Saturday, March 18, 2006

Network Privacy

In his post on Social Cartography - Mapping the Electorate, Scribe reminds that it's not enough to have privacy and data protection at the individual level. We also need to consider the privacy of relationships between individuals.

There are many concerns about data protection and privacy at the individual level. (In his recent post on the Status of Privacy in the UK, Robin Wilton points out that Prince Charles used arguments based on confidentiality and copyright to protect his diaries, presumably because of a lack of adequate privacy legislation.)

But if we think about interpersonal privacy, this becomes much more complex, and raises some serious ontologicial and practical issues that privacy campaigners don't seem to be addressing. So I thought it might be useful to cross-post a few notes here.

Let's start with an incident that might be regarded as an example of breached privacy. John Major, former UK prime minister, was embarrassed by the publication of an autobiography by fellow (hrm hrm) politician Edwina Currie, in which she revealed details of a long-standing affair between them. His public response was ungracious and ungentlemanly. [BBC News, September 2002]

Privacy means that some data subject has some rights over some data.
  • What can the data subject do with the data? (e.g. publish, hide, preserve, alter, destroy)
  • What can other agents NOT do with the data? (e.g. publish, hide, preserve, alter, destroy)
  • What recompense is the data subject entitled to, in the event of any accidental or deliberate breach of these rights.
Data protection implies a set of mechanisms to support the rights of the data subject, to limit the actions of other agents, and to resolve any disputes. This raises a number of complex issues.

Ownership Who ‘owns’ the data? Does a company own the data it has collected about a person? Does a person have any ownership rights over his/her ‘own’ data? What data (if any) are governed by the principles of data protection, and what data are not so governed?
Identity There must be some reliable mechanism for matching the identity of the data subject with the identity referenced by the data. Furthermore, this mechanism should not itself represent an invasion of privacy.
Ontology Many types of data reference multiple individuals. For example, data about a secret relationship between two individuals can be understood as belonging to the pair (which is a composite data subject). However, the very existence of this pair may be part of the secret.
Collaboration If secret data belong collectively to multiple individuals, then any legitimate action over such data may require a collaboration between them. Of course, any individual named as a party to a secret relationship may seek individual recompense. It is not always clear what rights (if any) an individual has when details of a secret relationship are published unilaterally by one party.
Fiction / Libel Reports of a secret relationship may sometimes be fabricated. Standing up for one's rights against libel or slander may involve reference to a pairing that was only brought into being by the libel.

Note - these issues apply to commercial relationships between organizations, as well as to sexual relationships between consenting adults.

Technorati Tags: