A Privacy Taxonomy by Daniel Solove

At the bottom of this post is a "Privacy Taxonomy" created by Daniel Solove, a law professor. He defined these terms in his widely cited paper "'I've Got Nothing to Hide' and Other Misunderstandings of Privacy" published July 2007.

Readers wanting to skip past the introduction can jump to the guts of the four-part framework from here:

I. Information Collection

• Surveillance, Interrogation

II. Information Processing

• Aggregation, Identification, Insecurity, Secondary Use

III. Information Dissemination

• Breach of Confidentiality, Disclosure, Exposure, Increased Accessibility, Blackmail, Appropriation, Distortion

IV. Invasion

• Intrusion, Decisional Interference

---
"Why do you need privacy? Do you have something to hide?"

• "I don't have anything to hide. But I don't have anything I feel like showing you, either."
• "If you have nothing to hide, then you don't have a life."
• "Show me yours, and I'll show you mine."
• "It's not about having anything to hide. It's about things not being anyone else's business."
• Bottom line, Joe Stalin would have loved it. Why should anyone have to say more?

Before we understand the GDPR laws now in effect in the EU, a GDPR version that just passed in Brazil, the minimal California protections just signed into law that take effect in 2020, or nascent bills forming in other U.S. states, it behooves writers and advertisers to use some common terms to define what happens when there is no privacy.

Solove spends nearly the first half of the paper laying out historical definitions of privacy as benefiting primarily the individual, and contrasts that with a theory he shares with Dewey, Post, and Simities that

"It is not an external restraint on society, but is in fact an internal dimension of society. Therefore, privacy has a social value. Even when it protects the individual, it does so for the sake of society. It thus should not be weighed as an individual right against the greater social good. Privacy issues involve balancing societal interests on both sides of the scale."

Next he offers a taxonomy of the privacy problems that arise from data collection.

Solove defines four broad categories: "Information Collection", "Information Processing", "Information Dissemination", and "Invasion". For purposes of present-day discussions surrounding third parties accessing user data through social media, "Secondary Use" under Information Processing is of particular interest. More Solove quotes below.

Solove's Privacy Taxonomy  I. Information Collection Surveillance  - "Even surveillance of legal activities can inhibit people from engaging in them." Interrogation   II. Information Processing Aggregation  - "emerges from the combination of small bits of seemingly innocuous data.84 When combined, the information becomes much more telling about a person." Identification  Insecurity  Secondary Use - "A related problem involves 'secondary use.' Secondary use is the use of data obtained for one purpose for a different unrelated purpose without the person’s consent."  Exclusion - "Exclusion is the problem caused when people are prevented from having knowledge about how their information is being used, as well as barred from being able to access and correct errors in that data. This kind of information processing, which forbids people’s knowledge or involvement, resembles in some ways a kind of due process problem. It is a structural problem involving the way people are treated by government institutions. Moreover, it creates a power imbalance between individuals and the government. ...This issue is not about whether the information gathered is something people want to hide, but rather about the power and the structure of government."  III. Information Dissemination Breach of Confidentiality  Disclosure  Exposure  Increased Accessibility  Blackmail  Appropriation  Distortion   IV. Invasion Intrusion  Decisional Interference

--------------
Solove quotes:

"One of the difficulties with the nothing to hide argument is that it looks for a visceral kind of injury as opposed to a structural one."

"In many instances, privacy is threatened not by singular egregious acts, but by a slow series of relatively minor acts which gradually begin to add up."

"The problems caused by breaches of confidentiality do not merely consist of individual emotional distress; they involve a violation of trust within a relationship."

"When balancing privacy against security, the privacy harms are often characterized in terms of injuries to the individual, and the interest in security is often characterized in a more broad societal way."

"Most privacy problems lack dead bodies. Of course, there are exceptional cases such as the murders of Rebecca Shaeffer and Amy Boyer. Rebecca Shaeffer was an actress killed when a stalker obtained her address from a Department of Motor Vehicles record.90 This incident prompted Congress to pass the Driver’s Privacy Protection Act of 1994.91 Amy Boyer was murdered by a stalker who obtained her personal information, including her work address and Social Security number, from a database company.92 These examples aside, there is not a lot of death and gore in privacy law."


The paper 'I've Got Nothing to Hide' and Other Misunderstandings of Privacy can be read in full here.


-----------------------
Further Reading:

Oct. 2018 “'Our own information — from the everyday to the deeply personal — is being weaponised against us with military efficiency,' said Mr Cook, whose own company makes most of its money not from data, but from hardware."   ft.com




This work by AJ Fish is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.