Law in the Internet Society

Tracing Data Privacy and How to Realize It

-- By AndrewTaub - 09 Nov 2017

Defining Data and Privacy

Data is defined as “facts, information, and statistics collected together for reference or analysis.” The origin of the word data is from the Latin verb “dare” which means “to give” and the neuter past participle “darum” which means “something given.” This connotes a sense of belonging and that the information transferred is given to someone by someone else, suggesting that there is a degree of ownership of that information and a choice that is exercised as to whether to give or share that information. Privacy is defined as “the state of being alone and not watched or disturbed by other people or the state of being free or away from public attention.” It is also defined as “freedom from unauthorized intrusion and the state of being able to keep certain especially personal matters to oneself.” Both underlying definitions of data and privacy independently have similarities. Based on data’s origin, the word implies that there is possession involved in terms of who owns the facts or information that are being collected. Similarly, with privacy, the person who holds those private matters or experiences a state of freedom is entitled to defend against intruders and has authority to protect that state. By combining these two words, the center of the term “data privacy” would appear to be, at a singular level, an individual.

Terming Data Privacy

Data privacy as a term began to appear in written texts in the United States in the late 1950s. Specifically, in 1959, the National Bureau of Standards (NSB) published a monograph in which the term was defined: “Data privacy is the protection of data (typically in a computer-based system) for the sole use of one individual or organization, or by such others as the owner of the data may authorize (e.g., other individuals, organizations, agencies, or groups).” What marries “data” and “privacy” is due to, as the NSB’s definition raises, the birth and growth of computer systems at the time. By pairing these words, the term data privacy closely, if not entirely today, implies that a computerized information system is present and involved in the process for where that data is stored and how it is protected.

The Problem Created

In theory, it seems that data privacy should be about the individual, but in reality, it is about the protection of data on computer systems. This distinction is necessary because data protection is operated by who ultimately has power. That would be who owns the computer system, where it and the data stored are located, and most importantly, who collects, controls, and owns the data. As Yochai Benkler states, over the past ten years, there has been a shift to higher level systems (e.g., Facebook, Google, Apple, Amazon) in which there exists no core organizing structure for how to build new or integrate existing systems. The shift has been away from building frameworks and software of openness, and there are no public standards for data portability nor legal requirements for interoperability.

Why Does That Matter?

This new model of a few dominant players creates a concentration of power in which their influence increases not through open programs, but through closed platforms. Since data has become the core infrastructure around which control develops and since the anatomy of these closed platforms is owned and operated by the system providers, then the individual lacks any real authority, or possibility, to even control the privacy of his or her data. Instead, privacy is built upon a form of consent between the system operator and the consumer, in which the user unseeingly accepts because there is no real choice, “stemming from a conception of the absence of any choice to begin with” (Benkler). And with that, we see public law unable to effectively reach or enact legislation in that closed realm and instead see more concentrated power thus allowing for companies to create policies privately to serve their best interest.

What Next?

If a user consents to engage with a behavior collection system, then that user should expect no privacy on that platform. What is the alternative? To see past the convenience and attractiveness of closed platforms and their services and to “demand that the physiology of the machine work for the human” (Moglen). The individual must exercise the right to privacy not by negotiating with the no-exit platforms for protection that will never exist, but rather returning to an open architecture in which the individual’s freedom lies in the infrastructure itself and which allows users to reestablish ownership and the discretion of where, when, and whom to share their data. Indeed, only then, through the user’s choice and act to take ownership of activity in the digital/cyber realm will a true sense of freedom be achieved and data privacy realized for the individual.

Learned Hand in a famous epithet from a 1940s tax case warned against "making a fortress of the dictionary." That's happened here. The dictionary definitions and mere verbal analysis take up too much space, and in particular prevent the opening of the essay from launching it. You need to show the reader your idea up front, not a set of Googled-up definitions, in order to secure attention and begin the reader's thinking process to run alongside your own.

Once you have stated your own idea (about which I must admit that the current draft leaves me not entirely certain, even by the time I have finished reading it for a second time), you can then use the central body of the essay to show how you came by it, to answer objections, and to present the most important consequences. So---if we posit for example that your primary point is that private power has ousted public, legal authority from the process of determining what happens to behavior data collected by telecomms and platforms---you can show briskly what Yochai and I have contributed to your thinking out of which you came to that conclusion. You can relate this to other forms of private power (over the physical environment, over the molecules of life and health, over the degree of "restraint of trade" exercised by the dominant competitors in goods and services markets, etc.), and discuss the forms of regulatory intervention that have been used to redress the balance between public and private power in those situations. A well-earned conclusion, then, can restate the primary force of the idea, and leave some implications for the reader to consider under her own steam.

Perhaps I don't have the central idea right; as I say, the existing draft is not particularly focused there. But, mutatis mutandis, the approach I'm suggesting should yield a richer next draft wherever the intellectual emphasis should fall.

You are entitled to restrict access to your paper if you want to. But we all derive immense benefit from reading one another's work, and I hope you won't feel the need unless the subject matter is personal and its disclosure would be harmful or undesirable. To restrict access to your paper simply delete the "#" character on the next two lines:

Note: TWiki has strict formatting rules for preference declarations. Make sure you preserve the three spaces, asterisk, and extra space at the beginning of these lines. If you wish to give access to any other users simply add them to the comma separated ALLOWTOPICVIEW list.


Webs Webs

r2 - 04 Dec 2017 - 17:24:40 - EbenMoglen
This site is powered by the TWiki collaboration platform.
All material on this collaboration platform is the property of the contributing authors.
All material marked as authored by Eben Moglen is available under the license terms CC-BY-SA version 4.
Syndicate this site RSSATOM