Is There Such a Thing as “Informational Privacy”?

The concept of “information” is not very informative. This is because there are so many different meanings to the word. Almost every scientific discipline has their own definition, from physics and chemistry to biology, informatics, mathematics, philosophy, and even sociology, which has long been talking about an “information society.” So what does “information” mean? What is information? Obviously, we need to decide, that is, to filter out much of what can be discussed about the topic and select those meanings of the term that are useful for our purpose, namely, attempting to understand what is meant by informational privacy.

According to the classic definition of Alan Westin (Privacy and Freedom 1967), privacy is “the ability to determine for ourselves when, how, and to what extent information about us is communicated to others.” This definition carries with it several important implications. First, privacy is a matter of information. This information must in some way be “about” us, that is, us “personally.” Privacy therefore has to do with a specific kind of information, namely, “personal information,” or as it later became known, “personally identifiable information” (PII). Another important implication of Westin’s understanding of privacy is that it is not the information itself that is most important, but rather the “ability to determine” what information is communicated to others. Privacy therefore does not primarily reside in any particular informational content, for example, information that would somehow describe a person so intimately that he or she would not be able to communicate it without losing privacy. On the contrary, it would seem that privacy resides above all in the freedom to communicate or not to communicate information, whatever it may be. For example, it could be argued that our genome is so personal and intimate that any communication of our genome to others would automatically constitute a violation of privacy. The implication of Westin’s definition, however, is that we could well determine to do so, that is, if we wanted, we could publish our genome on the internet for the world to see and this would not constitute a violation of privacy. If someone else however, for example, our doctor were to do this without our consent, then, of course, this would constitute a violation of privacy. Privacy is therefore a matter of consent, of decision, of freedom and choice and does not reside in any particular information. This means that privacy consists primarily in the will, in the act of deciding to communicate. Only if my free choice about communicating information is infringed upon can we speak of a violation of my privacy. Finally, Westin’s definition assumes that privacy essentially has to do with communication, that is, privacy is the right to communicate or not to communicate. A right to privacy in this sense only makes sense, however, if communication is an option, something we can choose to do or not do. This means that Watzlawick must have been wrong when he stated that “we cannot not communicate.” If human beings are essentially social and human existence is constituted by communication this would make privacy as Westin defines it impossible. Only if information about a person is something that is not necessarily and automatically communicatively constituted and distributed in social space can privacy be possible.

These three assumptions, 1) privacy has to do with information of a specific and unique kind, 2) privacy is an act of the will, 3) privacy is based on the possibility of not communicating are at least questionable and in need of justification. This is because it is difficult to find any specific kind of information that is so intimate and so personal that it cannot be communicated without loss of privacy. It is also difficult to reduce privacy to an act of the will, since anyone who wanted to could easily choose to do without it altogether. If that were possible, it would make the assumption of a fundamental “right” to privacy meaningless. Finally, it is at least questionable if there can be any kind of information that is not constituted by and in communication. Human beings are social animals and identity is a social construct. Without language and communication, we have nothing. If Watzlawick is right, and we cannot not communicate, then non-communication is not an option. For these reasons, the more Westin’s definition is anchored into law, for example, in the Universal Declaration of Human Rights and the new European General Data Protection Regulation (GDPR), both of which declare privacy to be an inviolable, inalienable right to informational self-determination, the greater becomes the need to justify the three assumptions it is based upon. An important recent attempt to do this is Floridi’s “ontological interpretation of informational privacy” (The Ontological Interpretation of Informational Privacy 2005, On Human Dignity as a Foundation for the Right to Privacy 2016). In distinction to many who consider privacy an instrumental right whose value is derived from other rights, Floridi takes a strong position on privacy. He assumes privacy is not an instrumental right deriving its value from rights such as freedom, security, property, etc. He views privacy as a fundamental and inalienable right in itself whose meaning in today’s global network society is first and foremost informational self-determination.

Floridi argues that informational privacy can only be considered an inalienable and fundamental right to the extent that human beings do not merely possess information about themselves, but instead, are their information. Humans are informational organisms or “inforgs” that are essentially constituted by their information. This makes violations of privacy more like kidnapping than theft, for when personal information is stolen, it is the person themselves that is “stolen” and not merely something that the person owns. Of course, this should not be construed to imply that privacy is violated when a person freely consents to disclose information about themselves. Indeed, it is the right, as Westin put it, to decide “when, how, and to what extent information about us is communicated to others” that constitutes privacy. Not all information is constitutive of a person, but only some information. It is unclear, however, which information this is and whether or not privacy consists in the information itself, or much rather the decision whether or not to disclose information. If privacy depends on certain specific information, for example, biometric information, medical records, financial information or authorization information such as identity numbers, passwords, etc., then there is no situation in which disclosure of this information would not amount to a violation of privacy. When Floridi compares the disclosure of information to kidnapping instead of theft, any use of information that is constitutive of the “inforg” is necessarily a violation of privacy, regardless of whether a person may consent to this use or not. Information is like the body. One cannot freely give one’s body to others to dispose of as they will. I may be able to sell my labor time to an employer, but I cannot give away my “inviolate personality,” to cite, as does Floridi, the words of Warren and Brandeis. If the inviolate personality and thus human dignity consist of certain information, as Floridi appears to claim, then this information must remain secret and can never be disclosed, with or without consent.

The ontological interpretation of informational privacy could also be interpreted in such a way that it is not any specific information that constitutes the being of a person, but the right and ability of a person to freely decide, as Westin put, “when, how, and to what extent” any information about the person is communicated. The emphasis now lies on decision, the free choice to communicate and not on any specific information. This means that there is no such thing as information that is private in itself. Regardless of whether someone discloses their financial information, medical records, genome, passwords, etc., privacy is only violated if the disclosure is not freely chosen. It is therefore possible without violation of privacy to disclose everything. For example, it is conceivable that someone willingly submit to universal surveillance, much like so-called “Reality TV.” As long as this is a free choice, there is no privacy issue. When there is no privacy issue in cases of complete disclosure, then there can be no fundamental and inalienable right to privacy. Human dignity cannot rest on privacy, but only on freedom. Freedom is the right to choose not to be “private.” No one can say that someone cannot disclose whatever they want about themselves. There is a right to free choice, but no right to privacy. Of course, one could argue that a choice to completely give oneself over to others is irrational, since this would amount to freely choosing not to be free, as it were, to give oneself over into slavery. This would indeed be so if a person were identified only with their body. The ontological interpretation of informational privacy, however, identifies the inviolable personality with information. There is a basic difference between information and the body. Information can very well be copied, transferred, disclosed, etc. without ceasing to be freely available in many other places and situations. Unlike physical forms of existence, information is free of the constraints of time and place. I can give all my information away, and still possess and dispose over it. A person can therefore disclose everything about themselves, without ceasing to be able to act as they wish, go wherever they want, produce more information, change old information, etc. The complete disclosure of information, therefore, does not amount to something like suicide or slavery as would the complete alienation of the body. Obviously, one cannot be physically kidnapped and still walk around freely. Informational beings are ontologically different from physical beings. Floridi defines human beings as “informational organisms” and then goes on to define informational privacy in analogy to the body without taking account of the essential differences between physical bodies and information. If information is something that cannot be constructed and used without communication and disclosure of some kind, it could be that human identity and the inviolate personality are a construction of communication and therefore depend upon the disclosure of information instead of secrecy. The more we know about a person, the more difficulat it becomes to discriminate against them and treat them inhumanely. If this is so, then how can privacy be a fundamental and inalienable right of its own and not much rather a contextually dependent instrumental value? It may be that “inforgs” are precisely those beings that don’t need privacy at all in order to flourish. It may be that such key concepts of contemporary privacy discourse such as “informational privacy” and “informational self-determination” are contradictions in themselves and we should start looking for other concepts to describe what autonomy, freedom, and dignity in today’s global network society might mean.