In general, online users want to control how their information is collected and processed. They want to control who knows about them, what they know, and how they got that information. They value privacy and security while they’re online. While some people don’t have a problem with giving up their information to the services that they use, the vast majority of users want some protections in place that allow them to decide who gets to use their personal information.
There’s little doubt that recent developments in technology have opened up opportunities never thought of before. However, many of these developments have also created mechanisms that threaten user privacy. Not only that, but some very recent developments (such as the monopolization of basic internet functions like search, social media, buying and selling) have reduced much of the already little control online users had over their personal data.
Losing one’s control over personal data doesn’t always lead to negative consequences, but in the case of the internet and everything we do online it’s certainly had some drawbacks. These consequences have only come about because more and more entities have managed to access more and more of our data.
Fortunately, privacy advocates and some government departments acted early enough to put in place data protection laws that allowed people to respond to some extent to the increasing amount of personal data processing. Then came even more privacy-invading advancements in the field of information technology and big data, like deep learning for example. Other concepts like the platform economy and big technology companies that almost completely cover the globe also threaten user privacy.
By their nature, the mere existence of these large tech companies and platforms led to more storage of personal information and more data processing. All of these developments gave a few entities a significant amount of power which brought abuses of power along with them. The Edward Snowden revelations along with the Cambridge Analytica scandal clearly demonstrated that the threats posed by lack of privacy and control over data were not just virtual and a result of personal preferences but were real and could harm society at large.
Then there are advanced digital surveillance technologies that countries like North Korea, India, China and others deploy on a large scale to gobble up more personal information about their citizens. Such technologies further increase the control that they have over personal information. This has also raised concerns about personally identifiable information privacy.
Businesses collect huge amounts of data on their customers to advertise to them more effectively and to help attract new users. All of the technologies underlying these tools are considered key assets of these companies. Most of the business models that giant technology companies like Apple, Microsoft, Facebook, Amazon and Google follow are completely centered on collecting, selling and studying personal information. The purpose and scope of their data collection programs have only expanded in recent years.
All of this has also led some to question whether there’s any value in discussing user privacy and what it really means in an environment where users rely on services that rely on their personal data. New technologies, especially in areas specific to cyberspace, are enabling a few entities to wield an increasing amount of power.
With that power, they can influence the discourse on what informational privacy means today. Compared to the past, there’s a lot less clarity in understanding certain terms and concepts related to informational privacy. In fact, there isn’t even an agreement on what should constitute privacy.
Understandably, such confusion is also present amongst those responsible for making laws to protect informational privacy. As a result, discussions surrounding ethics and policymaking have also been affected.
The majority of the discussion regarding informational privacy revolves around how governments, companies, individuals and the courts should interpret and analyze GDPR. The EU made GDPR law in the spring of 2018 and it provided online consumers with various privacy rights not just in Europe but throughout the world.
Regardless of the position one takes, the relationship between privacy and information technology is a very interesting one that demands more exploration and discussion.
Is Privacy All About Hiding Your Data?
In the context of the information age and the internet, privacy is mostly about hiding your data from bad actors. Of course, it’s easy to think about privacy in the way it’s depicted in pop culture. Many people imagine privacy as CCTV cameras, Big Brother, government surveillance, MI5 and similar topics and organizations from movies and TV shows.
However, privacy, as defined by the IAPP, is an individual’s right to be left alone. It also states every individual should have the freedom from intrusion and interference. Following that, the IAPP states that informational privacy is the right of an individual to have some control over how their personal information gets collected and used.
As simple as it sounds, when you get down to the nuts and bolts, defining privacy is conceptually difficult. Privacy, for the most part, is subjective and very much dependent on the society in which it’s discussed.
In simpler terms, what some people may define as privacy invasion may just be normal behavior for others.
Even putting aside online privacy for a moment, we can see all around us that people have different views about privacy. Some folks have no trouble talking to each other about their salaries or their families or their illnesses while others want to conceal such information as much as possible. But when everything is said and done, the government, the people and the scholarship of the country in question will define what privacy is and how one should go about respecting it and legislating for it.
Is Informational Privacy the Same As Data Privacy?
For the most part, yes. In fact, the terms are interchangeable as far as the average online user is concerned. Both informational privacy and data privacy form the same branch of a larger concept known as data security.
Both are mainly focused on how to properly handle the tons of data that online users generate every single day. Discussions about informational privacy deal with concepts such as consent, regulatory oversight and notice.
Note:More specifically, informational privacy deals with how online companies and any entity that collects data shares user data with third parties and whether or not it does so automatically or after seeking proper consent. One other informational privacy concern is related to how these entities and third parties store and collect data and whether or not their processes are legal.
When informational privacy-enhancing laws, like the CCPA, GLBA, HIPAA, and GDPR, do go into effect, the discussion surrounding informational privacy turns to the regulatory restrictions these laws bring to the table and how they can better serve the interests of the users and e-commerce as a whole.
We’ve talked about sensitive data privacy and informational privacy essentially meaning the same thing and how both form a part of data security. But how do data security and privacy compare?
Concretely, data security is about how government agencies and any entity that has some data to deal with protects that data from internet threats and external attacks. On the other hand, data privacy or informational privacy is about how the data is collected, sold, shared and used.
This is where many organizations have the misconception that if they have good data security mechanisms to keep hackers away, then they’re also in the clear when it comes to complying with regulations such as CCPA or GDPR to protect informational privacy. This is not actually the case.
Many use information privacy and data security interchangeably, which typically doesn’t cause too much confusion. However, there are some differences as we’ve already discussed.
More specifically, if a company collects and stores data, then it must take great measures to ensure that all the personally identifiable information is safe using encryption, access restriction and multiple monitoring systems.
However, if the same company didn’t pay attention to how it collected the information, then it would be in violation of a data privacy regulation. The company has to have proper consent from the user before it collects or processes data. In this case, even though the data is secure, informational privacy is still being violated.
What Is an Informational Invasion of Privacy?
Invasion of informational privacy happens when there is an undue intrusion in someone’s life without proper consent. More specifically, invasion of privacy occurs when a person’s freedom to be left alone and control their image in conversations and private spaces is violated.
The key term here is without proper consent. Both individuals and businesses can engage in an invasion of informational privacy of another person.
Note:Without using too much legal jargon, the most common forms of invasion of informational privacy against businesses or individuals occur when someone deliberately misuses a person’s statements for the purposes of marketing.
If someone posts another person’s likeness without prior permission then that’s also an example of an invasion of informational privacy. Another example is when companies and businesses communicate with potential customers via telephone or email without giving them the chance to opt-out of their campaign.
Another common example of an invasion of informational privacy is when someone misappropriates another individual’s name. As alluded to before, this mostly happens when a business abuses an individual’s image or name in its marketing campaign without seeking prior permission. It’s true that in most cases the victims in this type of informational privacy violation are celebrities. Typically the average citizen doesn’t need to worry about this type of invasion of informational privacy.
Celebrities usually hire a team of lawyers to deal with such issues. Of course, that doesn’t mean it will never happen to a non-celebrity individual. Celebrities also have strict control over their photos and names and how the media publishes them. If any business uses any of these things without prior permission from their legal teams, that counts as an invasion of informational privacy.
Types of Informational Privacy
Privacy of the Body
Privacy of the body gives individuals rights over their own bodies. Government entities don’t have the right to invade it or examine it without prior consent.
This is a bit different from sexual violence, though. It might even sound mundane. For example, the privacy of the body gives individuals protection against people coming in and forcibly puncturing their skin to take a blood sample. This is an invasion of the individual’s body.
They only fall under the privacy of the body when the individual has them in the form of feelings and thoughts. That is, before the individual expresses them to another person.
Privacy of Correspondence
This is perhaps the most relevant type of privacy as it refers to what typically occurs in the online world. Nowadays very few people use letters or faxes to communicate with each other but even when they did, letters had to be sealed and the individual had the right to have the letter sealed for privacy. That doesn’t mean governments and corporations didn’t try to violate such privacy rights and they certainly didn’t stop trying when digital communication became the norm.
If, as a society, we want to preserve the privacy of correspondence, we’ll need to fight for it. First, privacy of correspondence gives individuals the right to communicate with another person in private without someone eavesdropping without proper consent. Second, privacy of correspondence also gives individuals the right to demand privacy not just while communicating with a person but also with a resource like Wikipedia.
Privacy of Data
Another very important type of informational privacy is the privacy of data. Digital life is all about data; how it moves, how it’s collected and how it’s shared. If you have documents on your hard disk or in the cloud or if you have photos on your computer or online, that’s your data.
While online services can make you sign their terms and conditions when you’re setting up an account, the problem of invasion of privacy is rising in relation to data on your computer. In other words, the law currently provides very little protection against data seizure and search.
Sooner or later, privacy advocates are going to have to address this issue. While they prepare to do so, the best thing online users can do is to take advantage of technologies such as full-disk encryption. There are plenty of products available for full-disk encryption. The one you choose to use will depend on your operating system and your individual needs.
Pro Tip:The GNU/Linux operating system comes with its own set of full-disk encryption applications that you don’t have to download and install. It might be a good idea to think about moving to Linux and using it as your main operating system if you want rock-solid privacy of data.
This is one area of informational privacy that’s progressed almost as quickly as advances in computer science and tech. The rise of Bitcoin from a speculative asset to mainstream currency means that more and more people are interested in doing business online and making themselves financially stable. But they’re also interested in doing so with a healthy amount of privacy.
In the old days, banks helped people to have a degree of financial privacy. In fact, this was done so well that even the government had trouble finding an individual’s financial details such as debt, expenditure, wealth and income. However, things have been on the decline ever since. The government started to pass laws that allowed it to have access to people’s financial information.
Why would the government do this? They wanted to know more about the state of the economy and change data protection rules based on more information. In other words, it sacrificed the informational privacy of citizens for economic gain. Using this new information, the government calculated taxes that certain individuals and companies owed all without the individual in question having to do any work.
This is where Bitcoin is trying to change things. With Bitcoin, people can have the secrecy that banks used to offer in the past. The only difference this time around is that Bitcoin holders don’t need any help from traditional players such as banks and governments.
Privacy of Identity
This type of informational privacy is perhaps the most overlooked for one reason or another. Privacy of identity demands that people should have the freedom to accomplish tasks in their daily lives with anonymity. They shouldn’t have to provide papers in every building they enter whether it’s a fast-food restaurant or a courthouse. But we don’t live in such a society anymore.
Politics and some truly unfortunate incidents have given a boost to demands for better and more detailed ID cards. Currently, the biggest offender of privacy of identity is airports.
Airports are now the single most privacy-invading place on earth. First, you have the security that checks your bags and your clothes. Then, when you’re about to leave the airport, you have to get a plethora of clearance passes all of which add up to an invasion of your informational privacy.
Another way our privacy of identity is violated almost every day is through recording via CCTV cameras. Or rather the network of thousands of CCTV cameras that infest our cities today. Combine that with information that government agencies already have on their citizens and it’s easy to see how they can track anyone they want.
Privacy of Location
The mention of CCTV cameras and how their numbers have increased exponentially in nearly every country leads us to the privacy of location data.
Privacy of location means that people have the right to move wherever they want, however they want, whenever they want and with whomever they want. This should be allowed to occur without government surveillance.
Of course, that’s not to say that governments aren’t justified in eliminating privacy of location. Some of the events that have taken place around the globe in the past 20 years have essentially coerced governments into knowing more about the location of their persons of interest. Law enforcement agencies have used smartphone devices that are meant to serve people who own them, against them by launching massive tracking programs enabled via the location tracking capabilities features in these devices.
There are also many data retention laws that help governments study the data they collect via geo-location services. It goes without saying that it’s about time privacy advocates start taking this kind of informational privacy seriously.
Privacy of Territory
The last type of informational privacy that we want to talk about is the privacy of territory. This type of informational privacy gives people the right to refuse government agents trying to invade their homes. Not only that, the privacy of territory can also extend further than that and to ourselves.
In simpler terms, wherever we go we have a specified territory around us. We keep our belongings in our cars, in our pockets and our bags. Anything that’s contained within these must have protection via the privacy of territory.
Why Is Informational Privacy Important?
Information privacy or data privacy is important because it’s deeply related to data security. In fact, informational privacy has become one of the most critical issues surrounding the tech industry.
As alluded to before, many modern companies consider data to be their most valuable asset. All the biggest technology companies have leveraged data to build huge empires online and otherwise. Some have termed the new economy brought into existence by mega technology companies as the data economy.
In the data economy, how companies go about requesting consent from online users requires more transparency than usual. Companies also have to be pushed to stay honest about their privacy policies. They also need to show transparency in how they manage the user data that they’ve collected.
These are just some of the issues companies have to address to thrive, build trust and remain accountable to their partners and their customers.
Modern online users don’t treat informational privacy as a privilege but as a right and expect appropriate privacy. Mega technology companies like Facebook and Amazon have had to learn the hard way that if they continue to fail on maintaining informational privacy, they’ll be hurt by bad publicity.
As mentioned before, informational privacy means that any individual has a right to refuse unwanted surveillance. Not only that, but individuals also have the right to exist safely in their own space and be able to express their opinions on various issues without having to explicitly identify themselves. It goes without saying that such rights are crucial for a healthy democratic society.
Problems With Defining Informational Privacy
While we’ve kept things fairly simple throughout this post with regards to what is and isn’t informational privacy, the situation on the ground is a bit different. Everyone agrees that informational privacy is important and that without ensuring informational privacy there can never be general privacy. However, the fact that different privacy advocacy groups and laws in different countries each have their own definition of informational privacy is a big problem.
We’ve mentioned three major laws that promise to protect informational privacy: HIPAA, CCPA and GDPR. The problem with these laws is that they don’t do enough to precisely define what informational privacy means. Instead, they recommend fair information practices that businesses should follow with regards to the data they collect and sell.
Moreover, these laws also focus more on the rights of online users and online companies rather than defining informational privacy. Since these three laws originated in different places, they don’t exactly match when it comes to informational privacy.
There’s little doubt that the GDPR (General Data Protection Regulation) in the EU has the largest scope and most complete legislation on issues such as informational privacy. Some established publishers have called GDPR a confusing mess when it comes to talking about informational privacy. Generally speaking, it grants a number of rights that may or may not enhance informational privacy depending on how much online users know about the law itself and how informational privacy works.
Then there’s the fact that businesses in the U.S. have got it worse than pretty much any other country’s companies since they have to comply with both CCPA and GDPR.
As mentioned before, both CCPA and GDPR handle informational privacy well but they define data and the fair use of it differently.
CCPA protects people living in California by giving them the rights to block companies from selling their data while GDPR stays away from this issue. GDPR requires companies to have some legal basis for processing data. CCPA doesn’t require companies to justify their data processing or collecting practices.
GDPR considers genetic data and biometric data as two types of customer data in the healthcare center while CCPA uses a single term “personal information” for both. Both have different ways of giving out fines to companies and qualifying companies for compliance. Both use different mechanisms for ensuring companies don’t invade informational privacy.
All of this is because both define data privacy or informational privacy differently and legislate for it differently. Both use terms like “reasonable” a lot and both have different meanings for what type of invasion of informational privacy is “reasonable.”
What Is the Privacy of Personal Information?
As mentioned throughout this piece, the privacy of personal information means that companies should take care when they collect personal information on their users and not invade their privacy more than necessary.
Privacy of personal information doesn’t just apply to Google or the data that YouTube or Facebook has on you but also to your medical records, criminal records, financial records, website data and any related private information.
This is especially true if criminals are able to access this data. Another concern is that people may become more hesitant to provide complete and accurate information when setting up accounts.
What Is the Focus of Informational Privacy?
The main focus of informational privacy is the establishment of proper rules and regulations that sufficiently govern the collection of consumer data. It also deals with how entities handle and transfer personal data including credit card information, government records, revealing medical data and other information.
Personal Data Privacy and Data Protection Does Not Have To Undermine Data Mining
Information technology has had a huge impact on informational privacy. From recent developments in the field of information technology itself to the progression of the internet and the rise and decline of social media platforms, it’s clear that the future of informational privacy is bleak. Pushing it further in the negative direction is the use of the Internet of Things and mobile devices by governments to spy on their citizens. Add to that government surveillance programs and e-governance initiatives and it’s clear that governments and technology companies have few incentives to change how they handle informational privacy.
Readers should understand that information technology doesn’t just affect privacy but many other aspects of our daily lives. How do social networks affect friendships? How do electronic elections affect the verification process? Information technology doesn’t just affect privacy but a lot of other values as well.