The dominant approach in privacy theory defines information privacy as some form of control over personal information. In this essay, I argue that the control approach is mistaken, but for different reasons than those offered by its other critics. I claim that information privacy involves the drawing of epistemic boundaries—boundaries between what others should and shouldn’t know about us. While controlling what information others have about us is one strategy we use to draw (...) such boundaries, it is not the only one. We conceal information about ourselves and we reveal it. And since the meaning of information is not self-evident, we also work to shape how others contextualize and interpret the information about us that they have. Information privacy is thus about more than controlling information; it involves the constant work of producing and managing public identities, what I call “social self- authorship.” In the second part of the essay, I argue that thinking about information privacy in terms of social self- authorship helps us see ways that information technology threatens privacy, which the control approach misses. Namely, information technology makes social self- authorship invisible and unnecessary, by making it difficult for us to know when others are forming impressions about us, and by providing them with tools for making assumptions about who we are which obviate the need for our involvement in the process. (shrink)

The paper outlines a new interpretation of informational privacy and of its moral value. The main theses defended are: (a) informational privacy is a function of the ontological friction in the infosphere, that is, of the forces that oppose the information flow within the space of information; (b) digital ICTs (information and communication technologies) affect the ontological friction by changing the nature of the infosphere (re-ontologization); (c) digital ICTs can therefore both decrease and protect informational (...) privacy but, most importantly, they can also alter its nature and hence our understanding and appreciation of it; (d) a change in our ontological perspective, brought about by digital ICTs, suggests considering each person as being constituted by his or her information and hence regarding a breach of one’s informational privacy as a form of aggression towards one’s personal identity. (shrink)

The article provides an outline of the ontological interpretation of informational privacy based on information ethics. It is part of a larger project of research, in which I have developed the foundations of ideas presented here and their consequences. As an outline, it is meant to be self-sufficient and to provide enough information to enable the reader to assess how the approach fares with respect to other alternatives. However, those interested in a more detailed analysis, and especially (...) in the reasons offered in its favour, may wish to consult the other articles as well. (shrink)

In this article, I summarise the ontological theory of informational privacy (an approach based on information ethics) and then discuss four types of interesting challenges confronting any theory of informational privacy: (1) parochial ontologies and non-Western approaches to informational privacy; (2) individualism and the anthropology of informational privacy; (3) the scope and limits of informational privacy; and (4) public, passive and active informational privacy. I argue that the ontological theory of informational privacy (...) can cope with such challenges fairly successfully. In the conclusion, I discuss some of the work that lies ahead. (shrink)

Following the recent practice turn in privacy research, informational privacy is increasingly analyzed with regard to the “appropriate flow of information” within a given practice, which preserves the “contextual integrity” of that practice (Nissenbaum, 2010, p. 149; 2015). Such a practice-theoretical take on privacy emphasizes the normative structure of practices as well as its structural injustices and power asymmetries, rather than focusing on the intentions and moral considerations of individual or institutional actors. Since privacy norms (...) are seen to be institutionalized via the role obligations of the practice's participants, this approach can analyze structural and systematic privacy infringements in terms of “defective role performances and defective social relations” (Roessler & Mokrosinska, 2013, p. 780). -/- Unfortunately, it is still often somewhat unclear what this exactly means within the context of informational privacy, why these performances and relations are defective and for whom. This raises the common objection of a so-called “practice positivism” (Applbaum, 1999, p. 51), that is, the difficulty of practice–theoretical accounts to take a practice-independent standpoint, from which to normatively evaluate the existing practice norms themselves. For example, Nissenbaum herself initially argues for a “presumption in favor of the status quo” with respect to the appropriateness and flow of privacy norms within a practice (Nissenbaum, 2004, p. 127). Such a “practice conservatism” (Nissenbaum, 2010, p. 169) comes dangerously close to committing a naturalistic fallacy, if not undergirded by practice-external criteria (which is ultimately what she does). -/- Merely resorting to existing practice norms to assess what defective role performances amount to, only shifts the question from how to recognize an appropriate flow of information to the question of how to recognize those defective role performances and social relations. Against this backdrop, the central aim of this article is to shed light on this question without resorting to practice-independent first principles or far-reaching universalistic anthropological assumptions. For this, I will analyze the notion of “defective role performances and social relations” in terms of social pathologies.1 Doing so has two advantages: First of all, it can draw on already existing concepts and distinctions, which help to categorize the different levels of analysis that exist in informational privacy research and situate the notion of “defective role performances” within them (Section 1). Second, those concepts and distinctions can serve as a basis for establishing a typology of phenomena with regard to deficient practices of informational privacy (Section 4). (shrink)

In recent years, educational institutions have started using the tools of commercial data analytics in higher education. By gathering information about students as they navigate campus information systems, learning analytics “uses analytic techniques to help target instructional, curricular, and support resources” to examine student learning behaviors and change students’ learning environments. As a result, the information educators and educational institutions have at their disposal is no longer demarcated by course content and assessments, and old boundaries between (...) class='Hi'>information used for assessment and information about how students live and work are blurring. Our goal in this paper is to provide a systematic discussion of the ways in which privacy and learning analytics conflict and to provide a framework for understanding those conflicts. -/- We argue that there are five crucial issues about student privacy that we must address in order to ensure that whatever the laudable goals and gains of learning analytics, they are commensurate with respecting students’ privacy and associated rights, including (but not limited to) autonomy interests. First, we argue that we must distinguish among different entities with respect to whom students have, or lack, privacy. Second, we argue that we need clear criteria for what information may justifiably be collected in the name of learning analytics. Third, we need to address whether purported consequences of learning analytics (e.g., better learning outcomes) are justified and what the distributions of those consequences are. Fourth, we argue that regardless of how robust the benefits of learning analytics turn out to be, students have important autonomy interests in how information about them is collected. Finally, we argue that it is an open question whether the goods that justify higher education are advanced by learning analytics, or whether collection of information actually runs counter to those goods. (shrink)

The human mind is constituted by inner, subjective, private, first-person conscious experiences that cannot be measured with physical devices or observed from an external, objective, public, third-person perspective. The qualitative, phenomenal nature of conscious experiences also cannot be communicated to others in the form of a message composed of classical bits of information. Because in a classical world everything physical is observable and communicable, it is a daunting task to explain how an empirically unobservable, incommunicable consciousness could have any (...) physical substrates such as neurons composed of biochemical molecules, water, and electrolytes. The challenges encountered by classical physics are exemplified by a number of thought experiments including the inverted qualia argument, the private language argument, the beetle in the box argument and the knowledge argument. These thought experiments, however, do not imply that our consciousness is nonphysical and our introspective conscious testimonies are untrustworthy. The principles of classical physics have been superseded by modern quantum physics, which contains two fundamentally different kinds of physical objects: unobservable quantum state vectors, which define what physically exists, and quantum operators (observables), which define what can physically be observed. Identifying consciousness with the unobservable quantum information contained by quantum physical brain states allows for application of quantum information theorems to resolve possible paradoxes created by the inner privacy of conscious experiences, and explains how the observable brain is constructed by accessible bits of classical information that are bound by Holevo's theorem and extracted from the physically existing quantum brain upon measurement with physical devices. (shrink)

The fact that Internet companies may record our personal data and track our online behavior for commercial or political purpose has emphasized aspects related to online privacy. This has also led to the development of search engines that promise no tracking and privacy. Search engines also have a major role in spreading low-quality health information such as that of anti-vaccine websites. This study investigates the relationship between search engines’ approach to privacy and the scientific quality of (...) the information they return. We analyzed the first 30 webpages returned searching “vaccines autism” in English, Spanish, Italian, and French. The results show that not only “alternative” search engines but also other commercial engines often return more anti-vaccine pages (10–53%) than Google (0%). Some localized versions of Google, however, returned more anti-vaccine webpages (up to 10%) than Google. Health information returned by search engines has an impact on public health and, specifically, in the acceptance of vaccines. The issue of information quality when seeking information for making health-related decisions also impact the ethical aspect represented by the right to an informed consent. Our study suggests that designing a search engine that is privacy savvy and avoids issues with filter bubbles that can result from user-tracking is necessary but insufficient; instead, mechanisms should be developed to test search engines from the perspective of information quality (particularly for health-related webpages) before they can be deemed trustworthy providers of public health information. (shrink)

Current technology and surveillance practices make behaviors traceable to persons in unprecedented ways. This causes a loss of anonymity and of many privacy measures relied on in the past. These de facto privacy losses are by many seen as problematic for individual psychology, intimate relations and democratic practices such as free speech and free assembly. I share most of these concerns but propose that an even more fundamental problem might be that our very ability to act as autonomous (...) and purposive agents relies on some degree of privacy, perhaps particularly as we act in public and semi-public spaces. I suggest that basic issues concerning action choices have been left largely unexplored, due to a series of problematic theoretical assumptions at the heart of privacy debates. One such assumption has to do with the influential conceptualization of privacy as pertaining to personal intimate facts belonging to a private sphere as opposed to a public sphere of public facts. As Helen Nissenbaum has pointed out, the notion of privacy in public sounds almost like an oxymoron given this traditional private-public dichotomy. I discuss her important attempt to defend privacy in public through her concept of ‘contextual integrity.’ Context is crucial, but Nissenbaum’s descriptive notion of existing norms seems to fall short of a solution. I here agree with Joel Reidenberg’s recent worries regarding any approach that relies on ‘reasonable expectations’ . The problem is that in many current contexts we have no such expectations. Our contexts have already lost their integrity, so to speak. By way of a functional and more biologically inspired account, I analyze the relational and contextual dynamics of both privacy needs and harms. Through an understanding of action choice as situated and options and capabilities as relational, a more consequence-oriented notion of privacy begins to appear. I suggest that privacy needs, harms and protections are relational. Privacy might have less to do with seclusion and absolute transactional control than hitherto thought. It might instead hinge on capacities to limit the social consequences of our actions through knowing and shaping our perceptible agency and social contexts of action. To act with intent we generally need the ability to conceal during exposure. If this analysis is correct then relational privacy is an important condition for autonomic purposive and responsible agency—particularly in public space. Overall, this chapter offers a first stab at a reconceptualization of our privacy needs as relational to contexts of action. In terms of ‘rights to privacy’ this means that we should expand our view from the regulation and protection of the information of individuals to questions of the kind of contexts we are creating. I am here particularly interested in what I call ‘unbounded contexts’, i.e. cases of context collapses, hidden audiences and even unknowable future agents. (shrink)

Philosophers have focused on why privacy is of value to innocent people with nothing to hide. I argue that for people who do have something to hide, such as a past crime, or bad behavior in a public place, informational privacy can be important for avoiding undeserved or disproportionate non-legal punishment. Against the objection that one cannot expect privacy in public facts, I argue that I might have a legitimate privacy interest in public facts that are (...) not readily accessible, or in details of a public fact that implicate my dignity, or in not having a public fact memorialized and spread to more people than I willingly exposed myself to. (shrink)

Personal Information Management Systems (PIMS) aim to facilitate the sharing of personal information and protect privacy. Efforts to enhance privacy management, aligned with established privacy policies, have led to guidelines for integrating transparent notices and meaningful choices within these systems. Although discussions have revolved around the design of privacy-friendly systems that comply with legal requirements, there has been relatively limited philosophical discourse on incorporating the value of privacy into these systems. Exploring the connection (...) between privacy and personal autonomy illuminates the instrumental value of privacy and highlights the importance of intentionally embedding the value of privacy into these systems. To translate the value of privacy into concrete design requirements, this study constructs a values hierarchy consisting of values, norms, and design requirements. After analyzing the relationships between privacy and autonomy and identifying norms, the design requirements translated from the norms associated with the components of personal autonomy are specified at the lowest layer. These requirements include a design to prevent unauthorized access and dark patterns and to provide effective and efficient notices and choices. The findings contribute to expanding the requirements for designing the aspect of privacy as a legal requirement to incorporate the value of privacy into systems. (shrink)

At the beginning of the COVID-19 pandemic, high hopes were placed on digital contact tracing. Digital contact tracing apps can now be downloaded in many countries, but as further waves of COVID-19 tear through much of the northern hemisphere, these apps are playing a less important role in interrupting chains of infection than anticipated. We argue that one of the reasons for this is that most countries have opted for decentralised apps, which cannot provide a means of rapidly informing users (...) of likely infections while avoiding too many false positive reports. Centralised apps, in contrast, have the potential to do this. But policy making was influenced by public debates about the right app configuration, which have tended to focus heavily on privacy, and are driven by the assumption that decentralised apps are “privacy preserving by design”. We show that both types of apps are in fact vulnerable to privacy breaches, and, drawing on principles from safety engineering and risk analysis, compare the risks of centralised and decentralised systems along two dimensions, namely the probability of possible breaches and their severity. We conclude that a centralised app may in fact minimise overall ethical risk, and contend that we must reassess our approach to digital contact tracing, and should, more generally, be cautious about a myopic focus on privacy when conducting ethical assessments of data technologies. (shrink)

In this chapter I identify three problems affecting the plausibility of group privacy and argue in favour of their resolution. The first problem concerns the nature of the groups in question. I shall argue that groups are neither discovered nor invented, but designed by the level of abstraction (LoA) at which a specific analysis of a social system is developed. Their design is therefore justified insofar as the purpose, guiding the choice of the LoA, is justified. This should remove (...) the objection that groups cannot have a right to privacy because groups are mere artefacts (there are no groups, only individuals) or that, even if there are groups, it is too difficult to deal with them. The second problem concerns the possibility of attributing rights to groups. I shall argue that the same logic of attribution of a right to individuals may be used to attribute a right to a group, provided one modifies the LoA and now treats the whole group itself as an individual. This should remove the objection that, even if groups exist and are manageable, they cannot be treated as holders of rights. The third problem concerns the possibility of attributing a right to privacy to groups. I shall argue that sometimes it is the group and only the group, not its members, that is correctly identified as the correct holder of a right to privacy. This should remove the objection that privacy, as a group right, is a right held not by a group as a group but rather by the group’s members severally. The solutions of the three problems supports the thesis that an interpretation of privacy in terms of a protection of the information that constitutes an individual—both in terms of a single person and in terms of a group—is better suited than other interpretations to make sense of group privacy. (shrink)

Throughout the 20th century, market capitalism was defended on parallel grounds. First, it promotes freedom by enabling individuals to exploit their own property and labor-power; second, it facilitates an efficient allocation and use of resources. Recently, however, both defenses have begun to unravel—as capitalism has moved into its “platform” phase. Today, the pursuit of allocative efficiency, bolstered by pervasive data surveillance, often undermines individual freedom rather than promoting it. And more fundamentally, the very idea that markets are necessary to achieve (...) allocative efficiency has come under strain. Even supposing, for argument’s sake, that the claim was true in the early 20th century when von Mises and Hayek pioneered it, advances in computing have rekindled the old “socialist calculation” debate. And this time around, markets—as information technology—are unlikely to have the upper hand. -/- All of this, we argue, raises an important set of governance questions regarding the political economy of the future. We focus on two: How much should our economic system prioritize freedom, and to what extent should it rely on markets? The arc of platform capitalism bends, increasingly, toward a system that neither prioritizes freedom nor relies on markets. And the dominant critical response, exemplified by Shoshana Zuboff’s work, has been to call for a restoration of market capitalism. Longer term, however, we believe it would be more productive to think about how “postmarket” economic arrangements might promote freedom—or better yet, autonomy—even more effectively than markets, and to determine the practical steps necessary to realize that possibility. (shrink)

Many attempts to define privacy have been made over the last century. Early definitions and theories of privacy had little to do with the concept of information and, when they did, only in an informal sense. With the advent of information technology, the question of a precise and universally acceptable definition of privacy in this new domain became an urgent issue as legal and business problems regarding privacy started to accrue. In this paper, I (...) propose a definition of informational privacy that is simple, yet strongly tied with the concepts of information and property. Privacy thus defined is similar to intellectual property and should receive commensurate legal protection. (shrink)

This essay critically examines some classic philosophical and legal theories of privacy, organized into four categories: the nonintrusion, seclusion, limitation, and control theories of privacy. Although each theory includes one or more important insights regarding the concept of privacy, I argue that each falls short of providing an adequate account of privacy. I then examine and defend a theory of privacy that incorporates elements of the classic theories into one unified theory: the Restricted Access/Limited Control (...) (RALC) theory of privacy. Using an example involving data-mining technology on the Internet, I show how RALC can help us to frame an online privacy policy that is sufficiently comprehensive in scope to address a wide range of privacy concerns that arise in connection with computers and information technology. (shrink)

Technological advances are bringing new light to privacy issues and changing the reasons for why privacy is important. These advances have changed not only the kind of personal data that is available to be collected, but also how that personal data can be used by those who have access to it. We are particularly concerned with how information about personal attributes inferred from collected data (such as online behaviour), can be used to tailor messages and services to (...) specific individuals or groups. This kind of ‘personalised targeting’ has the potential to influence individuals’ perceptions, attitudes, and choices in unprecedented ways. In this paper, we argue that because it is becoming easier for companies to use collected data for influence, threats to privacy are increasingly also threats to personal autonomy—an individual’s ability to reflect on and decide freely about their values, actions, and behaviour, and to act on those choices.4 While increasing attention is directed to the ethics of how personal data is collected, we make the case that a new ethics of privacy needs to also think more rigorously about how personal data may be used, and its potential impact on personal autonomy. (shrink)

An issue about the privacy of the clustered groups designed by algorithms arises when attempts are made to access certain pieces of information about those groups that would likely be used to harm them. Therefore, limitations must be imposed regarding accessing such information about clustered groups. In the discourse on group privacy, it is argued that the right to privacy of such groups should be recognised to respect group privacy, protecting clustered groups against discrimination. (...) According to this viewpoint, this right places a duty on others, for example, private companies, institutions, and governments, to refrain from accessing such information. To defend the idea that the right to privacy should be recognised for clustered groups, at least two requirements must be satisfied. First, clustered group privacy must be conceived of as either a collective good or a participatory good. Since these forms of good are of the type from which no member of a group can be excluded from benefiting, the right to them is defined as a group right. Second, there must be group interests on which to base a group right. Group interests can be either the interests of those members that are a result of their being in the group or the interests of the group as a whole that transcend the interests of its members. However, this paper argues that clustered group privacy cannot be conceived of as either a collective or a participatory good because it is possible for some individuals to be excluded from benefiting from it. Furthermore, due to the lack of awareness among individuals that they are members of a clustered group and the nature of a clustered group itself, such groups cannot have the group interests necessary to establish a group right. Hence, the group right to privacy cannot be recognised for these groups, implying that the group right cannot be considered a means to protect clustered groups against discrimination. Instead, this paper suggests that moral principles need to be articulated within an ethics of vulnerability to identify the moral obligations of protecting vulnerable clustered groups. The duty owed to the vulnerable should involve refraining from accessing certain information about clustered groups in specific contexts. This duty is not engendered by the right to privacy of such groups; it is the duty owed to the vulnerable. The findings highlight the need to articulate moral principles regarding privacy and data protection to protect clustered groups in contexts in which accessing information about them could constitute a reason for discriminatory targeting. (shrink)

If I decide to disclose information about myself, this act can undermine other people’s ability to effectively conceal information about themselves. One case in point involves genetic information: if I share ‘my’ genetic information with others, I thereby also reveal genetic information about my biological relatives. Such dependencies are well-known in the privacy literature and are often referred to as ‘privacy dependencies’. Some take the existence of privacy dependencies to generate a moral (...) duty to sometimes avoid sharing information about oneself. If true, we argue, then it is sometimes justified for others to impose harm on the person sharing the information to prevent them from doing so. This is a highly revisionary implication. Hence, one must either endorse a highly revisionary view on what one may do to protect one’s privacy, or one must reject the view that privacy dependencies can be used to justify a moral duty that constrains choices about sharing information about oneself. (shrink)

In light of technology that may reveal the content of a person’s innermost thoughts, I address the question of whether there is a right to ‘brain privacy’—a right not to have one’s inner thoughts revealed to others–even if exposing these thoughts might be beneficial to society. I draw on a conception of privacy as the ability to control who has access to information about oneself and to an account that connects one’s interest in privacy to one’s (...) interests in autonomy and associated reputational interests, and preserving one’s dignity. Focusing on the controversial case of Gilberto Valle, known as the ‘cannibal cop’, who faced legal punishment and moral reproach for deeply disturbing thoughts of doing violence to women, thoughts he claimed were mere fantasies, I argue that Valle has a right to brain privacy if he has a legitimate privacy interest that is not outweighed by competing societal interests in avoiding harm. Our weighing of competing privacy and societal interests will depend on the magnitude of the privacy interests in autonomy and dignity, and on how reliable the technology used to expose inner thoughts is in predicting future harmful behavior and identifying true threats. (shrink)

Must privacy and freedom of expression conflict? To witness recent debates in Britain, you might think so. Anything other than self-regulation by the press is met by howls of anguish from journalists across the political spectrum, to the effect that efforts to protect people’s privacy will threaten press freedom, promote self-censorship and prevent the press from fulfilling its vital function of informing the public and keeping a watchful eye on the activities and antics of the powerful.[Brown, 2009, 13 (...) January]1 Effective protections for privacy, from such a perspective, inevitably pose a threat to democratic government via the constraints that they place on the press. Such concerns with privacy must be taken seriously by anyone who cares about democratic government, and the freedom, equality and wellbeing of individuals. But if it is one thing to say that privacy and freedom of expression cannot always be fully protected, it is another to suppose that protections for the one must always come at the expense of the other. After all, the economics of contemporary politics and journalism would seem to be partly responsible for our difficulties in protecting personal privacy while sustaining robust and informative forms of public discourse. [Moore, 2010, 10 -141]2 Most newspapers are loss-making businesses and the need to reduce those losses and, if possible, to turn a profit, make investigative journalism an increasingly expensive proposition as compared to both “comment” and more or less elevated forms of gossip. At the same time, politics has increasingly become the prerogative of a narrow group of people with access to the large sums of money necessary successfully to compete for high office. In those circumstances, the need for critical scrutiny is as important as it is difficult. Revising our ideas about privacy and its protection cannot alone reduce the tensions between freedom of expression and personal privacy typical of our societies, necessary though such revision may be. Moreover, this paper can only touch on some aspects of the ways in which we need to rethink our interests in privacy, in order adequately to reflect people’s diverse interests in freedom of expression, and the important role of a free press to democratic government. Nonetheless, I hope to suggest ways of thinking about people’s claims to privacy which can be generalised fairly readily, and can help us to think constructively about the nature, causes and solutions to some important social and political problems, even if, in its nature, philosophical analysis rarely tells us what to do. More specifically, this paper argues that people are entitled to keep some true facts about themselves to themselves, should they so wish, as a sign of respect for their moral and political status, and in order to protect themselves from being used as a public example in order to educate or to entertain other people. The “outing” - or non-consensual public disclosure - of people’s health records or status, or their sexual behaviour or orientation is usually unjustified, even when its consequences seem to be beneficial. Indeed, the paper claims, the reasons to reject outing, as inconsistent with democratic commitments to freedom and equality, are reasons to insist on the importance of privacy to freedom of expression. While a free press is of the utmost importance to democratic government, it is not identical with the free expression of individuals and, on occasion, the former may have to be constrained in order to protect the latter. [Barendt, 2007, 231]. Hence, the paper concludes, we should distinguish the claims of individuals to publish reports about their lives – even if this necessarily involves revealing the private lives of others – from journalistic claims to publish information about the sex lives of consenting adults. I will start by briefly situating my argument within a democratic approach to privacy, before using the “outing” of Oliver Sipple to examine people’s claims to privacy and their implications for freedom of expression and of the press. I will be assuming that some forms of privacy are legitimate, in order to focus more closely on the question of what information, if any, people may keep to themselves. (shrink)

this paper argues that people are entitled to keep some true facts about themselves to themselves, should they so wish, as a sign of respect for their moral and political status, and in order to protect themselves from being used as a public example in order to educate or to entertain other people. The “outing” - or non-consensual public disclosure - of people’s health records or status, or their sexual behaviour or orientation is usually unjustified, even when its consequences seem (...) to be beneficial. Indeed, the paper claims, the reasons to reject outing, as inconsistent with democratic commitments to freedom and equality, are reasons to insist on the importance of privacy to freedom of expression. While a free press is of the utmost importance to democratic government, it is not identical with the free expression of individuals and, on occasion, the former may have to be constrained in order to protect the latter. [Barendt, 2007, 231]. Hence, the paper concludes, we should distinguish the claims of individuals to publish reports about their lives – even if this necessarily involves revealing the private lives of others – from journalistic claims to publish information about the sex lives of consenting adults. I will start by briefly situating my argument within a democratic approach to privacy, before using the “outing” of Oliver Sipple to examine people’s claims to privacy and their implications for freedom of expression and of the press. I will be assuming that some forms of privacy are legitimate, in order to focus more closely on the question of what information, if any, people may keep to themselves. (shrink)

Unjustifiable assumptions about sex and gender roles, the untamable potency of maleness, and gynophobic notions about women's bodies inform and influence a broad range of policy-making institutions in this society. In December 2004, the U.S. Court of Appeals for the Sixth Circuit continued this ignoble cultural pastime when they decided Everson v. Michigan Department of Corrections. In this decision, the Everson Court accepted the Michigan Department of Correction's claim that “the very manhood” of male prison guards both threatens the safety (...) of female inmates and violates the women's “special sense of privacy in their genitals” and declared that sex-specific employment policies for prison guards is not impermissibly discriminatory. I believe that the Court's decision relies on unacceptable stereotypes about sex, gender and sexuality and it significantly undermines Title VII's power to end discriminatory employment practices. (shrink)

Disputes at the intersection of national security, surveillance, civil liberties, and transparency are nothing new, but they have become a particularly prominent part of public discourse in the years since the attacks on the World Trade Center in September 2001. This is in part due to the dramatic nature of those attacks, in part based on significant legal developments after the attacks (classifying persons as “enemy combatants” outside the scope of traditional Geneva protections, legal memos by White House counsel providing (...) rationale for torture, the USA Patriot Act), and in part because of the rapid development of communications and computing technologies that enable both greater connectivity among people and the greater ability to collect information about those connections. -/- One important way in which these questions intersect is in the controversy surrounding bulk collection of telephone metadata by the U.S. National Security Agency. The bulk metadata program (the “metadata program” or “program”) involved court orders under section 215 of the USA Patriot Act requiring telecommunications companies to provide records about all calls the companies handled and the creation of database that the NSA could search. The program was revealed to the general public in June 2013 as part of the large document leak by Edward Snowden, a former contractor for the NSA. -/- A fair amount has been written about section 215 and the bulk metadata program. Much of the commentary has focused on three discrete issues. First is whether the program is legal; that is, does the program comport with the language of the statute and is it consistent with Fourth Amendment protections against unreasonable searches and seizures? Second is whether the program infringes privacy rights; that is, does bulk metadata collection diminish individual privacy in a way that rises to the level that it infringes persons’ rights to privacy? Third is whether the secrecy of the program is inconsistent with democratic accountability. After all, people in the general public only became aware of the metadata program via the Snowden leaks; absent those leaks, there would have not likely been the sort of political backlash and investigation necessary to provide some kind of accountability. -/- In this chapter I argue that we need to look at these not as discrete questions, but as intersecting ones. The metadata program is not simply a legal problem (though it is one); it is not simply a privacy problem (though it is one); and it is not simply a secrecy problem (though it is one). Instead, the importance of the metadata program is the way in which these problems intersect and reinforce one another. Specifically, I will argue that the intersection of the questions undermines the value of rights, and that this is a deeper and more far-reaching moral problem than each of the component questions. (shrink)

Most people are completely oblivious to the danger that their medical data undergoes as soon as it goes out into the burgeoning world of big data. Medical data is financially valuable, and your sensitive data may be shared or sold by doctors, hospitals, clinical laboratories, and pharmacies—without your knowledge or consent. Medical data can also be found in your browsing history, the smartphone applications you use, data from wearables, your shopping list, and more. At best, data about your health might (...) end up in the hands of researchers on whose good will we depend to avoid abuses of power.2 Most likely, it will end up with data brokers who might sell it to a future employer, or an insurance company, or the government. At worst, your medical data may end up in the hands of criminals eager to commit extortion or identity theft. In addition to data harms related to exposure and discrimination, the collection of sensitive data by powerful corporations risks the creation of data monopolies that can dominate and condition access to health care. -/- This chapter aims to explore the challenge that big data brings to medical privacy. Section I offers a brief overview of the role of privacy in medical settings. I define privacy as having one’s personal information and one’s personal sensorial space (what I call autotopos) unaccessed. Section II discusses how the challenge of big data differs from other risks to medical privacy. Section III is about what can be done to minimise those risks. I argue that the most effective way of protecting people from suffering unfair medical consequences is by having a public universal healthcare system in which coverage is not influenced by personal data (e.g., genetic predisposition, exercise habits, eating habits, etc.). (shrink)

Civil liberty and privacy advocates have criticized the USA PATRIOT Act (Act) on numerous grounds since it was passed in the wake of the World Trade Center attacks in 2001. Two of the primary targets of those criticisms are the Act’s sneak-and-peek search provision, which allows law enforcement agents to conduct searches without informing the search’s subjects, and the business records provision, which allows agents to secretly subpoena a variety of information – most notoriously, library borrowing records. Without (...) attending to all of the ways that critics claim the Act burdens privacy, I examine whether those two controversial parts of the Act, the section 213 sneak-and-peak search and the section 215 business records gag-rule provisions, burden privacy as critics charge. I begin by describing the two provisions. Next, I explain why those provisions don’t burden privacy on standard philosophical accounts. Moreover, I argue that they need not conflict with the justifications for people’s claims to privacy, nor do they undermine the value of privacy on the standard accounts. However, rather than simply concluding that the sections don’t burden privacy, I argue that those provisions are problematic on the grounds that they undermine the value of whatever rights to privacy people have. Specifically, I argue that it is important to distinguish rights themselves from the value that those rights have to the rights-holders, and that an essential element of privacy rights having value is that privacy right-holders be able to tell the extent to which they actually have privacy. This element, which is justified by the right-holders’ autonomy interests, is harmed by the two provisions. (shrink)

One of the most prominent ethical concerns regarding emerging neurotechnologies is mental privacy. This is the idea that we should have control over access to our neural data and to the information about our mental processes and states that can be obtained by analyzing it. A key issue is whether this information needs more stringent protection than other kinds of personal information. I will articulate and support the view, underlying recent regulatory frameworks, that mental privacy (...) requires a special treatment because of its relation to relevant aspects of personal identity. It has been suggested that this approach could be supported by the idea that mental privacy constitutes a fundamental psychological dimension of privacy. The connection between this psychological view of privacy and identity can be traced back to Irwin Altman’s idea that privacy is an interpersonal boundary regulation process. However, it is not clear whether this notion of privacy can be associated with a conception of identity that is relevant in contemporary neuroethics. I will suggest that the narrative and relational approach to identity, a prominent view in recent ethical discussions of neurotechnology, lines up with key aspects of Altman’s proposal. I suggest that if mental privacy is an essential component of identity, the latter could be affected by technological mind-reading. (shrink)

Emergent technologies are undermining both decisional privacy (intimacy) and informational privacy. Regarding the former consider, e.g., technical intrusions on burglar alarms and telephone calls. Regarding the latter consider how routinely technologies enable intrusion into electronic data processing (EDP) in spite of government efforts to maintain control. These efforts are uneven among nations thus inviting selective choice of a data storage country. Deregulation of telecommunications and assigning operators First Amendment rights invites multiple efforts to profit from preferential treatment of (...) multiple competitors. (shrink)

In 2016, the European Parliament approved the General Data Protection Regulation (GDPR) whose core aim is the safeguarding of information privacy, and, by corollary, human dignity. Drawing on the field of philosophical anthropology, this paper analyses various interpretations of human dignity and human exceptionalism. It concludes that privacy is essential for humans to flourish and enable individuals to build a sense of self and the world.

Questions of privacy have become particularly salient in recent years due, in part, to information-gathering initiatives precipitated by the 2001 World Trade Center attacks, increasing power of surveillance and computing technologies, and massive data collection about individuals for commercial purposes. While privacy is not new to the philosophical and legal literature, there is much to say about the nature and value of privacy. My focus here is on the nature of informational privacy. I argue that (...) the predominant accounts of privacy are unsatisfactory and offer an alternative: for a person to have informational privacy is for there to be limits on the particularized judgments that others are able to reasonably make about that person. (shrink)

The 2010s were a golden age of information privacy research, but its policy accomplishments tell a mixed story. Despite significant progress on the development of privacy theory and compelling demonstrations of the need for privacy in practice, real achievements in privacy law and policy have been, at best, uneven. In this chapter, I outline three broad shifts in the way scholars (and, to some degree, advocates and policy makers) are approaching privacy and social media. (...) First, a change in emphasis from individual to structural approaches. Second, increasing attention to the political economy of privacy—especially the business models of information companies, such as social media platforms. And third, a deeper understanding of privacy’s role in a healthy digital public sphere. (shrink)

Today’s ethics of privacy is largely dedicated to defending personal information from big data technologies. This essay goes in the other direction; it considers the struggle to be lost, and explores two strategies for living after privacy is gone. First, total exposure embraces privacy’s decline, and then contributes to the process with transparency. All personal information is shared without reservation. The resulting ethics is explored through a big data version of Robert Nozick’s Experience Machine thought (...) experiment. Second, transient existence responds to privacy’s loss by ceaselessly generating new personal identities, which translates into constantly producing temporarily unviolated private information. The ethics is explored through Gilles Deleuze’s metaphysics of difference applied in linguistic terms to the formation of the self. Comparing the exposure and transience alternatives leads to the conclusion that today’s big data reality splits the traditional ethical link between authenticity and freedom. Exposure provides authenticity, but negates human freedom. Transience provides freedom, but disdains authenticity. (shrink)

The dominant legal and regulatory approach to protecting information privacy is a form of mandated disclosure commonly known as “notice-and-consent.” Many have criticized this approach, arguing that privacy decisions are too complicated, and privacy disclosures too convoluted, for individuals to make meaningful consent decisions about privacy choices—decisions that often require us to waive important rights. While I agree with these criticisms, I argue that they only meaningfully call into question the “consent” part of notice-and-consent, and (...) that they say little about the value of notice. We ought to decouple notice from consent, and imagine notice serving other normative ends besides readying people to make informed consent decisions. (shrink)

The potential to collect brain data more directly, with higher resolution, and in greater amounts has heightened worries about mental and brain privacy. In order to manage the risks to individuals posed by these privacy challenges, some have suggested codifying new privacy rights, including a right to “mental privacy.” In this paper, we consider these arguments and conclude that while neurotechnologies do raise significant privacy concerns, such concerns are—at least for now—no different from those raised (...) by other well-understood data collection technologies, such as gene sequencing tools and online surveillance. To better understand the privacy stakes of brain data, we suggest the use of a conceptual framework from information ethics, Helen Nissenbaum’s “contextual integrity” theory. To illustrate the importance of context, we examine neurotechnologies and the information flows they produce in three familiar contexts—healthcare and medical research, criminal justice, and consumer marketing. We argue that by emphasizing what is distinct about brain privacy issues, rather than what they share with other data privacy concerns, risks weakening broader efforts to enact more robust privacy law and policy. (shrink)

Today’s ethics of privacy is largely dedicated to defending personal information from big data technologies. This essay goes in the other direction; it considers the struggle to be lost, and explores two strategies for living after privacy is gone. First, total exposure embraces privacy’s decline, and then contributes to the process with transparency. All personal information is shared without reservation. The resulting ethics is explored through a big data version of Robert Nozick’s Experience Machine thought (...) experiment. Second, transient existence responds to privacy’s loss by ceaselessly generating new personal identities, which translates into constantly producing temporarily unviolated private information. The ethics is explored through Gilles Deleuze’s metaphysics of difference applied in linguistic terms to the formation of the self. Comparing the exposure and transience alternatives leads to the conclusion that today’s big data reality splits the traditional ethical link between authenticity and freedom. Exposure provides authenticity, but negates human freedom. Transience provides freedom, but disdains authenticity. (shrink)

Often, when we share information about ourselves, we contribute to people learning personal things about others. This may happen because what we share about ourselves can be used to infer personal information about others. Such dependencies have become known as privacy dependencies in the literature. It is sometimes claimed that the scope of the right to privacy should be expanded in light of such dependencies. For example, some have argued that inferring information about others can (...) violate their right to privacy. Others have argued that sharing personal information about yourself that license such inferences can by itself violate the right to privacy. In this paper, we argue that the latter view should be rejected. (shrink)

"Data mining is not an invasion of privacy because access to data is only by machines, not by people": this is the argument that is investigated here. The current importance of this problem is developed in a case study of data mining in the USA for counterterrorism and other surveillance purposes. After a clarification of the relevant nature of privacy, it is argued that access by machines cannot warrant the access to further information, since the analysis will (...) have to be made either by humans or by machines that understand. It concludes that the current data mining violates the right to privacy and should be subject to the standard legal constraints for access to private information by people. (shrink)

This paper offers a general theory of privacy, a theory that takes privacy to consist in being free from certain kinds of intrusions. On this understanding, privacy interests are distinct and distinguishable from those in solitude, anonymity, and property, for example, or from the fact that others possess, with neither consent nor permission, personal information about oneself. Privacy intrusions have both epistemic and psychological components, and can range in value from relatively trivial considerations to those (...) of profound consequence for an individual’s dignity, integrity, and autonomy. Thus while the focus of this theory is privacy per se— privacy as being free from certain kinds of intrusions—it has significant implications, discussed briefly, for what properly counts as the content of moral or legal rights to privacy. (shrink)

The brain is composed of electrically excitable neuronal networks regulated by the activity of voltage-gated ion channels. Further portraying the molecular composition of the brain, however, will not reveal anything remotely reminiscent of a feeling, a sensation or a conscious experience. In classical physics, addressing the mind–brain problem is a formidable task because no physical mechanism is able to explain how the brain generates the unobservable, inner psychological world of conscious experiences and how in turn those conscious experiences steer the (...) underlying brain processes toward desired behavior. Yet, this setback does not establish that consciousness is non-physical. Modern quantum physics affirms the interplay between two types of physical entities in Hilbert space: unobservable quantum states, which are vectors describing what exists in the physical world, and quantum observables, which are operators describing what can be observed in quantum measurements. Quantum no-go theorems further provide a framework for studying quantum brain dynamics, which has to be governed by a physically admissible Hamiltonian. Comprising consciousness of unobservable quantum information integrated in quantum brain states explains the origin of the inner privacy of conscious experiences and revisits the dynamic timescale of conscious processes to picosecond conformational transitions of neural biomolecules. The observable brain is then an objective construction created from classical bits of information, which are bound by Holevo’s theorem, and obtained through the measurement of quantum brain observables. Thus, quantum information theory clarifies the distinction between the unobservable mind and the observable brain, and supports a solid physical foundation for consciousness research. (shrink)

A standard account of privacy says that it is essentially a kind of control over personal information. Many privacy scholars have argued against this claim by relying on so-called threatened loss cases. In these cases, personal information about an agent is easily available to another person, but not accessed. Critics contend that control accounts have the implausible implication that the privacy of the relevant agent is diminished in threatened loss cases. Recently, threatened loss cases have (...) become important because Edward Snowden’s revelation of how the NSA and GCHQ collected Internet and mobile phone data presents us with a gigantic, real-life threatened loss case. In this paper, I will defend the control account of privacy against the argument that is based on threatened loss cases. I will do so by developing a new version of the control account that implies that the agents’ privacy is not diminished in threatened loss cases. (shrink)

In this paper, I offer an indirect argument for the Access Theory of privacy. First, I develop a new version of the rival Control Theory that is immune to all the classic objections against it. Second, I show that this new version of the Control Theory collapses into the Access Theory. I call the new version the ‘Negative Control Account’. Roughly speaking, the classic Control Theory holds that you have privacy if, and only if, you can control whether (...) other people know personal information about you. Critics of the Control Theory often give counterexamples, where privacy is either not diminished even though the claimant has lost control, or where privacy is diminished even though the claimant is in control. I argue that none of these alleged counterexamples work against the Negative Control Account. However, this is not a victory for the control theorist, because the Negative Control Account collapses into the Access Theory. The paper thus adds to the recent trend in the literature of favoring the Access Theory over the Control Theory. (shrink)

All societies have to balance privacy claims with other moral concerns. However, while some concern for privacy appears to be a common feature of social life, the definition, extent and moral justifications for privacy differ widely. Are there better and worse ways of conceptualising, justifying, and managing privacy? These are the questions that lie in the background of this thesis. -/- My particular concern is with the ethical issues around privacy that are tied to the (...) rise of new information and communication technologies (henceforth “ICT”). The focus here is on technologies involved in processing personal data in its broadest sense, including “any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.” The issue of moral concern is commonly designated as that of 'data privacy'. -/- The first step is to consider why privacy matters, or ought to matter, in the first place. And here we run into our first difficulty, since both the conceptualisation of privacy and the justification for the right to privacy are matters for contention. On the one hand, we are animated by a moral concern for privacy in some sense; on the other, we lack the conceptual and moral resources for making sense of this concern or for promoting particular social policies and criticising others. This often-cited dichotomy and its ensuing confusion have been the central motivation for most of the philosophical literature on privacy – including this thesis. -/- In what follows, I will suggest a way out of the confusion that pervades the current debate on data privacy. I will essentially argue two claims: one, that the concept of (data) privacy is uniquely characterised by a particular context within which we exchange information; two, that because (data) privacy constitutes an intrinsic value, its moral concerns and justifications ought to be deliberated as such. -/- The first chapter sketches the current data privacy landscape by introducing a number of concepts and arguing the unique nature of the landscape. I argue that the traditional distinction between four kinds of privacy (physical, mental, decisional and informational) is no longer accurate, given the technological context that reduces, unifies and processes all aspects of people’s lives by means of digital data. In fact, to hold on to the distinction leads to a fundamental misconception of data privacy. I further argue that today’s distinction between data protection and data privacy runs the risk of ignoring the fact that the former is an inherent aspect of the latter. These arguments allow me to settle on a (provisional) definition of data privacy: controlling how data about identifiable people is processed by ICT. -/- Next, I draw a line between descriptive and normative accounts of data privacy, and explain why this book belongs to the latter category. After a brief discussion of the coherence and distinctiveness theses, and of the difference between instrumental and intrinsic theories of privacy, I introduce the problem of data privacy as a distinct, coherent, and intrinsic moral concern. Three arguments support this position: one, data privacy is a coherent moral concern because it is motivated by a singular moral concept; two, data privacy is a distinct moral concern because the privacy challenges we face today are of a fundamentally new nature – distinct from any moral concerns we’ve faced in the past; and three, data privacy is an intrinsic moral concern that is predominantly justified, not by what it instrumentally protects us from, but by what it intrinsically constitutes. -/- Chapter Two makes the case against a harm-based, consequentialist approach to data privacy. After a brief introduction to the basic tenets of consequentialism I discuss harm-based arguments in favour as well as against privacy. I explain how privacy may protect us against psychological distress, but at the same time constitute the source of that distress; how privacy may be necessary for the proper functioning of democratic societies, but at the same time provide a cloak for anti-social and immoral behaviour; and how privacy protects us against the improper use of our personal data by others, but at the same enables us to conceal information or spread false information about ourselves in ways that are harmful to others. Next, I argue that consequentialism essentially relies on two flawed presumptions – that we know what harm is, and that we know how to predict it – and discuss the controversies surrounding definitions and predictions of harm. This argument becomes especially pertinent in today’s rapidly changing technological context: we may guess, and make assumptions, perhaps even find correlations, but don’t really know or understand (yet) with any degree of certainty the harmful consequences today’s data privacy violations are causing or will eventually cause – if any. -/- I illustrate this with examples of recent data privacy violations, and with a brief overview of consequentialist arguments for and against data privacy. Those who invoke consequentialist arguments against data privacy claim that personal data is nothing more than a raw material that can be turned into something useful and valuable without harming anyone. Choosing to move fast and break things – a popular mantra that promotes the benefits of technological “permissionless innovation” over and above its risks and costs – they draw our attention to the many benefits free data flows generate. Those who rely on consequentialist arguments in favour of data privacy, on the other hand, insist on actual and potential misuse of personal data. Rather careful than sorry, they draw our attention to the urgent need to take back control and protect ourselves against data privacy violations – precisely because we don’t know which harm they may cause in the future. Others go one step further and argue that these violations are part of a broader ideology of power. -/- What Chapter Two demonstrates is that vague definitions, unreliable predictions and inconclusive allegations of harm from both sides of the debate perpetuate a stalemate that fails to produce morally defensible answers to our growing data privacy concerns. Deliberating about data privacy from a consequentialist perspective is a dead end. -/- Chapter Three proposes an alternative to the harm-based approach, namely that privacy is an intrinsic value that deserves moral protection for its own sake. After a brief account of what I take values to be, and why we have a need to protect them, I introduce the foundational value of respect for persons, and lay out my main argument in two steps. The conceptual component of my argument returns to the definition of data privacy I had temporarily settled on in Chapter One, but now with the added consideration of the particular context, and particular circumstances and attitudes, within which information is exchanged. This addition is crucial, as it reveals the fundamental value that is at stake in our data privacy concerns, namely the inherent value of each and every person, which we protect by upholding an ethical principle commonly known as the principle of respect for persons. It is for this reason that the violation of privacy cannot (only) be expressed in terms of harm. I further argue that the principle of respect for persons is consistent with, and in fact unthinkable without, some degree of privacy. -/- I reply to potential challenges to a value-based approach to data privacy by showing that (i) values and value trade-offs are fundamentally different from consequential benefits and cost-benefit analyses; (ii) the suspension of one value in favour of another is not inherently contradictory; what matters is morally defensible deliberation about values and valid individual consent; (iii) data privacy concerns cannot be reduced to other moral concerns and therefore deserve a specific, distinct protection. -/- Finally, because this is a thesis in applied ethics, I attempt an answer to the question as to how we ought to apply a value-based approach to practical data privacy concerns. I argue that a revised, three-pronged version of John Rawls’ reflective equilibrium, founded on the non-negotiable principle of respect for persons, is the best possible procedure to deliberate data privacy concerns in relation to other moral values. (shrink)

The scope and reach of information, driven by the explosive growth of information technologies and content types, has expanded dramatically over the past 30 years. The consequences of these changes to records and information management (RIM) professionals are profound, necessitating not only specialized knowledge but added responsibilities. RIM professionals require a professional ethics to guide them in their daily practice and to form a basis for developing and implementing organizational policies, and Mooradian’s new book provides a rigorous (...) outline of such an ethics. Taking an authoritative principles/rules based approach to the subject, this book comprehensively addresses •the structure of ethics, outlining principles, moral rules, judgements, and exceptions; •ethical reasoning, from meaning and logic to dilemmas and decision methods; •the ethical core of RIM, discussing key topics such as organizational context, the positive value of accountability, conflicts of interest, and confidentiality; •important ethical concerns like copyright and intellectual property, whistleblowing, information leaks, disclosure, and privacy; and •the relationship between RIM ethics and information governance. -/- An essential handbook for information professionals who manage records, archives, data, and other content, this book is also an ideal teaching text for students of information ethics . (shrink)

Recent discussions among lawyers, philosophers, policy researchers and athletes have focused on the potential threat to privacy posed by the World Anti-Doping Agency’s (WADA) whereabouts requirements. These requirements demand, among other things, that all elite athletes file their whereabouts information for the subsequent quarter on a quarterly basis and comprise data for one hour of each day when the athlete will be available and accessible for no advance notice testing at a specified location of their choosing. Failure to (...) file one’s whereabouts, or the non-availability for testing at said location on three occasions within any 18-month period constitutes an anti-doping rule violation that is equivalent to testing positive to a banned substance, and may lead to a suspension of the athlete for a time period of between one and two years. We critically explore the extent to which WADA’s whereabouts requirements are in tension with existing legislation on privacy, with respect to UK athletes, who are simultaneously protected by UK domestic and EU law. Both UK domestic and EU law are subject to the European Convention on Human Rights (ECHR) Article 8, which establishes a right to “respect for private and family life, home and correspondence”. We critically discuss the centrality of the whereabouts requirements in relation to WADA’s aims, and the adoption and implementation of its whereabouts rules. We conclude that as WADA’s whereabouts requirements appear to be in breach of an elite athlete’s rights under European workers’ rights, health & safety and data protection law they are also, therefore, in conflict with Article 8 of the ECHR and the UK Human Rights Act 1998. We call for specific amendments that cater for the exceptional case of elite sports labour if the WADA requirements are to be considered legitimate. (shrink)

There is a long-running debate as to whether privacy is a matter of control or access. This has become more important following revelations made by Edward Snowden in 2013 regarding the collection of vast swathes of data from the Internet by signals intelligence agencies such as NSA and GCHQ. The nature of this collection is such that if the control account is correct then there has been a significant invasion of people's privacy. If, though, the access account is (...) correct then there has not been an invasion of privacy on the scale suggested by the control account. I argue that the control account of privacy is mistaken. However, the consequences of this are not that the seizing control of personal information is unproblematic. I argue that the control account, while mistaken, seems plausible for two reasons. The first is that a loss of control over my information entails harm to the rights and interests that privacy protects. The second is that a loss of control over my information increases the risk that my information will be accessed and that my privacy will be violated. Seizing control of another's information is therefore harmful, even though it may not entail a violation of privacy. Indeed, seizing control of another's information may be more harmful than actually violating their privacy. (shrink)

This paper argues that assessing personal responsibility in healthcare settings for the allocation of medical resources would be too privacy-invasive to be morally justifiable. In addition to being an inappropriate and moralizing intrusion into the private lives of patients, it would put patients’ sensitive data at risk, making data subjects vulnerable to a variety of privacy-related harms. Even though we allow privacy-invasive investigations to take place in legal trials, the justice and healthcare systems are not analogous. The (...) duty of doctors and healthcare professionals is to help patients as best they can—not to judge them. Patients should not be forced into giving up any more personal information than what is strictly necessary to receive an adequate treatment, and their medical data should only be used for appropriate purposes. Medical ethics codes should reflect these data rights. When a doctor asks personal questions that are irrelevant to diagnose or treat a patient, the appropriate response from the patient is: ‘none of your business’. (shrink)

In this paper, I defend what I call the ‘Inference Principle’. This principle holds that if an agent obtains some information legitimately, then the agent can make any inference she wants based on the information, without violating anyone’s right to privacy. This principle is interesting for at least three reasons. First, it constitutes a novel answer to the timely question of whether the widespread use of ‘data analytics’ to infer personal information about individuals is morally permissible. (...) Second, it contradicts what seems to be a common view of inferences’ ability to violate privacy rights. Third, it offers an account of the theoretically underdeveloped issue of what duties are engendered by the moral right to privacy with regard to inferred information. (shrink)

The background to this paper is that in our world of massively increasing personal digital data any control over the data about me seems illusionary – informational privacy seems a lost cause. On the other hand, the production of this digital data seems a necessary component of our present life in the industrialized world. A framework for a resolution of this apparent dilemma is provided if by the distinction between (meaningless) data and (meaningful) information. I argue that computational (...) data processing is necessary for many present-day processes and not a breach of privacy, while collection and processing of private information is often not necessary and a breach of privacy. The problem and the sketch of its solution are illustrated in a case-study: supermarket customer cards. (shrink)

According to assurance views of testimonial justification, in virtue of the act of testifying a speaker provides an assurance of the truth of what she asserts to the addressee. This assurance provides a special justificatory force and a distinctive normative status to the addressee. It is thought to explain certain asymmetries between addressees and other unintended hearers (bystanders and eavesdroppers), such as the phenomenon that the addressee has a right to blame the speaker for conveying a falsehood but unintended hearers (...) do not, and the phenomenon that the addressee may deflect challenges to his testimonial belief to the speaker but unintended hearers may not. Here I argue that we can do a better job explaining the normative statuses associated with testimony by reference to epistemic norms of assertion and privacy norms. Following Sanford Goldberg, I argue that epistemic norms of assertion, according to which sincere assertion is appropriate only when the asserter possesses certain epistemic goods, can be ‘put to work’ to explain the normative statuses associated with testimony. When these norms are violated, they give hearers the right to blame the speaker, and they also explain why the speaker takes responsibility for the justification of the statement asserted. Norms of privacy, on the other hand, directly exclude eavesdroppers and bystanders from an informational exchange, implying that they have no standing to do many of the things, such as issue challenges or questions to the speaker, that would be normal for conversational participants. This explains asymmetries of normative status associated with testimony in a way logically independent of speaker assurance. (shrink)