In this paper, I defend what I call the ‘Inference Principle’. This principle holds that if an agent obtains some information legitimately, then the agent can make any inference she wants based on the information, without violating anyone’s right to privacy. This principle is interesting for at least three reasons. First, it constitutes a novel answer to the timely question of whether the widespread use of ‘data analytics’ to infer personal information about individuals is morally permissible. Second, it contradicts what (...) seems to be a common view of inferences’ ability to violate privacy rights. Third, it offers an account of the theoretically underdeveloped issue of what duties are engendered by the moral right to privacy with regard to inferred information. (shrink)

This paper presents an account of the right to privacy that is inspired by classic control views on this right and recent developments in moral psychology. The core idea is that the right to privacy is the right that others not make personal information about us flow unless this flow is an expression of and does not conflict with our deep self. The nature of the deep self will be spelled out in terms of stable intrinsic desires. The paper argues (...) that this view has advantages over alternative accounts of the right to privacy, that it is extensionally adequate in interesting test cases, that there is a good reason to think that the right to privacy, thus understood, can be justified, and that this view helps identify what kind of information is protected by the right to privacy. (shrink)

In this paper, we defend what we call the ‘Hybrid View’ of privacy. According to this view, an individual has privacy if, and only if, no one else forms an epistemically warranted belief about the individual’s personal matters, nor perceives them. We contrast the Hybrid View with what seems to be the most common view of what it means to access someone’s personal matters, namely the Belief-Based View. We offer a range of examples that demonstrate why the Hybrid View is (...) more plausible than the Belief-Based View. Finally, we show how the Hybrid View generates a more plausible fit between the concept of privacy, and the concept of a (morally objectionable) violation of privacy. (shrink)

The recent decades have seen established liberal democracies expand their surveillance capacities on a massive scale. This article explores what is problematic about government surveillance by democracies. It proceeds by distinguishing three potential sources of concern: the concern that governments diminish citizens’ privacy by collecting their data, the concern that they diminish their privacy by accessing their data, and the concern that the collected data may be used for objectionable purposes. Discussing the meaning and value of privacy, the article argues (...) that only the latter two constitute compelling independent concerns. It then focuses particularly on the third concern, exploring the risk of government surveillance being used to enforce illegitimate laws. It discusses three legitimacy-related reasons why we should be worried about the expansion of surveillance capacities in established democracies: Even established democracies might decay. There is a risk that surveillance capacities that are used for democratically legitimated purposes today will be used for poorly legitimated purposes in the future. Surveillance may be used to enforce laws that lack legitimacy due to the disproportionate punishment attached to their violation. The democratic procedures in established democracies fail to conform to the requirements formulated by mainstream theories of democratic legitimacy. Surveillance is thus used to enforce laws whose legitimacy is in doubt. (shrink)

In this paper, I offer an indirect argument for the Access Theory of privacy. First, I develop a new version of the rival Control Theory that is immune to all the classic objections against it. Second, I show that this new version of the Control Theory collapses into the Access Theory. I call the new version the ‘Negative Control Account’. Roughly speaking, the classic Control Theory holds that you have privacy if, and only if, you can control whether other people (...) know personal information about you. Critics of the Control Theory often give counterexamples, where privacy is either not diminished even though the claimant has lost control, or where privacy is diminished even though the claimant is in control. I argue that none of these alleged counterexamples work against the Negative Control Account. However, this is not a victory for the control theorist, because the Negative Control Account collapses into the Access Theory. The paper thus adds to the recent trend in the literature of favoring the Access Theory over the Control Theory. (shrink)

Recently, Jakob Thraine Mainz and Rasmus Uhrenfeldt defended a control-based conception of a moral right to privacy —focusing on conceptualizing necessary and jointly sufficient conditions for a privacy right violation. This reply comments on a number of mistakes they make, which have long reverberated through the debate on the conceptions of privacy and the right to privacy and therefore deserve to be corrected. Moreover, the reply provides a sketch of a general response for defending the limited access conception of the (...) right to privacy against control-based intuitions. (shrink)

Over the years, several counterexamples arguably establish the limits of control-based conceptions of privacy and the right to privacy. Some of these counterexamples focus only on privacy, while the control-based conception of the right to privacy is rejected because of conceptual consistency between privacy and the right to privacy. Yet, these counterexamples do not deny the intuitions of control-based conceptions of the right to privacy. This raises the question whether conceptual consistency is more important than intuitions in determining the right (...) way to conceptualize the right to privacy. This article aims to show how the major alternative to control-based conceptions of the right privacy—that is, limited access—can be modified to make sense of, and provide alternative explanations for, these control-based intuitions. (shrink)

The impact of artificial intelligence (AI) is not only global but globally varied. Yet, AI ethics is all too often overly localised. This paper discusses the potential of a global AI ethics, highlighting several important variables that it should take into account if it is to be as successful an enterprise as it needs to be.

Mainz and Uhrenfeldt have recently claimed that a violation of the right to privacy can be defined successfully under reliance on the notion of ‘Negative Control’. In this reply, I show that ‘Negative Control’ is unrelated to privacy right violations. It follows that control theorists have yet to put forth a successful normative account of privacy.

Often, when we share information about ourselves, we contribute to people learning personal things about others. This may happen because what we share about ourselves can be used to infer personal information about others. Such dependencies have become known as privacy dependencies in the literature. It is sometimes claimed that the scope of the right to privacy should be expanded in light of such dependencies. For example, some have argued that inferring information about others can violate their right to privacy. (...) Others have argued that sharing personal information about yourself that license such inferences can by itself violate the right to privacy. In this paper, we argue that the latter view should be rejected. (shrink)

Lauritz Munch and Björn Lundgren have recently replied to a paper published by us in this journal. In our original paper, we defended a novel version of the so-called ‘control theory’ of the moral right to privacy. We argued that control theorists should define ‘control’ as what we coined ‘Negative Control’. Munch and Lundgren have recently provided a range of interesting and challenging objections to our view. Independently of each other, they give almost identical counterexamples to our definition of Negative (...) Control. In this comment, we show that while the counterexamples are genuine counterexamples, they do not force us to abandon the idea of Negative Control. Furthermore, we reply to two additional objections raised by Lundgren. One of these replies involves giving a new account of what the relation is between the concept of privacy and the right to privacy. (shrink)

This dissertation consists of five chapters, each written as independent research papers that are unified by an overarching concern regarding information privacy and machine learning-based artificial intelligence (AI). This dissertation addresses the issues concerning privacy and AI by responding to the following three main research questions (RQs): RQ1. ‘How does an AI system affect privacy?’; RQ2. ‘How effectively does the General Data Protection Regulation (GDPR) assess and address privacy issues concerning both individuals and groups?’; and RQ3. ‘How can the value (...) of privacy be embedded into systems?’ -/- To respond to the RQs, this dissertation adopts the privacy impact assessment (PIA) as the overall methodology. A PIA encompasses three distinct stages; the first, the analytical stage, concerns the analysis of how AI (particularly focusing on inference as a process that includes inferred information, AI models’ performance, and accessing information uncovered by AI models) impacts privacy. Second, the legal assessment stage concerns whether AI that processes personal information and develops models complies with the GDPR. Finally, the design requirements stage features proposals for design requirements for systems aimed at protecting privacy. Accordingly, this dissertation is structured in three parts, each corresponding to a specific stage of a PIA and responding to one of the RQs. -/- Part I, which addresses the first stage of the PIA, comprises three chapters that altogether respond to RQ1. Chapter 2 analyses how AI impacts the descriptive aspect of privacy; this part argues that AI challenges the current definitions of privacy and that the ‘source control’ and ‘actual access’ definitions of privacy, once revised in the face of counter-examples involving inferred information, converge. Chapter 3, which considers how AI impacts the normative aspect of privacy, particularly the value of privacy, argues that AI affects the social value of privacy, which depends on trust, as this dimension of privacy is constituted when AI models perform accurately. Chapter 4 examines how AI impacts the normative aspect of privacy, particularly the right to privacy, and it argues that, although accessing information uncovered by AI models raises concerns about the privacy of algorithmically designed groups, the right to privacy cannot be recognised for such groups. This is the disruptive feature of AI that has led to consideration of new approaches other than the traditional one, which involves recognising the right to privacy, to protect the privacy of these groups. Instead of recognising the right to privacy for algorithmically designed groups, this chapter suggests taking a moral principle for the moral obligation of protecting vulnerable groups within an ethics of vulnerability. -/- Part II concerns the second stage of the PIA and consists of one chapter that responds to RQ2. Chapter 5, in addition to evaluating whether AI that processes personal information and develops models complies with the GDPR, also assesses whether the GDPR adequately addresses the privacy issues raised by AI. It specifically focuses on group privacy and argues that GDPR has limitations in protecting the privacy of algorithmically designed groups and that the privacy of such vulnerable entities must be considered in the context of privacy and data protection. -/- Part III, which is related to the third stage of the PIA, also consists of one chapter that responds to RQ3. Chapter 6 proposes design requirements to protect privacy by integrating privacy into systems and argues that privacy is instrumentally valuable for the sake of autonomy. Accordingly, to embed the value of privacy into systems, design requirements are articulated through the translation of norms that promote and protect autonomy. (shrink)