Conceptions of Privacy

The right to privacy extends only to information through which the persons concerned are identifiable. This assumption is widely shared in law and in philosophical debate; it also guides the handling of personal data, for example, in medicine. However, this essay argues that the dissemination of anonymous information can also constitute a violation of privacy. This conclusion arises from two theses: (1) From the perspective of the affected person, judgments by others about anonymous information refer to its originator, even if (...) outsiders do not know who it is; (2) Our self-understanding is co-constituted by the judgment of others about us. This is a consequence of our social nature. There are certain areas of our lives that we do not want to expose to the gaze of others for our own sake. Therefore, the unauthorized dissemination of information concerning these areas can violate our privacy even if they are anonymous. While the question of the extent of privacy poses a general problem, there are reasons to discuss it in the context of digital medicine. (shrink)

This paper presents an account of the right to privacy that is inspired by classic control views on this right and recent developments in moral psychology. The core idea is that the right to privacy is the right that others not make personal information about us flow unless this flow is an expression of and does not conflict with our deep self. The nature of the deep self will be spelled out in terms of stable intrinsic desires. The paper argues (...) that this view has advantages over alternative accounts of the right to privacy, that it is extensionally adequate in interesting test cases, that there is a good reason to think that the right to privacy, thus understood, can be justified, and that this view helps identify what kind of information is protected by the right to privacy. (shrink)

Differential privacy (DP) aims to confer data processing systems with inherent privacy guarantees, offering strong protections for personal data. But DP’s approach to privacy carries with it certain assumptions about how mathematical abstractions will be translated into real-world systems, which—if left unexamined and unrealized in practice—could function to shield data collectors from liability and criticism, rather than substantively protect data subjects from privacy harms. This article investigates these assumptions and discusses their implications for using DP to govern data-driven systems. In (...) Parts 1 and 2, we introduce DP as, on one hand, a mathematical framework and, on the other hand, a kind of real-world sociotechnical system, using a hypothetical case study to illustrate how the two can diverge. In Parts 3 and 4, we discuss the way DP frames privacy loss, data processing interventions, and data subject participation, arguing it could exacerbate existing problems in privacy regulation. In part 5, we conclude with a discussion of DP’s potential interactions with the endogeneity of privacy law, and we propose principles for best governing DP systems. In making such assumptions and their consequences explicit, we hope to help DP succeed at realizing its promise for better substantive privacy protections. (shrink)