An Internet search defines privacy as “freedom from interference” but that’s only one interpretation. It is certainly not what we mean when we talk about privacy in the context of the commercial use of Personal Data. Privacy means so many different things to virtually everyone but is there one defining element to privacy that society can agree on?
Where online is concerned, privacy could be defined as “the expected and accepted uses of data given the relationship between the individual who shares their Personal Data with an organisation in return for a product or service”.
The point is that ostensibly there is no one correct definition of privacy that fits every scenario but for some reason the word “privacy” has been rolled up into one all-encompassing buzzword. How likely is it that when we discuss privacy, we are all on the same page?
Most Internet users have come to expect that at some point they will hand over personal details when browsing, shopping, or otherwise consuming free content online. It is a recognised convention that society has (generally) accepted. They have come to understand that Personal Data is required as part of a value exchange and that their data is a commodity that can be traded.
Younger generations and the internet savvy understand how to leverage their Personal Data to their advantage. They care less about marketing noise and other distractions that result from this exchange, putting it down to just what happens on the web. After all they get what they want. Marketing activities to these groups are not a privacy issue, however, to older generations they are.
The concept of “privacy” is shifting as generations come to terms with the commercial necessity of the internet.
There are of course protections in place, The Data Protection Act 1998 being a prime example in the UK, to safeguard people on the internet, who don’t know or don’t care what can happen to their Personal Data. For those who know what happens to their data and do care, these protections do not go far enough and control is a bigger issue. This is in part why the European Commission is seeking to reform the Data Protection Directive. The level of control is an issue for business. Most businesses only use Personal Data in innocent ways to improve customer service, products and customer experience online. While it’s important to offer control over Personal Data use to the user, creating a fetish of control leads to the creation of rules that are no longer based on practicality but on sating that fetish.
From what we have discussed so far there are many divergent views of what privacy is and what is important about it. What is the one connecting element that allows us to view privacy collectively? Perhaps the NSA and GCHQ spying issues in 2013 will help us here.
In 2013, thanks largely to a certain bespectacled former NSA contractor, the western world came to understand the extent to which governments were monitoring citizens’ online activity (in order to protect them from terrorists). The “revelations” led to a slew of accusations, legal reviews, and assertions by politicians that legislative changes must be made to ensure that spying is controlled – all in the name of privacy but what was society outraged about?
Was it the fact that most of society didn’t know that the security services were adopting more sophisticated methods of tracking down terrorists? Or was it about a perceived lack of oversight and control?
If the issue is the scope and lack of control of these activities then how does that compare with online profiling? Surely less savvy internet users would be equally shocked at the vast extent to which online profiling occurs for commercial purpose, if we hold profiling by the same standards as monitoring by the NSA and GCHQ. Should organisations have to ask for consent every time online profiling goes beyond “reasonable expectations”?
Perhaps what people were outraged about was the monitoring where there was no clear justification for it. Potentially spying on those who had done nothing wrong. It is understandable that this would be unfair but when was the last time a terrorist was open about who they were, and what exactly are the security services trying to achieve?
Privacy – on the web at least – is complex and nuanced and cannot be shoehorned neatly into a debate about democracy and political oversight of the security services.
So while the debate rages on we can certainly draw two conclusions. Firstly that all this noise about “privacy” will have an adverse affect on the amount of data being shared by consumers for commercial purposes, and secondly, that there will be regulatory fall-out. Where business ends up as a result is unclear but those organisations that can demonstrate “trustworthiness” will most likely profit.
Published November 2014
The information provided and the opinions expressed in this document represent the views of the Data Protection Network. They do not constitute legal advice and cannot be construed as offering comprehensive guidance on the EU General Data Protection Regulation (GDPR) or other statutory measures referred to.