The underlying concept of privacy has not changed for centuries, but our approach to acknowledging privacy in our transactions, exchanges, and relationships must be revisited as our technological environment – what we can do with information – has evolved. The goal of this chapter is to focus on the debate over the definition of privacy as it is required for other debates and has direct implications to how we recognize, test, and justify privacy in scholarship and practice. I argue privacy is best viewed as the ability of an individual to control information within a negotiated zone. I illustrate this view of privacy through an analysis of Facebook’s Beacon program and place the case in the context of both privacy violations and successful business strategies. I find privacy zones are illuminating for situations from 10th century England to current social networking programs and are useful in identifying mutually beneficial solutions among stakeholders.
TopIntroduction
After months of Lady Godiva’s lobbying for tax reform for their village of Coventry, her husband Leofic, Earl of Mercia, exasperatingly challenged Lady Godiva to ride naked through the town center before all the people in order to get her wished tax relief. Lady Godiva immediately contacted the great magistrates of the city and informed them of Leofic’s challenge. Given the dire economic status of the town, these community leaders agreed to have all citizens of Coventry return to their homes and remain behind closed doors so as to not lay eyes upon Lady Godiva during her ride through the center of town. At noon on the appointed day, Lady Godiva let down her hair which covered her in a semi-modest degree, mounted her horse and, accompanied by two knights, rode through town. As was agreed upon, the roads were clear and the market was eerily quiet from the absence of barter and negotiations. Suddenly, Lady Godiva was notified of an errant young man peeping through a window by her horse’s neigh. The knights soon realized that the young man was Tom the Tailor who was immediately struck blind as some sort of divine punishment but not before he was able to turn and tell his tale to others in the house.1
While the notion of privacy has been a focus of concern for centuries, recent developments have changed how we approach acknowledging privacy. Peeping Tom violated privacy norms by peering through a window to view a disrobed Lady Godiva riding through town, whereas current privacy concerns are more likely to arise in a virtual world such as SecondLife rather than in a township, or by compromised by a cyber-voyeur, hacker, on computer program rather than by an individual peering through a window. Two related trends have necessitated a revisiting of how we acknowledge privacy. First, information is increasingly the basis for an organization’s value proposition and, for some, the entire business model. While business has always relied upon consumer information to complete transactions, more of that information is stored or being repurposed for behavioral marketing or custom recommendations. All organizations have stakeholders such as employees, suppliers, governing bodies, and communities who share information in increasingly important ways.
Second, our information is both greased and sticky. By becoming separated from us, our information is ‘greased’ in the words of technologist James H. Moor (1997). Information can slip quickly from protected, legitimate storage to an unprotected, illegitimate individual through the click of a mouse. At the same time, I argue that information is ‘sticky’ in that organizations can link and aggregate information which was previously separated and compartmentalized. As such, our information is increasingly in permanent records which are searchable rather than only observable (Lessig, 1998, 1999). Where department stores previously recorded customers’ preferences on index cards to notify them of upcoming sales, grocery chains now store previous and current purchases to customize coupons and Amazon.com monitors browsing and purchases to suggest additional products. Where Lady Godiva briefly rode through town at noon on an appointed day, Facebook retains information to be linked to, searched, revealed, or repurposed for an indeterminate amount of time. Perhaps the type of information requested and stored is similar, but the format of the information is different in important ways.
These shifts make the information both valuable and vulnerable to organizations and individuals: valuable by facilitating customized services and lowering transaction costs and vulnerable by being identifiable and searchable thereby creating a larger target for illegal hacking or unintended violations of privacy. As I will argue, these trends point to the control view of privacy as being increasingly useful and applicable: when our information was ‘attached’ to us as in the case of Lady Godiva in the beginning of this chapter, the ongoing control of information was not important to our conception of privacy as we controlled our information by controlling who has access to ourselves. This is not the case now. Now, our information is not contained by physical barriers but rather negotiated through virtual barriers: the equivalent to asking a friend to turn their back while you change or asking your child to cover their ears while you talk to another adult.2