What is Privacy?

Privacy is difficult to define, even for strong advocates of the right. I like Robert Ellis Smith's definition from his book, Ben Franklin's Web Site: Privacy is "the desire by each of us for physical space where we can be free of interruption, intrusion, embarrassment, or accountability and the attempt to control the time and manner of disclosures of personal information about ourselves." Privacy can encompass the desire for physical autonomy from interference; control over personal information; and mental autonomy, including the freedom to consider and take decisions, and the freedom from information.

Privacy is not merely "secrecy" or something that is "non-public." In fact, individuals have expectations of privacy in information that has been disclosed or learned by others. For instance, one may tell their doctor and financial institution about medical and monetary conditions, but doing so does not make the information public, or less private.

Fair Information Practices

Privacy advocates attempt to address privacy problems through Fair Information Practices (FIPs), rules that assign rights and responsibilities to data subjects and collectors. There are eight FIPs under 1980 guidelines developed by the Organization for Economic Cooperation and Development (OECD):

· Collection Limitation Principle: Entities should minimize the collection of data to what is necessary to administer a transaction; they should obtain data lawfully, with consent of the data subject.
· Data Quality Principle: Personal data should be accurate and compete.
· Purpose Specification Principle: Individuals should be informed of the purposes for which personal data are collected.
· Use Limitation Principle: Personal data should not be disclosed, made available or otherwise used for purposes other than those specified in accordance with the purpose specification principle.
· Security Safeguards Principle: Personal data should be protected by reasonable security safeguards.
· Openness Principle: Individuals should have notice of developments, practices and policies with respect to personal data. There should be no secret databases.
· Individual Participation Principle: Individuals should have access to their personal information, and the ability to have data erased, rectified, completed or amended.
· Accountability Principle: Data collectors should be accountable for complying with the above practices.

Looking Forward

Because of regulatory developments, I think the big privacy battle of the next ten years will focus on affiliate sharing. Under current law, companies can exploit personal information amongst affiliates with no limitations. Since we now have huge financial service companies, their ability to affiliate share presents new risk of fraud, information security, and invasions of privacy.

In the law enforcement context, government access to personal information in the hands of commercial entities will continue to be a challenge. Commercial entities warded off privacy regulation in the 1990s by claiming that they were not interested in providing information to the government. Now that they have reneged on this representation, the battle in the next decade will focus on whether private entities should have extra responsibilities on their data collection practices to protect individuals against law enforcement.

For More Information See

· Electronic Privacy Information Center: http://www.epic.org/
· Robert Ellis Smith: http://www.privacyjournal.net/
· Daniel Solove: http://law.shu.edu/faculty/fulltime_faculty/soloveda/solove.html
· Roger Clarke: http://www.anu.edu.au/people/Roger.Clarke/DV/