The simplest definition of privacy is “that which is no one else’s business.” Unfortunately, much of what has traditionally been considered private has become the business of a great many. People’s private information is no longer sought merely because a greater understanding of their personal and unique characteristics can benefit them, but because so many others can benefit from that same understanding: people who resemble each other in some biologic or behavioral way, researchers seeking answers to diseases or conditions whose root cause is genetic, marketers trying to fine-tune product delivery, or government agencies determining which programs are successfully achieving their goals.
Absent a judicial order, the holder of private information has historically been free to decide with whom and how to share that information. The holder decided what was to be revealed, to whom, and for what direct benefit. Typically, holders would disclose private information to their doctors for treatment, to their employers for work, or to a clergyperson for comfort. These transactions were simple and tended to be face-to-face, with clear parameters. This is no longer the case.
Electronic medical records (EMRs) exemplify the evolving context. EMRs clearly facilitate the aggregation of massive amounts of data about people’s experiences with particular genetic markers, diseases, medications, and other treatments. It is hard to argue against the benefits of data analysis on this level. It is quite possible that the holder could eventually realize a benefit to her own health, and even if she never realizes a direct benefit from the use of her private information she could benefit because of knowledge gained from someone else’s private information.
Perhaps less compelling is the behavioral analysis and targeting that results from our purchasing history. Most enjoy the convenience of Amazon’s recommendations. However, it could be a small leap from Amazon recommendations to the personalized marketing depicted in the movie Minority Report. There, biometric identification of the hero led to an instantaneous analysis of his purchasing history, which was translated into targeted recommendations of consumer items, all as he walked past various stores in the mall of the future. For all sorts of businesses, such data is a gold mine, offering the promise of greatly enhanced sales for the full range of consumer items.
Hidden behind the promises of benefits, including financial reward, is the total disintegration of any meaningful concept of privacy. Most people are willing to disclose private information in exchange for a promised benefit. But traditional privacy protection is contingent upon not disclosing private information or restricting the disclosure to specific uses. Once private information is disclosed for any benefit, it is increasingly difficult to curtail its further disclosure.
There have been isolated examples of the harm that results from the misuse of private data in the United States, but nothing, fortunately, that rivals the seminal European experience. Nazi Germany had much to do with the shaping of Europe’s approach to privacy. Hitler’s Final Solution depended on the existence of detailed records, including census data, for its execution. Cautioned by this experience, European nations have been inclined to view privacy as a fundamental human right and have placed significant restrictions on those who seek to use others’ personal information. The European Union has established strict standards requiring, among other safeguards, transparency, notice, a legitimacy of purpose, and proportionality. There is much to admire in the European approach, but the political situation renders its adoption in the United States highly unlikely.
Organizations from across the political spectrum have an interest in people’s private information. Corporations believe that private information can increase profits, unions look to it to increase membership, and public health officials seek to utilize it to improve health outcomes. The recent U.S. Supreme Court decision removing restrictions on corporate political spending will result in more elected officials sympathizing with organizations’ desire to maximize their access to and use of private information, and being less inclined to uphold traditional notions of privacy. All the incentives push toward a disintegration of the private sphere.
Our traditional approach of offering protection only to certain categories of information and only then when the holder keeps the information private is simply inadequate for this era. Other approaches, such as licensing, use restrictions, required de-identification of information, or strict liability for uses outside those designated by the holder need to be adopted if privacy is to have any meaning. The window for advocates to act is narrow, and we need to begin to act now.