Nobody likes to be told what to do. And nobody wants to be intruded upon. These feelings make privacy something to be valued and something that should be protected by law. We are all convinced that in some way autonomy, self-determination, and personal integrity are linked to and depend upon privacy. This is why Warren and Brandeis in their influential Harvard Law Review article of 1890 argued that there should be a “right to privacy” which in their view amounted to “the right to be left alone.” The Universal Declaration of Human Rights (G.A. res. 217A III) extended this right to all human beings: “No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, not to attacks upon his honor and reputation.”
Both Warren and Brandeis and the UN knew that privacy was a tricky matter, a grey area, something that could not be easily defined. When it comes to taxation, military service, investigation of criminal acts, education, health care, financial credibility, and many many other social situations, whether we like it or not, we will be told what to do and we will be intruded upon; and no one can claim this amounts to a violation of their privacy. And if they do, then what counts before the law is whether or not an “expectation” of privacy can be considered “reasonable” and “legitimate.” Expectations of this sort vary from time to time, from culture to culture, and depend on many different factors. Above all, under today’s regime of Global, Mobile, Cloud, Apps, and Big Data most traditional expectations about privacy are obsolete and no longer based on the realities of the digital age.
Before the digital revolution, being left alone had to do with place and possession. The walls around my home protected my possessions, that is, all the things, including money and information in form of documents, that I could rightfully claim to own. If I didn’t keep things under the mattress in my bedroom, then I put them in a safe place such as a bank. No one under normal circumstances had the right to break into my house or into a bank and steal my possessions. After the digital revolution and the advent of a global network society this view of privacy is no longer adequate. Information is not a thing. It cannot be localized. It cannot often even be clearly assigned to an owner. The attempt to base informational privacy on requirements of notice and consent are ineffective. Connectivity, a norm of the network society, makes the physical location of data irrelevant. My home and my person, and even my bank, are integrated into global networks of many kinds, in which information flows in unpredictable and uncontrollable ways. Big Data and the Cloud make any attempt to think of information as something that I can own, keep in a safe place, and control obsolete and misleading. Data cannot be protected as once my possessions could be. My emails are not the same as my handwritten correspondence that I once kept locked up in my desk. The idea of data as a thing or a possession that can somehow be owned by someone, kept in a safe place, and controlled cannot effectively build the basis of what privacy means in a global network society.
If privacy is not matter of data protection, what then? The paradigm of possession and security has to be left behind and replaced by a new paradigm. One possibility is to focus on data usage. If data are nowhere, if data cannot be univocally assigned to an owner, if data cannot be protected, then what can be controlled is perhaps the ways in which data is used. If data is used in ways that violate the autonomy, personal integrity, and self-determination of individuals, groups, organizations, and collectives, then such misuse should be identified and effectively sanctioned. Technology and legislation should begin to focus on monitoring data usage. What counts as misuse is a question of values, norms, and social and personal expectations. Changing the paradigm of privacy from possession to use means opening up a discussion of values including finally a discussion of our self-understanding as humans in a world of ever more human non-humans and ever more complex information systems. If we are not to derive our self-understanding and our values from the logic of algorithms, then we must set about the task of defining those norms and values that can insure autonomy, integrity, and freedom in a network society.