In a world where technology is rapidly transforming aspects of everyday life, human rights and personal privacy is being redefined and needs to be challenged.
The threats to privacy in today’s world are well known: anything from credit card information being stolen from retailers to social media designers changing our privacy settings when it pleases, the invasion of privacy is being redefined by technological advancements. Privacy in the Modern Age (The New Press, 2015), edited by Marc Rotenburg, Julia Horwitz and Jeramie Scott, contains essays by contributors who don’t simply describe these problems or warn about the loss of privacy — they propose solutions. This essay by Deborah Hurley explores privacy as a human right, how technology is invading our privacy, and what can be done to change this privacy invasion.
To find more books that pique our interest,
visit the Utne Reader Bookshelf.
Queen Elizabeth I passed a law in 1571 mandating that all male commoners in England must wear a woolen cap. The queen had good reason for this early Renaissance industrial policy. It was enacted to protect the English knitting industry and to provide employment for the people.
This rule may seem quaint today, one of the sweeping, imperious edicts from the era of absolute monarchy. Yet, is it not possible to imagine an upcoming regulation, Off with Their Hats!, barring the near-ubiquitous baseball cap and other brimmed hats so that facial recognition technology will not be frustrated in its efforts to capture digital images and measurements of every face?
Another tough leader, Theodore Roosevelt, shouted into the throng at Madison Square Garden a century ago, “Friends, perhaps once in a generation, perhaps not so often, there comes a chance for the people of a country to play their part wisely and fearlessly in some great battle of the age-long warfare for human rights.”
Go suit up. Privacy is a human right.
The Universal Declaration of Human Rights (UDHR), the founding document of the modern human rights era, was adopted by the United Nations General Assembly in 1948 without a single dissenting vote. We do not know the words of wisdom that Theodore Roosevelt gave his niece Eleanor along with his arm to escort her down the aisle. Whether or not human rights were mentioned on her wedding day, Eleanor took up TR’s challenge and played her part wisely and fearlessly when the opportunity arose. Eleanor Roosevelt chaired the UDHR drafting committee.
The UDHR, along with the International Covenant on Civil and Political Rights (ICCPR) and the International Covenant on Economic, Social and Cultural Rights, both from 1966, are called the International Bill of Human Rights. The International Bill of Human Rights is one of the most successful legal regimes in the history of the world. More than 160 countries are parties to these conventions. The adoption and ratification of the main human rights instruments by so many nations underscore the high degree of international consensus on the principles of human rights.
Human rights were considered so important that governments extraordinarily agreed to limit their own sovereignty, reallocating some of their power to other nations and international bodies and some to individuals. Human rights conventions limit the range of a country’s discretion regarding individuals within their geographic territory. Not only are individuals acknowledged as the basis of governmental authority, but individuals may also reach outside their nation to seek redress for human rights violations by their governments.
Along with rights to life, liberty, equal protection under the law and presumption of innocence, privacy is a human right. UDHR article twelve proclaimed, and ICCPR article seventeen, almost twenty years later, repeated, “No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to unlawful attacks on his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.” The ICCPR entered into force in 1976 and the United States ratified the treaty in 1992. The United States has since submitted four periodic reports.
Continually over sixty-five years, the human right of privacy has been declared, protected, and affirmed in treaties, national constitutions, regional regulations, and national legislation on every continent. The United States catalyzed modern human rights protection. The human rights instruments and institutions, along with their implementation and enforcement, guarantee human rights.
Privacy and protection of personal information support autonomy, self-determination, and dignity. On the wind these days flies the canard that privacy is an amorphous concept. This gossamer attack, that it is not clear what privacy actually is, generates a miasma of doubt.
On the contrary, the protection of privacy is deeply embedded in the laws and institutions of the modern democratic state. Moreover, one has a strong visceral sense of privacy and apprehends clearly when it has been abrogated. It would be like saying that an individual does not understand liberty, freedom, and justice. Yet, while passersby on the sidewalk might be hard-pressed to give a textbook definition of privacy, they could easily provide several examples of violations of their privacy, together with severe real-world consequences of job loss, public humiliation, and damage to reputation. Just because privacy is a concept, rather than a wrench, does not render it any less valuable to us. Love is another one of those abstract concepts in which we place deep, abiding value.
Traditionally, U.S. law recognized four invasions of privacy: intrusion on the right to be let alone, public disclosure of private facts, depiction in a false light, and commercial appropriation of personal information. Modern data protection and privacy laws contain core elements, sometimes described as “Fair Information Practices,” that set out the rights and responsibilities associated with the collection and use of personal data.
Each individual must own and control her personal information.
A quarter-century after the UDHR, the United States was continuing to set the global pace for protection of personal data and privacy. As the era of mass computerization dawned, the United States recognized the potential to collect and manipulate vast troves of personal data. The United States adopted the 1974 Privacy Act and encouraged the adoption around the world of rules to protect personal data and privacy. So began an impressive roll call, continuing through the succeeding decades to the present, of laws and enforcement institutions. Today, over one hundred countries have data protection and privacy legislation. Not only is protection of privacy and personal data widespread, but also there is broad agreement about the principles that undergird the modern right of privacy.
Yet, the U.S. progenitor became the outlier of this forty-year-strong global trend. The 1974 Privacy Act covered part of the federal public sector. As information and communication technologies advanced with uptake throughout society, other countries adopted and amended data protection and privacy legislation to include the private sector and the rest of the public sector. The United States did not keep up with these developments, with the result that Americans have less protection for their personal data than people in many other nations. It is ironic that U.S. companies, which operate in countries with broadly based data protection and privacy laws, provide a higher level of personal data protection for residents of those countries than they do for the personal data of Americans. The festive, baton-waving grand marshal of the privacy parade let the band march ahead and fell to the back, trying to look inconspicuous. But its bright red, white, and blue uniform makes it impossible to hide as it brings up the rear in gluttonous isolation, guzzling personal information, increasingly feared and resented. As an example, in the United States, medical information is the high- value haul of the data brokers. It is bought, sold, and traded among the medical establishment, insurers, employers, companies, and anyone else with the meager means to purchase it.
Human rights are universal, indivisible, interdependent, interrelated, and inalienable. In this palace with many chambers, one human right is not superior to any other. That being said, for me privacy is a gateway human right, which facilitates other human rights, such as freedom of movement and freedom of association, vital for political discourse and religious worship.
Just as we guard against measures that have a chilling effect on speech, so too should we worry about chilling effects on civic participation, discourse, and association when each individual’s every act is exposed to the glare of bright lights and, to compound the agony, the individual has no control over or knowledge of her personal information’s creation, collection, use, or purpose of use, and who else will see it and in what context. What if people hesitate to communicate due to concerns about invasive observation of their movements, relationships, and affiliations, even of personal information outside their own awareness, longitudinally over a lifetime? Now, that is chilling.
To the same degree that liberty and freedom are defended from tyranny and oppression, how best to instantiate protection of personal data and privacy, shelter it from inevitable forces of depredation, and deploy the mutually reinforcing means of laws, technological design, standards, and norms? There already exists a worldwide body of law and institutions. The lag is in implementation and enforcement. This is the easier part of the task, since the legal framework is already in place. As far as additional legislation, clearly the biggest change would come from U.S. adoption of comprehensive federal legislation to protect personal data and privacy, a welcome return to a leadership role. India already has a bill. Its passage would bring over one billion people under the privacy protection umbrella. China presents a harder case, but the prize of another billion people makes it an attractive challenge.
Similarly, privacy-enhancing technologies abound. But, repeatedly, when a technical development team receives functionality criteria, privacy is omitted. Include privacy in specifications and designers will deliver it. Privacy and security standards, such as the ISO 27001 series and many others, provide guidance. There are social and economic norms, a number of which have already been mentioned.
Already breaching the shore comes the next technological tidal wave, the Internet of Things. The ubiquitous information environment will include computing everywhere, inorganic and organic, in solids, liquids, and the air one breathes. Some inhaled devices will stay to reside, others will ride out on the exhale. In the era of ingestibles, implantables, and individual-specific nutriceuticals, the human aspect will matter more than ever. With the nascent big data already collected, it is evident that it may be surpassingly difficult to maintain anonymity, remain de-identified, and avoid re-identification. It becomes ever more important that the individual have control of her personal data.
Much of this information activity will happen outside the limits of human sensory and temporal awareness. No matter. A patient unconscious in a hospital bed is entitled to the same suite of rights and level of privacy protection as if she were going about her daily life.
And so at the end we come back to where we began and to what we have known all along. Privacy is a human right. Each government, company, and individual, as well as all other non- state actors, has an affirmative duty to safeguard it. The protection exists. The hard work is done. But there are severe lapses in implementation and enforcement. Privacy is important for the individual and, arguably, even more vital for the democratic community and its maintenance of vibrant, robust civic participation and social and economic discourse. The locus of ownership and control of personal information must lie with the individual. Technology can reinforce and actualize this principle. As personal information proliferates and becomes ubiquitous, the need to adhere to this standard becomes increasingly acute.
And the end of all our exploring
will be to arrive where we started
and know the place for the first time.
—Four Quartets, T.S. Eliot
Copyright © 2015 by Marc Rotenberg, Julia Horwitz, and Jeramie Scott. This excerpt originally appeared in Privacy in the Modern Age: The Search for Solutions, published by The New Press. Reprinted here with permission.