Document maintained in:
The purpose of this document is to list definitions of privacy and related notions, sourced from literature, and provide fundamental understanding about the key concepts of interest for blindnet.
We are interested in privacy from a perspective of builders of computer systems, who have to account for the human, its psychology and relationships with other humans and with the machines.
In this document, we are not interested in the general perspectives related to politics, democracy and justice other than those views and findings that directly impact the building of a software system made for humans.
Among the many definitions proposed in scientific literature, we use the following one:
« Privacy is the selective control of access to the self » — Irwin Altman1
This definition captures the essential features of the concept, in particular the following.
The self is a very important element of human experience playing "an integral part in human motivation, cognition, affect, and social identity"2.
The self is not the same as identity. While the self is the totality of the individual3, the identity is an individual's sense of self defined by (a) a set of physical, psychological, and interpersonal characteristics that is not wholly shared with any other person and (b) a range of affiliations (e.g., ethnicity) and social roles4.
Some scientists challenge the ability of an individual to know the self. Under this view the self might only be intelligible through its manifestations or consequences. It is generally accepted that the self is developed over time. Also, undoubtedly, in part "the self emerges through interaction with others"5.
Due to the relational provenance of the knowledge of the self, privacy is one of the key features of the relationship of oneself with the surrounding world (other humans and artefacts) through which the knowledge of the self is formed. Privacy is a "factor of connection to oneself and to others"6.
As relationships play a key role in shaping the view on the self, it is of crucial importance for the individual to control the access to self, and thus maintain control over their own view of the self.
It is not an absolute binary "come in" vs. "go away". It is a nuanced choice to control access to parts of the self.
Privacy seems to trace its origins in biological processes. "Withdrawal from others is ubiquitous across the animal kingdom" 7. Researchers make an analogy with cell membrane1 that selectively allows material inputs and outputs, similarly as privacy selectively regulates external stimulation to one's self or the flow of information to others7.
Biology research suggests that, in social species, privacy might have emerged as the cost-benefit balance between the advantages offered by the life in a group and the interests of the individual's competition over scarce resources. In other words, privacy balances the dangers and advantages of connection, which makes connection possible.
The practice of withholding information or actively sending deceiving signals might have had origins in a survival mechanism i.e. sending away the individuals competing for the same resources. "By increasing another individual's misinformation about the environment, an animal may increase its own fitness"7.
In such primitive groups, privacy emerges as a strategy to establish information asymmetry8 and compensate for the power disbalance among individuals. It is thus possible that the need for privacy in modern society remains still linked to the power differential. Without privacy and the information asymmetry it creates, an individual is made vulnerable and its ability to ensure fitness for survival is diminished.
Compelling animals to remain in contact contrary to their own privacy inclinations, in laboratory settings, has resulted in physiological changes, reproductive failure and adrenal dysfunction7.
Beyond the privacy of an individual, privacy also has a group-preserving function in the relationship between one group to another9.
Humans are social species, hardwired for connection.
« Connection is the energy that exists between people when they feel seen, heard and valued; when they can give and receive without judgement; and when they derive sustenance and strength from the relationship. » — Brené Brown
Connection is crucial to development; without it, social animals experience distress and face severe developmental consequences10. Yet, connection can also expose the individual to existential vulnerabilities.
The risk associated with connection has to be managed. Without privacy, the need for connection conflicts with the goal of protecting vital interests. Connection is not possible without privacy.
Privacy is not the opposite of connectedness.
Connectedness exists on the continuum between fusion and isolation. Fusion is the state of total absence of boundaries and separateness. Isolation is the psychological equivalent of death.
It leads to loneliness - correlated with negative effects on health11.
Humans need connectedness to avoid isolation. Privacy regulates connectedness to avoid fusion (where there is not enough separateness for anything to need connecting).
To acheive different levels of connectedness on this continuum, an individual needs to balance and regulate, in other words control the access to self. Privacy is thus a necessary condition for connectedness. There is no connectedness without privacy.
Information asymmetry8 is clearly a key concept for privacy as identified by biological studies of privacy in animal societies.
In the context of a power differential, where an individual interacts with a more powerful entity, the need for management of information asymmetry is twofold:
- reduce the information given by the less powerfull
- increase the transparency about what the more powerful does with the information obtained.12
Indeed, in order to selectively control the access to self, the individual has to know what the other party will do if given access to a part of the self. This two-way understanding of the information asymmetry that privacy seeks to create is the ground on which the legislation around data minimization, transparency of treatment and consent is formed.
As a key element of connection to others, privacy also impacts our connection to ourselves and our idea of our identity and self-efficacy. Functioning privacy creates a fertile ground for building trust and functional connectedness. Disfunctioning privacy is linked with despair.
As we derive the knowledge of self from our relationships with others, the freedom to engage and disengage from those relationships and selectively allow access to self is crucial to our ability to keep our identity safe.
At the psychological level:
- privacy supports social interaction,
- social interaction provides feedback on our competence to deal with the world,
- our competence to deal with the world affects our self-definition113.
Inability to obtain privacy has important psychological consequences ranging from embarrassment and stigma to de-individuation and dehumanization13.
« Trust is choosing to make something important to you vulnerable to the actions of someone else. » — Charles Feldman14
Because privacy is about the access to self, and self is clearly of great importance, an individual is expected to choose a particular level of privacy in relation to the level of trust.
Privacy fatigue reflects a sense of weariness toward privacy issues, in which individuals believe that there is no effective means of managing their personal information on the internet15.
This fatigue, brought on by casual data breaches and the complexity of online privacy control, can reduce users' attention to privacy issues. Yet, being consistently exposed to a mismatch between what one hopes for and what the environment affords leads to increased psychological strain15.
Privacy fatigue is closely related to the concept of learned helplessness16. Learned helplessness is the behavior exhibited by a subject after enduring repeated aversive stimuli beyond their control. The subject affected by this phenomenon discontinues attempts to escape or avoid the aversive stimulus, even when such alternatives are unambiguously presented. Learned helplessness is linked to a degraded self-efficacy - the individual's belief in their innate ability to achieve goals. Researchers suggest that clinical depression and related mental illnesses may result from a real or perceived absence of control over the outcome of a situation17.
Indeed, privacy is related to identity, and to our perception of our own competence to deal with the world113. Repetetive exposure to technological limitations18, as well as the privacy paradox attitude-behavior gap19 might situate the explanation of privacy fatigue in the scope of learned helplessness.
The privacy paradox is a phenomenon in which online users state that they are concerned about their privacy but behave as if they were not.19 Anecdotal and empirical evidence indicates that individuals are willing to trade their personal information for relatively small rewards20.
However, as we have seen, privacy regulates the conflict of the need for connection with the need for competition, survival and overcoming the power diferential. Habits, and other needs, indeniably play a role in the persons choice of privacy related behavior and may yield behavior inconsistent with the persons beliefs and interests (as outlined by the privacy paradox)21.
The existence of the privacy paradox is not indicative of a false concern for privacy, but rather of the context not favoring behavior aligned with this concern, as is common with attitude-behavior gap22. Researchers consider privacy-oblivious behavior to be a result of technological limitations as much as a consequence of users' deficiencies18.
The rise of Internet Systems and of the Web23 is inspired by the concept of Memex, proposed by Vannevar Bush in 1945 in his article As We May Think24. Memex is imagined as a theoretical machine that humans can use to augment their cognitive powers. Memex can store information and provide access to it at later times. Also Memex is collaborative, as it can facilitate access to information provided by others - a collective memory-extension tool.
Memex was the inspiration for:
- NLS25, a system that used the early internet infrastructure to demonstrate the pioneering use of videoconferencing, collaborative document editing, hypermedia, document version control and many other concepts prevalent in modern Internet Systems. Developed in 1968, by Doug Engelbart, it was the first system to implement practical use of hypertext links26 for connecting information
- The Wrold Wide Web27, created in 1990 by Tim Berners-Lee
All of modern internet infrastructure and available applications and systems materialize the vision of Memex, where:
- human are connected to information,
- information is connected to information,
- humans are connected to humans.
Having control (having the system respond predictably to user's actions) is one of the key features a user can expect from a properly designed human-computer interaction28.
Since privacy is the selective control of access to the self, a computer system, properly designed for connection, must also give the user control over their privacy.
In essence, the available knowledge teaches us the following:
- Internet Systems are tools for connection
- There is no connection without exposure of the self
- Privacy is the selective control of access to the self
- Properly designed computer systems put the user in control
- Privacy enables sustainable connection and trust (choosing to make something important to you vulnerable to the actions of someone else)
- Connectedness is dysfunctional without privacy
Therefore, we believe that a properly designed Internet System is designed for Privacy-enabled Connectedness.
The Privacy-enabled Connectedness is achieved through the following design principles:
The system is designed to prevent any form of access to the user or to the user’s data without giving user the control over such access.
Examples
A system collecting user’s data over a web form and storing the data unencrypted in a database is not designed to prevent any form of access to the user or to the user’s data without giving user the control over such access. A system collecting data end-to-end encrypted for clearly identified target consumers, is.
A system collecting user’s data, that shares this data with other systems, is designed to propagate any access-related instruction given by the user across the receiving systems. (No loose ends)
Examples
When a user deletes their data from one system, a properly designed system allows the user to have the delete action propagated to other systems to which the data was transmitted. A poorly designed system only deletes the data from its own storage.
Footnotes
-
Altman I (1975) The environment and social behavior. Wadsworth, Belmont ↩ ↩2 ↩3 ↩4
-
Sedikides, C. & Spencer, S.J. (Eds.) (2007). The Self. New York: Psychology Press ↩
-
Colin Fraser, "Social Psychology" in Richard Gregory, The Oxford Companion to the Mind (Oxford 1987) p. 721-2 ↩
-
Darhl M.Pedersen, PSYCHOLOGICAL FUNCTIONS OF PRIVACY ↩
-
Peter H. Klopfer & Daniel I Rubenstein The Concept Privacy and Its Biological Basis ↩ ↩2 ↩3 ↩4
-
Barry Schwartz, The_Social_Psychology_of_Privacy ↩
-
Jaak, Panksepp (2004). Affective Neuroscience : the Foundations of Human and Animal Emotions. Oxford University Press. ↩
-
Stephen T. Margulis, Privacy as a Social Issue and Behavioral Concept ↩ ↩2 ↩3
-
Charles Feltman, The Thin Book of Trust: An Essential Primer for Building Trust at Work ↩
-
Hanbyul Choia, Jonghwa Parka, Yoonhyuk Jung, The role of privacy fatigue in online privacy behavior ↩ ↩2
-
Seligman ME (1975). Helplessness: On Depression, Development, and Death. San Francisco: W. H. Freeman ↩
-
Jochen Peter and Patti M. Valkenburg, Adolescents' Online Privacy: Toward a Developmental Perspective ↩ ↩2
-
Bedrick, B., Lerner, B., Whitehead, B. "The privacy paradox: Introduction", "News Media and the Law", Washington, DC, Volume 22, Issue 2, Spring 1998, pp. P1–P3. ↩ ↩2
-
Spyros Kokolakis Privacy attitudes and privacy behaviour: A review of current research on the privacy paradox phenomenon ↩
-
Alessandro Acquisti, Privacy in Electronic Commerce and the Economics of Immediate Gratification ↩
-
The Internet is a global network, while the Web is a structure of information that is accessed via the Internet ↩
-
Bush, Vannevar (1945-07-01). "As We May Think". The Atlantic ↩
-
Shneiderman, Eight Golden Rules of Interface Design ↩