Privacy in a digital world
- The crossroads between ethics and technology
- In healthcare, better data demands better privacy protections
Technological progress has created a situation of severe tension and incompatibility between the right to privacy and the extensive data pooling on which the digital economy is based. This development requires new thinking about the substance of that right.
In the last decade, both governments and giant corporations have become data miners, collecting information about every aspect of our activities, behavior and lifestyle. New and inexpensive forms of data storage and the internet connectivity revolution - not only in content, but in fact - in just about everything (from smart appliances to nanobots inside people's bodies) - enable the constant transmission of big data from sensors and data-collection devices to central "brains"; the artificial intelligence revolution has made it possible to analyze the masses of data gathered in this way.
The intensive collection of data and the inherent advantages of the new technology have spawned the cynical idea that privacy is dead, and we might as well just get used to that fact. In what follows, I will describe three aspects of the right to privacy that have become especially relevant in the digital world. I will then demonstrate that not only is privacy still alive and kicking, but also that we should treat it with the respect it deserves as the most important of all human rights in the digital world.
The first perspective on privacy in the digital world is the idea that the appropriate reaction to the massive pooling of data is to enhance this right, so that we all have better control over our personal information. Individuals should be able to choose what space within their personal domain can be accessed by others and to control the manner, scope and timing of its exposure.
From this perspective, and in a different and more extreme fashion than with regard to other human rights, the borders of the right to privacy allow for compromise and flexibility. Thanks to this control, I - as an individual - have the right to view the content of databases containing information about me. Furthermore, no one is allowed to make any use of this information without my consent, except in extraordinary circumstances. I retain the privilege to agree to the terms of use before I download an app onto my cell phone or began to use freeware - product categories whose economic model rests on commercializing my personal data.
Above all, we need to understand the limits of privacy as control.
This approach is reflected in the regulations requiring my consent for others to make use of and process personal data, ensure my access to data about myself and stipulate that I can have it deleted, corrected or transferred to a different company.
But there is one serious problem with this approach: It is utter fiction. It simply isn't possible to speak about consent to violations of privacy in a world in which data is processed in many ways and for many purposes, some of which cannot be foreseen at the time when consent is granted. Furthermore, every beginning scholar of behavioral psychology will tell you that no one reads the terms of use, even when they are phrased concisely or displayed in large print - neither of which is the case, of course.
Were this not enough, there is also the psychological phenomenon of the "privacy paradox," which refers to the discrepancy between the concept of privacy reflected in what users say ("I care deeply about my privacy") and their actual behavior ("A free pizza? Fantastic! What information do you need?")
The downside of the notion of privacy as control is that our control of our personal data is quite fictional. There is an overall problem - whereby commercial entities avail themselves of huge tranches of private information without having obtained real consent for doing so. This information, in turn, can be put to various uses, some of which are of value, while others pose serious threats to society.
Above all, we need to understand the limits of privacy as control. It is clear that the best approach would be to upgrade our digital literacy and learn how to deal with the situation; but the problems noted here make this idea only minimally relevant. Perhaps the solution is to start with clearer legislation - national or international - that defines reasonable and legitimate uses of personal information and mandates companies to obtain the consent of the individual involved, only when the proposed use does not fall into that category.
Somewhat paradoxically, the second approach to the right to privacy in a digital world relates to the most basic and classic connotation of the right to privacy - the "right to be left alone." This refers to our right to preserve and protect our identity and maintain a safe and protected space around our body, thoughts, feelings, darkest secrets, lifestyle and intimate activities. A world with sensors and surveillance cameras all around us, along with recording devices and gadgets that are constantly monitoring what we do, has far-reaching psychological ramifications.
In the discourse on privacy, we tend to deal chiefly with questions of controlling the transmission or management of information after it has been collected, with regards to issues of data anonymization, security and encryption. But what we need at the present time is to ask whether there really is a commercial, business or public need to collect our private data so obsessively.
Against the clear advantages of technological progress, commercial convenience and even law enforcement, we must weigh the chilling effect on curiosity, on trust, on creativity, on intimate activity, on the ability to think outside the box - which is the critical spark to innovation.
What's more, the essential feature of all digital personal assistants is the human traits (voice, face, language) with which their developers have endowed them. These devices are supposed to give us the feeling that there is another human being in the room. Researchers have shown that in contrast to our behavior with what we perceive as a machine (such as a computer or telephone), we react to humanized technology as if a real person were standing there. The right to be left alone will get a whole new meaning, then, different than in the internet age.
The third approach to the right to privacy is the idea that privacy should make it impossible for commercial or government entities to combine our personal data with big data amassed from other people in order to construct precise personality, psychological and behavioral profiles through machine learning. This phenomenon, known as the "autonomy trap," applies to information about emotional tendencies, insecurity, sexual orientation (even of persons still in the closet), fears and anxieties and more.
The problem is that the personality profile is used for retargeting advertisements of products or services or for other facets of influencing behavior - all of it in a way that is precisely tailored to the needs associated with the profile.
In a world in which it is possible to pool and analyze information about us in order to generate buying and behavior recommendations "just for you" (purchases on Amazon, shows on Netflix, navigation guides such as Waze), we in effect are unwittingly surrendering some of our decision-making autonomy to systems that know what is the best route to our destination and what we should eat.
Without individual privacy there is no meaning to an individual's life.
We also are exposed to attempts at individual persuasion tailored just for us, with a power, invasiveness and capacity that did not exist in the past. Think "self-restraint preference algorithms" power devices, such as personal assistants, whose purpose is to learn as much about us as possible - what we are interested in, who our friends are, our habits, our mood - and then to help us by sending messages, making phone calls, setting appointments, ordering products or making travel reservations.
We must remember the slippery slope from the use of techniques for collecting personal information in order to offer products and services, and the use of the very same techniques to influence our thoughts, creates an autonomy trap about beliefs, and undermines our trust in democratic institutions - in brief, manipulates elections.
The Cambridge Analytica scandal in the spring of 2018 - which took the lid off the exploitation of personal data in order to sway the elections in many countries - shows that the right to privacy goes far beyond individual control of information and extends to a threat to the very possibility of conducting a sound democratic process, and thus - of protecting all human rights.
And so, in the digital world, privacy must be seen as a crucially important right for us as a society, as a collective. At the conceptual level it needs to go through the same process of evolution as its older sibling, the right to freedom of expression. Just as freedom of expression started out as the right of individuals to scream to their heart's content, and developed into a collective right that sustains a rich and functional public discourse so that we can engage in a healthy democratic process, so too privacy must grow and develop - from the right of individuals to trade in their own data, into a collective right of defense against autonomy traps, in the context of elections and mind control.
The laws governing commercial competition will have to develop ideas that see personal data as an independent market. Antitrust agencies will have to look at the concentration of the personal data held by a single entity.
By the same token, the laws on election propaganda will have to regulate what types of personal information may not be exploited in campaigns, and determine whether there are techniques whose persuasive and manipulative powers are so great that they should be banned.
Privacy is not dead. In fact, it has become our most basic right and must be protected. Without individual privacy there is no meaning to an individual's life, and without privacy, democracy loses all meaning.