Many people think of privacy as a black and white thing. Something is either secret or it's not. I want to argue that there actually are degrees of privacy. Privacy isn't complete non-disclosure. For example, I have a health condition, I discussed it with my doctor. I didn't keep it private. I'm actually discussing something that is very private to me, but I have to discuss it to be able to get the care I need. This doesn't let the doctor make these facts public. There's good societal consensus and even laws regarding this. To take a less legal thing or less clear-cut thing, I share a deeply personal story with a friend. Again, this doesn't mean that I make the story public. There's a certain aspect of trust and bonding in sharing that personal story. Note that in both of these cases, I might actually be okay with limited additional disclosure. It isn't that I actually want them to swear they will never tell anybody at all. For example, the doctor may discuss my case with other caregivers, but I think that would be completely reasonable. My friend may tell my story to someone else because I need help and that's this friends judgment, and they think that trying to get a group together to help is the right thing to do. These are reasonable things to do, whereas gossiping about this is not a reasonable thing to do. And that is the notion of privacy. So let's take these personal things and move that to the world of data today. Every merchant, many others, many service providers, government agencies, whoever, they have considerable data about me. At the very least, they have data about my interactions with them. Often, they'll have much more, and they have this because they are providing me with something, and by sharing whatever data I do share with them, they serve me better, and I'm happy for them to use this data to serve me better. But I really don't want them to share with others or to use the data in other ways that I don't want them to. And that is where privacy comes in. So privacy, we should think of not as non-disclosure, but rather as exercise of control. So one way in which you can control information is to say you will prevent undesired disclosure, and that's certainly a crucial element of maintaining control. If you can't even do that then you certainly cannot maintain control. However, that in itself shouldn't be the definition of privacy. In fact, this notion of all or nothing is quite problematic even in the case of user agreements that we all sign when we use software or we use a website because usually, these things are written in such a way that we're pretty much giving up control on the shared data. And our choices, either give up all that control and then get the service benefits, or just don't give up control and you're not going to get any service. And so users do this, complain about loss of privacy and feel like they didn't get a very good deal in the process. There is, of course, a flip side here. A lot of what we get used to in terms of services on the web, services on our mobile phones, they're free. And the reason that they're free is because their advertising support it. And so just as we may prefer to watch our TV shows without ads, but we're willing to watch ads because we understand that that is how TV comes to be free. We have to expect, if we want to be able to get free services on the web and on our phones, that these free services will be paid for by advertising. That having been said, it might be a good thing for vendors to provide graduated choices so that users could make the tradeoffs they like and choose the points in the spectrum that they're most comfortable with. This may seem odd because there are so few examples of this, but it happens. As an example, consider the browsers that you use. Most browsers today provide something called an incognito browsing or private browsing mode. Typically, when you're in normal browsing mode, the browser will remember websites that you have visited recently, and this actually helps the browser fill in entries into the search bar. It helps you have to type less because a browser knows what websites you tend to visit. It also helps you go back in history and revisit websites that you had liked even after you have navigated away from the page. When you do incognito browsing, the browser doesn't remember any of this stuff. It doesn't record these things. You don't get some services that you would get if you used normal browsing, but that's a tradeoff that browser makers have chosen to give to us, and people use it in the way they see fit. Another thing to note about privacy is that sometimes the choices aren't necessarily made by you. So if you go to a party and your friend posts photographs that he took at the party, whoever sees those photographs and knows you realizes that you went to that party, and maybe you didn't want to tell people that you went to the party, or you didn't want to least tell some people that you went to that party, but your friend didn't leave that choice to you because that was just a social thing. There are other places, more serious places, where the same thing can happen. You may decide that you'd like to make your DNA public for science. You understand that there's a lot of medical research that depends upon analyzing DNA, and you know that sharing this kind of information is not easy because often, medical researchers don't get permissions that they need. And so you make this decision. Now, the problem is your blood relatives share much of your DNA. So if your DNA is public, their DNA is semi-public. It's not quite public because their DNA isn't exactly the same as yours, but if I know your DNA I have a pretty good idea what your mother's DNA was like. The thing is they were not involved in your decision, and they may have wanted to keep their DNA private, and you made a personal choice about yourself that impacts their choices. Another aspect to think about with regard to privacy is the difference between collection and use. Typically, harms occur only upon use of data. Collection is a necessary first step before use. The existence of the collection can quickly lead to use. But just because the data has been collected doesn't necessarily hurt you. So the question is, why would anybody ever collect data and not use it? One example where there's a strong case for this is in surveillance, whether it's by the government or by security cameras. By the time you know what you need, it is too late to go back and get it. If you're in the store and you want to see and catch the shoplifter, you want the camera on at the precise moment that the theft was taking place. Since you don't know when that's going to happen, you'll leave the camera on all the time, and you don't look at it, or you plan not to look at it. And when you realize that a theft took place, you'll go look at the camera. You'd look at the footage at the approximate time and try to see what was going on. This is standard practice with security cameras, and I think that there is a notion of having this sort of thing be a standard practice for data surveillance of many other types. So to sum up, the loss of privacy occurs when there is a loss of control over personal data. I'm okay with you having certain data about me that I've chosen to share with you, but I don't want you to share my data in ways that I do not approve. And it is that measure of control that's important to me in terms of maintaining my privacy.
