy Pty Ltd, 1995-2016
|Identity Matters||Other Topics||Waltzing Matilda||What's New|
Roger Clarke **
Version of 7 August 2006
Prepared for a Workshop at the Australian Law Reform Commission on 28 July 2006
© Xamax Consultancy Pty Ltd, 2006
Available under an AEShareNet licence or a Creative Commons licence.
This document is at http://www.rogerclarke.com/DV/Privacy.html
If you want the short answer, it's here. The purpose of this paper is to provide a succinct (3,000 word) explanation of the considerations that lead me to define it that way.
Privacy is important, from a number of different perspectives.
Philosophically, particularly in Europe, people are regarded as being very important for their own sake. The concepts of 'human dignity' and integrity play a significant role in some countries, as do the notions of individual autonomy and self-determination. In some (though perhaps not all) traditions and jurisdictions, these are the ideas that underpin the notion and significance of human rights.
Psychologically, people need private space. This applies in public as well as behind closed doors and drawn curtains. We need to be able to glance around, judge whether the people in the vicinity are a threat, and then perform actions that are potentially embarrassing, such as breaking wind, and jumping for joy.
Sociologically, people need to be free to behave, and to associate with others, subject to broad social mores, but without the continual threat of being observed. Otherwise we reduce ourselves to the appalling, inhuman, constrained context that was imposed on people in countries behind the Iron Curtain and the Bamboo Curtain.
Economically, people need to be free to innovate. International competition is fierce, and countries with high labour-costs need to be clever if they want to sustain their standard-of-living. And cleverness has to be continually reinvented. But the chilling effect that surveillance brings with it stifles innovation. All innovators are, by definition, 'deviant' from the norms of the time, and they are both at risk, and perceive themselves to be at risk, if they lack private space in which to experiment.
Politically, people need to be free to think, and argue, and act. Surveillance chills behaviour and speech, and undermines democracy.
In Australia, the pragmatic or utilitarian approach tends to dominate the philosophical. Of the four bases on which it can be argued that privacy is needed, the most dominant in discussions tends to be the psychological perspective. It is a serious mistake, however, to limit the justification in that way. Privacy-invasions are seriously harmful to the societies, economies and polities in which humans have flourished. Balances must be sought, and privacy protections must be devised, with that in mind. In turn, it is essential that a sufficiently broad conception of privacy be used.
Privacy's importance is reflected in the fact that the fundamental documents that define human rights all include reference to privacy or related ideas. For a list of such documents, see APF (2006), and see Bygrave (1998).
For example, the Universal Declaration of Human Rights (UDHR 1948, Article 12) states that "No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks", and Article 17 of the International Covenant on Civil and Political Rights (ICCPR 1966, Article 17) is expressed in very similar terms.
In the European Convention on Human Rights (1950), Article 8 is entitled 'Right to respect for private and family life', and states that "Everyone has the right to respect for his private and family life, his home and his correspondence. There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others". Unlike the previous two, this Article ennumerates categories of factors that can result in compromise to the right, and it has generated case law.
The Charter of Fundamental Rights of the European Union (2000) deals with privacy in Articles 7 and 8, and there are many specific European Directives. Many national Constitutions and Bills of Rights also encompass privacy.
But these documents evidence a considerable degree of inconsistency. The instruments generally do not define the term 'privacy', and its scope interleaves with a range of other freedoms and rights. These Notes endeavour to tease out the range of possible meanings, and propose the interpretation most appropriate to contemporary needs.
It would be a mistake to commence a search for the meaning of the term in the law. The law reflects social and economic needs, and hence they are the appropriate starting-point. Reference then needs to be made to the emergence of the legal concept of privacy from the late 19th century onwards. The discussion needs to take into account the fact that a considerable amount of change that has occurred, and continues. Only on that basis can a useful contemporary interpretation of the term be proposed.
A framework is provided by Maslow's Hierarchy of Needs (Maslow 1943). This postulates that people's more basic needs have to be largely satisfied before higher-order needs come into play. Moreover, if a lower-order need is threatened, the significance of higher-order needs is suspended until the lower-order needs are once again satisfied.
The usual classification scheme is presented as a pyramid:
Physiological needs are matters of survival (such as air, water, food, warmth and rest). Safety encompasses basic considerations such as physical security, family security and health, but also broader concerns such as security of personal assets and employment.
Interpreted most broadly, privacy is about the integrity of the individual. It therefore encompasses all aspects of the individual's social needs. Applying Maslowian thinking the following categories can be valuably distinguished.
Privacy of the Person, sometimes referred to as 'bodily privacy', is concerned with the integrity of the individual's body, and is related to the Physiological and Safety levels of the Maslowian hierarchy. At its broadest, it could be interpreted as extending to freedom from torture and right to medical treatment, but these are more commonly seen as human rights rather than as aspects of privacy. Issues that are more readily associated with privacy include compulsory immunisation, imposed treatments such as lobotomy and sterilisation, blood transfusion without consent, compulsory provision of samples of body fluids and body tissue, and requirements for submission to biometric measurement.
Privacy of Personal Behaviour, including what is sometimes referred to as 'media privacy', is related to both the Belonging and Self-Esteem levels of Maslow's hierarchy, and perhaps to Self-Actualisation as well. Many issues that come to attention relate to sensitive matters, such as sexual preferences and habits, political activities and religious practices. But the notion of 'private space' is vital to all aspects of behaviour, is relevant in 'private places' such as the home and toilet cubicle, and is also relevant in 'public places', where casual observation by the few people in the vicinity is very different from systematic observation and the recording of images and sounds.
Privacy of Personal Communications, including what is sometimes referred to as 'interception privacy', is also related to both the Belonging and Self-Esteem levels of Maslow's hierarchy, and perhaps to Self-Actualisation as well. Individuals desire the freedom to communicate among themselves, using various media, without routine monitoring of their communications by other persons or organisations. Issues include mail 'covers', use of directional microphones and 'bugs' with or without recording apparatus, telephonic interception and recording, and third-party access to email-messages.
Privacy of Personal Data, sometimes referred to as 'data privacy' and 'information privacy', is again related to the upper layers of Maslow's hierarchy. Individuals claim that data about themselves should not be automatically available to other individuals and organisations, and that, even where data is possessed by another party, the individual must be able to exercise a substantial degree of control over that data and its use. The last five decades have seen the application of information technologies to a vast array of abuses of data privacy (e.g. Clarke 1988, 2003).
The term privacy is sometimes used in the broad sense outlined in the previous section. But it is often used to refer to some quite specific need or expectation that is in the public eye at the time, such as freedom from the attention of paparazzi, protections against voyeurism in such old forms as 'peeping toms' and such new forms as mobile cameras in change-rooms, or the conduct of interviews in closed rooms rather than semi-open cubicles. One of the most common narrow usages of privacy is to refer solely to what is described in the previous section as 'privacy of personal data', or sometimes the combination of that with 'privacy of personal communications'.
A serious debasement of the term 'privacy' has occurred in the case of U.S. and Australian statutes that have equated it with the highly restrictive idea of 'data protection'. That notion derives from the 'fair information practices' movement that has been used by corporations and governments since the late 1960s to avoid meaningful regulation. The origins of that movement are commonly associated with Westin (1967, 1971) and Westin & Baker (1974). The paucity of the concept is addressed in Clarke (2000).
This section presents a brisk survey, from a layman's perspective, and is intended as a complement to comprehensive studies by legal academics, not as a substitute for them.
It is conventional to observe that privacy was not a significant feature of tribal or even village life. It became a more significant human value during the period following the rinascimento, as attitudes in Western Europe began to place greater value on individualism, and as human rights discussions expanded in such contexts as the abolition of slavery and improvements to the conditions of workers in 'dark satanic mills'.
The concept maps poorly to social philosophies in regions not dominated by the Western European tradition. This applies in particular to East Asia, where confucianist notions are commonly used to interpret subjugation of the individual to the State or collective as a higher value than individualism.
At the end of the nineteenth century, United States judges argued that "the right to be let alone ... secures the exercise of extensive civil privileges" (Warren & Brandeis 1890). The expression 'the right to be let alone' is consistent with the broadest interpretation discussed earlier in these Notes. On the other hand, the authors were preoccupied with incursions by the media into the lives of the influential, and an argument can be made that the term's compass is narrower than it sounds.
A significant early contribution was Packard (1964). Important sources of learned discussions about the need for privacy can be found in a series of UK studies (Younger 1972, Sieghart 1976, Lindop 1978). These envisaged the emergence or creation of broad tort notions of privacy, but they appear to have had only limited influence on action in the legislatures and the courts. Although those ideas are not convincingly alive, they are perhaps less dead than dormant. The possibility exists that a tort is emergent in the U.K., at least in the context of media privacy for celebrities and notorieties, and even in Australia.
Historical and philosophical discussions of privacy are in Flaherty (1972), Seipp (1981), Schoeman (1984), Flaherty (1984), Flaherty (1989), Smith (1997), Burkert (1999) and Bennett & Grant (1999).
In Australia, the earliest publication of significance appears to have been Cowen (1969). A vital contribution was that of Morison (1973), which expressly avoided expression of privacy as a 'right', and focussed on it as an 'interest' that people have, that is in need of protection, but that needs to be carefully balanced against other interests, variously of the individual themselves, of other individuals, of groups, of society, and of organisations. Others of significance include Benn (1978), Hughes (1991), Bygrave (2002) and Lindsay (2005).
Since the late 1960s, however, the dominance of the 'fair information practices' movement has resulted in very narrow usage of the term. In almost all jurisdictions, statutory activity has been restricted to 'privacy of personal data' and 'privacy of personal communications'. Some statutes have been appropriately described as 'data protection laws', while others have been inappropriately entitled 'privacy laws'.
The reasons for this diminution in the scope applied to the idea arose because one aspect of privacy achieved dominance over the others. Contrary to conventional assumptions, the primary driver was not information technology.
Since the late nineteenth century, there has been a marked increase in the scale of organisations. This has led to increased (and still-increasing) social distance between individuals and the social and economic institutions that they deal with. As that distance grows, so does distrust, and dependence on abstract data rather than direct relationships. The term coined by Jim Rule to refer to this was 'information intensity' (Rule 1974, Rule et al. 1980). It needs to be remembered that Orwell's '1984' was written in 1948, some years before a computer was first used for administrative purposes; and the foundation novel of the surveillance dystopia genre, Zamyatin's 'We', was written in 1922, and long predates the construction of the first computer (Clarke 1993).
Subsequently, however, computers emerged, networking technologies were married with them, and they were harnessed to the task of assisting governments and corporations to monitor people (Clarke 1988). Concerns about 'information intensity' exploded, and for several decades discussions about privacy protection have been largely focussed on (limited) protections for data, instead of the protecion of people's interests.
The first such statute was enacted in Hesse in 1970, and the first national legislation in Sweden in 1973. Through what Michael Kirby dubbed 'the decade of privacy' of the 1970s, many European nations acted. Nervousness among corporations about inconsistencies and trans-border provisions harming trade in personal data resulted in the codification of 'fair information principles' (OECD 1980). This has provided the framework for all subsequent laws.
Australia was slow to comply with its undertaking to implement the OECD Guidelines. A study by the Australian Law Reform Commission took over 5 years (ALRC 1983), and by the time it was published the political momentum had been entirely lost. Data protection legislation regulating the Commonwealth public sector was passed in 1988, but only in the aftermath of the Australia Card debacle, and as a trade-off for enhancements to the Tax File Number scheme. The States and Territories moved even more slowly, although half of the States and both Territories now have 'fair information practices' legislation for their public sectors. Highly confusing and extremely weak private sector legislation was passed by the Commonwealth in 2000. For a list of relevant Australian laws, see APF(2005a) and APF (2005b).
Europe has evidenced two contrary tendencies in data protection. On the one hand, the EU Directive is strongly driven from the human rights perspective, and has resulted in more effective protections for data (and hence to some extent better protections for people) than anywhere else in the world. On the other, some of the most extremist social control schemes have been implemented in European countries, such as Denmark and Finland, and the EU Directive accommodates them, because any privacy-abusive arrangement is feasible, provided that it has legal authority.
The USA has stood out from Europe. Burkert (1999) characterised the difference as being that the US has an 'economic-technological approach', whereas Europe is 'social values oriented' (or, in the terms used in the Introduction, the US is pragmatic whereas Europe places greater weight on the philosophical).
The USA has to date avoided passing comprehensive laws regulating the private sector, even of the weak 'data protection' kind. The vacuum has resulted in frequent, knee-jerk legislation on specific issues (most famously, for video rental records). Despite the long delay caused by the extraordinary dominance of the social control agenda since 11 September 2001, it appears likely that some kind of legislation may emerge shortly (Clarke 1999, Economist 2005, Clinton 2006).
Reflecting its desire to facilitate business at the expense of individuals, the U.S. Administration has recently utilised APEC, with its dominance of East Asian nations and its willing proxy Australia, as a means of establishing an even weaker document than the OECD Guidelines, in the form of the APEC Privacy Framework (2004).
The world's 'data protection' and 'privacy' laws have been very largely motivated by the facilitation of the business of government and private enterprise. Most were not conceived as implementations of human rights needs, although many countries have contrived ways of reconciling the two in order to make it appear that they are fulfilling their obligations under ICCPR.
The social need is for the broader interpretations of privacy to again become dominant, and for the harm wrought to individuals by decades of dominance of the 'fair information practices' movement to be reversed.
The following is the working definition that I've used since the early 1990s (Clarke 1997). It owes much to Morison (1973):
Privacy is the interest that individuals have in sustaining a 'personal space', free from interference by other people and organisations
ALRC (1983) 'Report No.22: Privacy' Australian Law Reform Commission, Elizabeth St, Sydney NSW 2000, 1983 (3 vols.)
APF (2005a) 'Privacy Laws - Commonwealth of Australia' Australian Privacy Foundation, Resource Page, 2000-2005, at http://www.privacy.org.au/Resources/PLawsClth.html
APF (2005b) 'Privacy Laws - States and Territories of Australia' Australian Privacy Foundation, Resource Page, 2000-2005, at http://www.privacy.org.au/Resources/PLawsST.html
APF (2006) 'International Instruments Relating to Privacy Law' Australian Privacy Foundation, Resource Page, 2000-2006, at http://www.privacy.org.au/Resources/PLawsIntl.html
Benn S. (1978) 'The Protection and Limitation of Privacy' 52 ALJ 601
Bennett C. & Grant R. Eds. (1999) 'Visions of Privacy : Policy Choices for the Digital Age' Univ of Toronto Press, 1999
Burkert H. (1999) 'Privacy / Data Protection: A German/European Perspective' Proc. 2nd Symposium of the Max Planck Project Group on the Law of Common Goods and the Computer Science and Telecommunications Board of the National Research Council, Wood Hole, Mass., June 1999
Bygrave L. (1998) 'Data Protection Pursuant to the Right to Privacy in Human Rights Treaties' International Journal of Law and Information Technology, 1998, 6, 247-284, at http://folk.uio.no/lee/oldpage/articles/Human_rights.pdf
Bygrave L. (2002) 'Data Protection Law: Approaching Its Rationale, Logic and Limits' Kluwer Law International, 2002
Clarke R. (1988) 'Information Technology and Dataveillance' Commun. ACM 31,5 (May 1988). Re-published in C. Dunlop and R. Kling (Eds.), 'Controversies in Computing', Academic Press, 1991, at http://www.rogerclarke.com/DV/CACM88.html
Clarke R. (1993) 'A 'Future Trace' on Dataveillance: The Anti-Utopian and Cyberpunk Literary Genres' Xamax Consultancy Pty Ltd, March 1993, at http://www.rogerclarke.com/DV/NotesAntiUtopia.html
Clarke R. (1997) 'Introduction to Dataveillance and Information Privacy, and Definitions of Terms' Xamax Consultancy Pty Ltd, August 1997, at http://www.rogerclarke.com/DV/Intro.html
Clarke R. (1999) 'Internet Privacy Concerns Confirm the Case for Intervention' Commun. ACM, 42, 2 (February 1999) 60-67, at http://www.rogerclarke.com/DV/CACM99.html
Clarke R. (2000) 'Beyond the OECD Guidelines: Privacy Protection for the 21st Century' Xamax Consultancy Pty Ltd, January 2000, at http://www.rogerclarke.com/DV/PP21C.html
Clarke R. (2003) 'Dataveillance - 15 Years On' Proc. Privacy Issues Forum, New Zealand Privacy Commissioner, Wellington, 28 March 2003, at http://www.rogerclarke.com/DV/DVNZ03.html
Clinton H. (2006) 'Senator Clinton Calls for New Privacy Bill of Rights to Protect Americans' Personal Information' U.S. Senate, 16 June 2006, at http://clinton.senate.gov/news/statements/details.cfm?id=257234&&
Cowen Z. (1969) 'The Private Man' The Boyer Lectures, Australian Broadcasting Commission, Sydney, 1969
Economist (2005) 'Demon in the machine: Privacy laws gain support in America, after a year of huge violations' The Economist, 1 December 2005, at http://www.economist.com/business/displayStory.cfm?story_id=5259499&no_na_tran=1
Flaherty D.H. (1972) 'Privacy in Colonial New England' Charlottesville VA, 1972
Flaherty D.H. (1984) 'Privacy and Data Protection: An International Bibliography' Mansell, 1984
Flaherty D.H. (1989) 'Protecting Privacy in Surveillance Societies' Uni. of North Carolina Press, 1989
Hughes G. (1991) 'Data Protection Law in Australia', Law Book Company, 1991
Lindop (1978) 'Report of the Committee on Data Protection' Cmnd 7341, HMSO, London (December 1978)
Lindsay D. (2005) 'An Exploration of the Conceptual Basis of Privacy and the Implications for the Future of Australian Privacy Law' Melb. Uni. L. Rev. 29, 1 (2005) 131-178
Maslow A.H. (1943) 'A Theory of Human Motivation' Psychological Review 50 (1943) 370-396
Morison W.L. (1973) 'Report on the Law of Privacy' Govt. Printer, Sydney 1973
Packard V. (1964) 'The Naked Society' McKay, New York, 1964
Rule J.B. (1974) 'Private Lives and Public Surveillance: Social Control in the Computer Age' Schocken Books, 1974Rule J.B. McAdam D., Stearns L. & Uglow D. (1980) 'The Politics of Privacy' New American Library, 1980
Schoeman F. D. Ed. (1984) 'Philosophical Dimensions of Privacy: An Anthology' Cambridge University Press, 1984
Seipp D.J. (1981) 'Note: The Right to Privacy in Nineteenth Century America' 94 Harvard L. Rev. (1981) 1892
Sieghart P. (1976) 'Privacy and Computers' Latimer, 1976
Warren S. & Brandeis L.D. (1890) 'The Right to Privacy' 4 Harvard Law Review (1890) 193-220, at http://athena.louisville.edu/library/law/brandeis/privacy.html
Westin A.F. (1967) 'Privacy and Freedom' Atheneum 1967
Westin, A.F., Ed. (1971) 'Information Technology in a Democracy', Harvard University Press, Cambridge, Mass., 1971
Westin A.F. & Baker M.A. (1974) 'Databanks in a Free Society: Computers, Record-Keeping and Privacy' Quadrangle 1974
Younger K. (1972) 'Report, Committee on Privacy' U.K. Cmnd 5012, London, 1972
Roger Clarke is Principal of Xamax Consultancy Pty Ltd, Canberra. He is also a Visiting Professor in the Cyberspace Law & Policy Centre at the University of N.S.W., a Visiting Professor in the E-Commerce Programme at the University of Hong Kong, and a Visiting Professor in the Department of Computer Science at the Australian National University.
The content and infrastructure for these community service pages are provided by Roger Clarke through his consultancy company, Xamax.
From the site's beginnings in August 1994 until February 2009, the infrastructure was provided by the Australian National University. During that time, the site accumulated close to 30 million hits. It passed 50 million in early 2015.
Sponsored by Bunhybee Grasslands, the extended Clarke Family, Knights of the Spatchcock and their drummer
Xamax Consultancy Pty Ltd
ACN: 002 360 456
78 Sidaway St, Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 6916
Created: 27 July 2006 - Last Amended: 7 August 2006 by Roger Clarke - Site Last Verified: 15 February 2009
This document is at www.rogerclarke.com/DV/Privacy.html