CH_1
An Introduction to Freedom of Information and Privacy Protection

ACCESSING AND PROTECTING ELECTRONIC DATA

For anyone under the age of twenty-five living in an industrialized country, typing term papers on a typewriter or looking up books by flipping through paper index cards in a filing cabinet in the library is a completely foreign concept. Similarly, life without a laptop computer, the Internet, a cellphone, or an iPod is incomprehensible. But despite the depth of their penetration into our daily lives, the ubiquity of these communication devices is a very recent phenomenon. The proliferation of the Internet and other technological innovations in the 1990s has had a seismic impact on our ability to create, store, and share information. The subsequent development of social networking, along with the digitization of commerce and government in the following decade, has had an equally profound impact on the ways in which people communicate and go about their daily business. These changes are particularly stunning given the speed with which they happened. The first digital computer was built in 1939, and in the 1960s information systems were developed to store data. These systems evolved with the introduction of personal computers in the 1980s. It was the development and proliferation of the Internet in the 1990s, however, that saw not only the collection and storage of increasing amounts of data but also the ability of citizens and consumers to access these data with the click of a mouse. A decade later, the Internet ushered in “digital government”¹ and “e-commerce,” whereby interactions between the citizen/consumer and the state/producer began to be mediated by electronic technologies. This was also the era when “digital relationships” came into being, that is, peer-to-peer relationships mediated by technology.

By the end of 2010, it was hard to imagine how society had ever functioned without digital communication. These dramatic changes resulted in a fundamental shift in the way individuals interact with organizations and with each other. We now rarely go into a government building to take care of such mundane chores as renewing pet licences or paying parking tickets. We gather information and purchase items online. Few of us can remember the last time we wrote a letter to a relative, if in fact we have ever done this in the past. We communicate with our friends by looking at their Facebook page and commenting on their walls, by sending email, or by instant messaging or texting. These online activities allow us to access information about other people and organizations and to “take care of business,” be it personal or professional, in the solitude of our homes. But these online activities also allow others to gather information about us remotely. The central issue that this book addresses is where the line should be drawn between what information should be readily available to others upon request and what information should be restricted in order to protect personal privacy. The fundamental concern is how much control individuals should have over their personal information in light of competing demands for it from others within society. In examining this question, this book analyzes protection of privacy and freedom of information (also known as access to information)² — two issues that most people know something about but few people know much about, despite their relevance to our everyday lives.

This text explains why freedom of information and protection of privacy (FOIP) is important. It elucidates how FOIP underpins the good governance that is so critical to a free, democratic, and economically competitive society. It illustrates the relationship between privacy and personal autonomy, which allows individuals to pursue their self-interest free from external control. It also reveals the relationship between access to information and accountability, which is necessary for good governance in the public, private, and non-profit sectors. In some respects, the debate over the proper balance between access and privacy mirrors the age-old debate over the optimum balance between the rights of the individual and those of the public interest (the latter broadly defined as the interest of the larger community in which the individual lives). This is a question that has engaged political scientists, economists, and others in a wide range of discussions that focus on such things as the role of the state in providing universal social programs, the optimal rate and type of taxation, and constitutional arrangements that seek to accommodate the needs of particular linguistic or ethnic groups. Typically, we tend to think of proponents of particular positions as sitting on opposite sides of the left-right political spectrum. This neat division between left and right, however, does not work nearly so well in conceptualizing the complex relationship between access and privacy.

As the following pages illustrate, the right to keep information private can be claimed by both an individual and a group of individuals. The same can be said for the right to access to information. As such, the public interest is not definitively linked to either the promotion of access to information or the protection of privacy. What is clear is that the stunning speed of technological innovation with respect to the collection, storage, and dissemination of information will necessitate very careful consideration of how we manage information. The decision to withhold or release particular information will have a significant impact on the individuals and organizations to whom this information pertains and raises major issues around who should make the decision and on what basis. We ignore these issues at our peril; history has taught us that freedom and democratic institutions are often most appreciated only after they are either threatened or lost.

This book provides an overview of the principles that underpin, issues that arise from, historical development of, and application of protection of privacy and freedom of information (FOI) legislation. While it does tilt toward the Canadian case, the general principles and issues presented are common to countries around the world that are grappling with providing an access and privacy regime for their citizens. While other studies might give a comprehensive analysis of either FOI or the protection of privacy, the most useful understanding comes from considering them together. In an increasingly global and digitized world, the choices we make with respect to how we manage information will become key factors in defining the communities in which we live.

ACCOUNTABILITY AND AUTONOMY

Freedom of information is critical for ensuring democratic accountability, and in particular due process and citizen participation. Privacy, on the other hand, is central to a person’s sense of personal space and security. It is here that things become complex. Accessing information is more than just a means to allow citizens to keep tabs on their government. It is also a way for citizens to gain information about themselves and their neighbours. FOI speaks to both the ability of the individual to obtain information about the group and the right of the group to information about the individual.

FOI legislation can also be used to access government-held information about businesses and corporations. Citizens can see to whom government is awarding contracts and how it is spending taxpayers’ dollars. It also allows businesses to obtain information about their competitors. In contrast, privacy protection legislation prohibits the release of particular information if it is deemed to infringe unnecessarily on privacy. It also allows both citizens and consumers to determine what personal information governments and businesses have on file that relates to them. Some privacy legislation also applies to non-profit organizations that engage in commercial activities. While these provisions represent a form of access, they also relate to privacy in that individuals have a right to know what personal information is held by others. Decisions about what information should be released hinge on the proper balance between the rights of the individual and the rights of groups. On this point reasonable people may differ. Moreover, the ability of various individuals to articulate their point of view effectively differs depending on their status within society.

Individual rights refer to the personal autonomy of an individual — specifically, the freedom of the individual to pursue his or her self-interest without interference. They also refer to the right of the individual to be protected from others whose pursuit of their self-interest might interfere with the individual’s right to be left alone. In contrast, group rights refer to morals or values decided by the community. The preservation of these values may in fact limit the ability of individuals to pursue their own interest or may interfere with their desire to be left alone. The crucial question then becomes: At what point do the interests of the group justify the limitation of individual autonomy?

Here is an example that illustrates the debate over how privacy should be balanced with access to information. A car hits a pedestrian at a corner that the community considers to be very dangerous because the crosswalk is poorly lit and obscured by a bend in the road. The investigating officer writes a report that contains (among other things) the names, addresses, phone numbers, and ages of the couple in the car and the person who was walking across the street. As it turns out, the two people in the car are married, but not to each other; they are having an affair. The person walking across the street is a recovering alcoholic who has just left a local tavern. The community league wants to read the report to determine whether the accident was due to driver/pedestrian error or the poor design of the corner. If it is the latter, the community league plans to lobby the city for improvements. The critical question is: Do the rights of the community league to ask for information pertaining to the safety of an intersection in its neighbourhood take precedence over the rights of individuals to conduct their personal business without coming under the scrutiny of their neighbours?

How this question is answered depends on how any particular society balances the interests of the group against those of the individual. As such, the answer might be different in various societies. If it is determined that some, but not all, information should be released, who makes this determination? On what principles is this decision made and what weighting is put on the balance between competing principles? How transparent should societal and governing arrangements be? While there might not be one “correct” answer, Amitai Etzioni argues:

Good societies carefully balance individual rights and social responsibilities, autonomy and the common good, privacy concerns for public safety and public health, rather than allow one value or principle to dominate. Once we accept the concept of balance, the question arises as to how we are to determine whether our polity is off balance and in what direction it needs to move, and to what extent, to restore balance.³

The theme of balance is one that permeates this book. The notion of balance is central to understanding the relationship between access and privacy, and it is a concept that typically is missing when these two goals are examined independently of one another.

UNPACKING THE CONCEPTS

The effective crafting of legislation to protect privacy or to ensure access to information requires developing a conceptual framework that defines and delimits the concepts. The following section introduces two key concepts that underpin legislation used worldwide: transparency and privacy. This discussion highlights some basic features of each concept and their evolution and explains why advocates argue that they are critical to a free and democratic society. These are complicated concepts and are explored in detail in chapters 2 and 3.

Access to information legislation is based on the concept of transparency. Through scrutiny of behaviour and performance, people are held accountable for their actions. Transparency also allows visibility for the curious, however, or visibility for reasons other than ensuring accountability. It thus becomes an important counterpoint to privacy. What quickly becomes apparent is that transparency is a complex concept that impinges on multiple aspects of society, in different directions and at different levels. The concept is also applicable to a variety of sectors. This is in contrast to access to information legislation, which for the most part is limited to the public sector.

David Heald provides a typology for understanding the different directions in which transparency can flow: upwards, downwards, inwards, and outwards. Transparency “upwards” refers to the flow of information from subordinates to persons in positions of authority.⁴ This form of transparency is particularly important to the workplace, where supervisors monitor the work habits of those reporting to them. It is far more controversial when it involves public authorities monitoring the behaviour of citizens. Transparency “downwards” allows those who are ruled to review and assess the results produced by their leaders. Such transparency is the basis of a democratic system, in which, through elections, the rulers rule by virtue of the consent of the ruled. It also applies in the workplace, however. For example, a department head may hold a meeting to present financial statements and explain the coming year’s strategic plan to workers. While the department head is not held accountable to the same degree as a politician, the central point is that both citizens and workers follow their leaders to the extent that they have confidence in them.

Transparency outward is the ability to see beyond the borders of one’s organization. This is desirable because it allows people to view and evaluate the behaviour of their peers or competitors. Indeed, some of the heaviest users of access to information legislation are private sector companies seeking information regarding the awarding of government contracts. Transparency inward is the ability to see the inner workings of an organization. This is important with respect to such critical human resources management functions as the hiring and retention of staff: it fosters clear and equitable processes as opposed to those characterized by favoritism and nepotism. In a social context, however, transparency inward can have negative connotations: it refers to a society “policing itself” by monitoring the behaviour of citizens. In a relatively benign formulation, citizens might participate in a “neighbourhood watch” program, wherein citizens phone the police to report suspicious or possibly criminal behaviour. In a totalitarian society, however, citizens are expected to report their family members, friends, and neighbours to state authorities for actions that are considered to be counter to the interests of the state. Clearly, all societies need security from violent crime, but the concern with transparency inward often strays into the debate about what constitutes crime. That is, highly transparent societies (as opposed to transparent governments) suggest social control that severely limits freedom of thought and self-expression. With both horizontal and vertical transparency, complete asymmetry (either completely transparent or completely private) is not a desirable state of affairs. As Etzioni argued earlier, balance is a critical foundation of a “good” society.

Generally speaking, the lower the level of transparency within organizations and societies, the more beneficial it is to increase transparency. As transparency increases, privacy decreases and vice versa. Like the law of supply and demand, at a certain point the cost to other values such as personal privacy and autonomy may be more than a particular individual, organization, or society is prepared to bear. It is important that the different directions of transparency are understood and, given the different trade-offs, that the appropriate mix is chosen. We know that sunlight is an important source of vitamin D, but too much of it can give us sunburn or, even worse, skin cancer. As Heald notes: “When sunlight becomes searchlight it becomes uncomfortable, and when it becomes torch it may be destructive.”⁵ The same can be said about privacy — a certain degree of privacy is necessary to ensure individual security and autonomy. Too much privacy, however, can act as a shield protecting those who seek to hide questionable activities from public scrutiny.

Like transparency, privacy is a multi-dimensional concept. According to Privacy International, it comprises four separate but related components: bodily, communications, territorial, and informational.⁶ Bodily privacy focuses on the protection of people’s physical selves against such invasive procedures as cavity searches, drug testing, and genetic tests. As demonstrated in chapters 4 and 5, genetic and drug testing raise informational and communication privacy concerns. Privacy of communications covers the privacy and security of email, telephone, mail, and other forms of communication. Google and Facebook faced a storm of criticism in 2010 for their privacy practices; these issues are taken up in chapters 5 and 6. Territorial privacy concerns the establishment of limits on intrusion into a variety of physical spaces, such as the domestic space, the workplace, and public space. This type of privacy protection would concern itself with searches of personal space or property, video surveillance, and ID checks. The issue of surveillance is a contentious topic and is the focus of chapter 6. Information privacy refers to the collection and handling of personal data contained in such things as government records, medical records, and credit card information. The rules governing this type of privacy are known as “data protection.” The rate at which such data is collected has been accelerating, and the quantity of data now collected is staggering. The case of medical information illustrates some of the benefits and risks associated with this form of data collection: this is the focus of chapter 4. The four dimensions of privacy will be covered in more detail in the next chapter; however, it is information privacy and data protection that are the main focuses of this book.

Countries that provide constitutional protection of privacy regard it as a fundamental human right that is necessary to safeguard the individual’s autonomy and dignity. With the exception of the right not to be tortured, however, no human right is absolute. Like other human rights, privacy must be balanced with other rights. In contrast, neither transparency nor its other manifestations, freedom of information or access to information, is a human right. The ability to access information is typically governed by laws that are passed in legislatures, as opposed to being enshrined in constitutions. As such, an understanding of FOI begins with a look at the evolution of the concept of transparency and its relationship to general principles of public administration. As with privacy rights that are not constitutionally entrenched, transparency and FOI must be considered in the context of competing societal interests.

The complex and intertwined relationship between transparency and privacy is illustrated by the fact that in many jurisdictions the measures taken to ensure both access to information and privacy protection are contained in one piece of legislation and the oversight body that ensures compliance with the legislation comprises one office, not two. It is thus remarkable that privacy and transparency (and their legislative manifestations, privacy protection and access to information) are typically considered in isolation from one another. The following discussion of the benefits and risks of increasing both transparency and privacy illustrates the difficulty with analyzing one concept without reference to the other.

TRANSPARENCY, PRIVACY, AND GOOD GOVERNANCE

FOI is recognized as a critical component of good governance. It rests upon three pillars that are well known in public administration: fixed rules, transparency, and accountability. Some or all of these are found in the earliest treatises of political thought, including those of the Chinese and the Greeks. Later, they can be found in German institutions, as well as in the writings of Adam Smith, Jean-Jacques Rousseau, Immanuel Kant, and Jeremy Bentham. They can also be seen in early reformed church thinking and the local government “town hall” meeting traditions of New England.⁷ We can find modern strains of transparency influencing architecture: witness the “open cubicle” office concept, wherein employees can be watched easily by their peers and managers.

More recently, feminists argue that transparency can be used to expose gendered structures of authority as well as the patriarchal thinking that underpins them. Catherine MacKinnon asserts that transparency is key to revealing the patriarchy of the private space of family relations. The public sphere was traditionally deemed to be the domain of men, while women and children were confined to the private sphere. So-called “women’s issues” pertained to family matters and thus were part of the private sphere. The old adage “a man’s home is his castle” reflects the male role as “head of the family.” Women were not only confined to the private sphere, they were subject to domination by their husbands, fathers, and brothers; what happened behind closed doors was not a subject for public discourse. The 1960s feminist cry that “the personal is the political” was an attempt to expose the oppression of women in their most intimate relationships by linking it to their invisibility (or secondary status) within the public sphere. It also sought to break the silence that surrounded rape and spousal and child abuse by challenging the tolerance of oppression and violence that exist in the private sphere. According to MacKinnon the “right of privacy is a right of men ‘to be let alone’ to oppress women one at a time.”⁸ While in Western nations the gendered boundaries between public and private space have blurred, in many parts of the world (including immigrant communities within Western nations) this division is still clearly demarcated.

By exposing truths, advocates claim, transparency will hold people to account for their behaviour. Transparency at times takes on the aura of a motherhood issue: when talking about good governance, who would promote secrecy over transparency and accountability? Secrecy conjures up notions of the freedom to commit wrongs with no fear of being held accountable. Secrecy is linked to censorship, which flies in the face of a great democratic value, freedom of expression. The old adage “knowledge is power” speaks to the importance of having relevant information in order to influence what happens in the political, social, and economic realms. Those who “know” have the potential to act based on an understanding of what the different options are. Knowledge is key to the exercise of power, the structuring of competition among groups for a particular policy outcome, and the organization of political communities. A modern variation of this formulation might be “those who control knowledge have power.” As such, would anyone committed to equity, freedom, and democracy argue against the dissemination of information, and by extension, the dissemination of the knowledge that underpins power?

The dissemination of information to the masses means that authoritarian governments lose their monopoly on information and with it their ability to control and stifle dissent. Armed with knowledge, citizens are in a better position to assess not only their government’s actions and policies but also those of other governments. Information access provides the poor and their advocates with leverage to effect social change. In addition to fostering a culture of openness, the free dissemination of information allows consumers to make more informed choices and citizens to participate more fully in democracy. Access legislation is also critical to the fight against corruption. For example, FOI laws are a prerequisite for developing countries that receive financial aid from the West. Laws that make it possible to trace financial transactions reveal who is receiving the aid and how much is being received. In this way, access regimes force both governments and corporations to become more accountable for their actions.

The Internet and cellphones are coming to be more important to non-governmental organizations than traditional media, such as newspapers and television, in disseminating the information that helps to redistribute power. Traditional media have often been criticized for presenting what purports to be objective news coverage through various filters, thereby introducing an element of bias. News and opinions are vetted by editors who are constrained by circulation numbers or advertising dollars. In contrast, on the Internet, news and information can be passed along without such constraints, whether on blogs or on Twitter or simply by email. While such information must still be read critically, the relatively unrestricted nature of new media helps to ensure that the information needed to hold organizations to account circulates freely.

Democratic countries worldwide are embracing requirements that promote transparency: witness the rise of information access regimes and the adoption of new standards of conduct. Ann Florini describes this trend: “The world is embracing new standards of conduct, enforced not by surveillance and coercion but by willful disclosure: regulation by revelation.”⁹ The motivation for a company to willingly disclose corporate information derives in part from its desire to be seen as “progressive” and “a good corporate citizen.” The development of industry standards of conduct makes good strategic sense, however. An industry that adheres to voluntary standards of conduct is less likely to feel the heavy hand of state regulators, or at the very least, will be able to influence the types of regulations that are introduced.

Transparency, of course, is of no use if no one is watching. As such, transparency becomes linked to surveillance. Most of us have no problem with the notion of citizens watching their government, or stockholders watching their fund managers, but what of managers watching employees — say, by monitoring their email? Or governments that watch their citizens through video cameras and surveillance data? Or school officials who monitor their students by following social networking sites like Facebook? When does transparency slip from being a public good to becoming the public “bad” associated with surveillance that infringes on personal privacy? In the digital age, free-flowing information enables the creation of massive databases. The information in such databases can be mixed and matched with that in other data banks to create a very detailed personal dossier of the citizen-consumer that can be used for various purposes. The notion of free-flowing information as a public good can very quickly morph into images of the all-knowing, all-seeing “Big Brother” observing, recording, and acting on our every step (and misstep).

The same juxtaposition is true for privacy. Privacy advocates assert that every individual requires the ability to retreat into a personal space where one has the freedom to do what one wants without being scrutinized by others. Society is ultimately composed of individuals; these individuals require some degree of autonomy. But when does the protection of individual privacy represent a public “bad” in that it harms others in society? Where is the line drawn that delineates the private from the public? Are there some activities within the private space that are so repugnant to society that privacy can be overridden?

The flip side of this rosy picture of free-flowing information becomes much gloomier when these questions are considered. Pessimists point out that the new speed with which information can be distributed will be harnessed to spread rumours, lies, and hate. Information that is true but that an individual would prefer to keep private can also be distributed to millions in the blink of an eye. Just a decade ago, gossip or an embarrassing picture or secret did not usually travel beyond one’s immediate peer group. Now these can go global in a matter of seconds. Once the information is “out there” on the Internet, it is difficult if not impossible to rein it back in. For an individual who has been “outed,” personal privacy is gone — that aspect of the individual’s personality will never again reside in the private sphere to be revealed only at the will of the individual. Prejudice and hatred that is broadly disseminated without repercussions or comment can appear to justify and legitimize the victimization of particular people or groups. Hurtful jokes and hateful opinions can be easily forwarded. Oft-debated questions are: What are the limits of freedom of expression? What is the role of public institutions in placing limits on those whose opinions limit the autonomy and security of others?¹⁰ What rights do citizens have to protect their privacy vis-à-vis the intrusive gaze of the state, corporations, and fellow citizens? As the stakes increase with the volume and ease of information flow, these questions take on more urgency.

If knowledge is power, the diffusion of knowledge will make those who obtain it more powerful. This could empower previously weak groups or individuals. It is equally plausible, however, that those who get it could already be powerful and additional knowledge will only make them more powerful. As Kristin Lord points out, “diffusion of information is not politically neutral, since when information changes hands, so too does influence.”¹¹ The so-called “digital divide” refers to the gap between those in society who have access to the Internet (broadband, in their homes) and those who have either poor access (dial-up connection at a public library) or no access at all. The latter tend to be less-educated, poorer, and/or older adults. This group is also the demographic that is the least able to take measures to protect their personal privacy. The digital divide not only raises questions regarding the balance of power between societal interests, it also raises the spectre that those who reside in the technologically rich North will continue to amass power and influence vis-à-vis the technologically poor South. One only has to compare the extent of Internet penetration in countries such as Norway (almost 95 percent as of June 2010) and Ethiopia (only 0.5 percent) to see why there is cause for concern.¹² These rates paint a conservative picture of the digital divide, as they refer to access only; they do not make a distinction between those whose Internet access is through a cumbersome dial-up connection versus those with a broadband connection whereby downloading large digital files is done with ease. Add to this the problem of literacy rates: a person who cannot read and, in particular, read English, will not benefit much from Internet access, even if it is available. The current imbalance in power between the developed and the developing countries (as well as the rich and the poor within them) has the potential to grow to disastrous proportions with the rise of new technologies.

What is potentially more disturbing is the possibility for centralized control over the Internet. In this scenario, the information may be “out there” but we may not be able to access it. Even more troubling is that we may not realize that we are being prevented from accessing particular types of information. We are already seeing disparate attempts to censor what content can be viewed by particular viewers: parents can now control what sites their children can access, public libraries block pornographic sites, and schools restrict the use of social networking sites. The further away the censorship decisions are made from users the more controversial they become. Much has been said about the role of states such as China in restricting its citizens’ access to particular websites. Control over the Internet, however, is a contentious issue for democracies as well. In response to the strain placed on servers by the increasing number of large file downloads, illegal file sharing, and piracy, Internet service providers have floated the idea of a tiered service model. They propose to maintain different levels of service for different websites. Websites of companies willing to pay for enhanced service would be given priority, resulting in decreased file transfer and download times for select sites. Service providers argue that they should be able to charge a fee to companies that provide content that uses substantial amounts of Internet bandwidth over the provider’s network. Proponents of “net neutrality” argue that letting service providers charge differential rates for web pages based on content is akin to a phone company charging different phone rates based on whom a person calls or what is said while one is using the phone. The net neutrality movement seeks to ensure that all of the World Wide Web remains equally accessible to all who have an Internet connection.¹³

Leaving aside Internet access issues, another impediment to increased transparency resulting in better governance is the sheer volume of information and the ability of humans to effectively process it. The first issue is the filters that organizations use to organize information. We expect that organizations will do this, as otherwise we would be overwhelmed by information. Clearly, how information is filtered and presented will affect our understanding of the world around us. In years gone by, information was organized, ranked in importance, and released to the public by individuals within an organization. Thus, a system whereby information is located on a website that anyone with Internet access can obtain is arguably a good thing with respect to increasing transparency. The information “middle man” appears to be cut out. Filters still exist, however, particularly with respect to how information is organized on a website. Huge volumes of information do not accomplish much if the required information is “buried” and difficult to find. The ease with which information can be found is critical for an organization that truly embraces transparency or one that wishes to provide customer service via the web. Search engines depend on effective page ranking to facilitate finding information, a function that the internal search engines of a website often lack. Each web page must contain particular tags or “clues” that the search engine picks up as it sorts through a plethora of pages. Anyone who has used the internal search engine of a poorly organized website knows that it may be much faster to find information by entering the search terms in a global search engine such as Google. Alternatively, the fastest way to obtain customer service or to find information may be to make a physical trip to the organization’s office and make the request in person.

Ironically, the volume of information provided by large organizations with respect to any particular issue has been cited as a major problem not only with transparency itself but also with privacy protection. An organization that prefers a particular course of action that it knows will not be popular with users of its services or products might strategically overwhelm its users with such a volume of information that making an informed choice is very difficult. This phenomenon is illustrated in the case of the social networking company Facebook, which has embraced transparency (i.e., the sharing of user information) with such enthusiasm that users who are concerned with privacy are left with the choice of either leaving the site or wading through a large labyrinth of privacy settings in order to exercise “choice.”

Compounding the problem of massive amounts of competing information is the problem of evaluation. Humans use shortcuts to help them organize and process information. We create frameworks by which we organize the voluminous data coming at us; these frameworks are critical in assisting us in forming opinions on particular subjects. If we come across information that does not mesh with our pre-existing views, we may resist it, even if it is from a reliable source. Although we may have organizations that are models of transparency, we cannot be sure that the information that we take in and think about when forming our opinions is unbiased. In this sense, then, the “gatekeeper” function may increasingly come to be performed by those in society who have the most funds available to promote their perspective on an issue through advertising and the spreading of information from a particular point of view.

This discussion reveals the two sides of transparency — on one side the optimists point to the great benefits of increasing information flow, while on the other the pessimists point to its ominous ill effects. Optimists argue that transparency is critical to good governance in both the public and the private sectors. Similarly, privacy is critical to personal autonomy, but too much privacy can enable deviant behaviour. So does the preceding suggest that we should throw up our hands and give up? Not at all, unless we are satisfied with a situation wherein citizen-consumers are blissful in their ignorance, leaving governments, corporations, and other large organizations to do what they want with no fear of criticism, no concern for accountability, and no need to respect the privacy of the individuals with whom they interact. It does raise a flag of caution, however, that transparency is not a panacea with regard to accountability, and accountability can be justifiably curtailed by privacy concerns. Transparency and privacy can take many forms; with respect to governance, sometimes the cure can be worse than the ailment. To draw an analogy, before one begins major renovations to replace a wall with windows, one ought to consider whether the benefit of a feature wall that shows off priceless paintings is worth the risk of having them fade from exposure to the sun. More importantly, before demolition begins one should consider if removing a wall is going to affect the structural integrity of the building.

OVERVIEW OF THE BOOK

There is a general acknowledgement that access and privacy legislation is important, if for no other reason than that it is increasingly common and very annoying to be told that an organization cannot do something requested of it because of FOIP legislation. Despite its alleged salience to organizational integrity and democracy, however, the academic literature on the subject is surprisingly sparse. There have been no systematic comparisons yet of access and privacy legislative regimes nationally or internationally. Explanations of issues in language that are easily digestible by non-experts are limited and typically take the form of reports produced by access and privacy commissioners. The work that has been done focuses on either access or privacy; rarely are the two considered in tandem. This is unfortunate, as the two are linked not only operationally but also conceptually.

Freedom of information and protection of privacy are best understood when considered together because they each represent a pole on a common continuum. Promotion of one comes at the expense of the other. There are no right or wrong positions on this continuum — other than that a democracy will want to be somewhere in the middle and that the designated position should represent the values and priorities of its citizens.

While the purposes and requirements of private and not-for-profit sector organizations are different from those in the public sector, they too must be cognizant of the necessary balance between access and privacy. Even though access to information legislation applies only to organizations in the public sector, the pressure on those in other sectors to be transparent is not insignificant, as dissatisfied consumers/clients have the option of patronizing other organizations. This choice is not afforded as easily, vis-à-vis the public sector, to disgruntled citizens, who have very limited options if they are unhappy with the balance their governments strike through FOIP legislation.

In all sectors, technological change has dramatically altered the ability to collect, retain, and distribute information. This in turn necessitates equally dramatic overhauls of information management systems. Related legislation and policies will provide the basis for “good governance” and must foster:

• individual dignity, as expressed through the ability to control certain aspects of one’s persona (privacy), and
• accountability of the governors to their stakeholders for promoting the public good, as expressed through transparency.

The balance struck between these two components, which are often in competition with one another, must reflect the values and priorities of both the organization and those it serves.

The purpose of this book is to untangle the complex relationship between protection of privacy and access to information. The following chapter provides an overview of the many dimensions of personal privacy. It begins by considering the various types of privacy interests and why society values the protection of privacy. While the emphasis of the chapter is on informational privacy in both the public and private sectors, the broader context of shifting norms of privacy is considered. The third chapter focuses on freedom of information, with a particular focus on data management in the public sector. It analyzes the concept of access within the context of communication, bureaucratic administration, global interactions between states, and democratic governance. While transparency and improved communication at first blush may appear to be values that all right-thinking people should support, there is a dark side that must be considered. The next three chapters apply the concepts presented in the first two chapters to real-life situations. The case studies of electronic health records, surveillance, and social networking explore how society attempts to balance protection of privacy with other societal benefits such as accountability, efficiency, security, and social and political engagement. The common thread that ties these case studies together is the question: Is the societal benefit gained worth the sacrifice of privacy?

It should be noted at the outset that this is not a “how-to” book for policy makers. This book is aimed at both citizens and consumers generally and, more specifically, to students in a range of professional disciplines who will grapple with access and privacy issues at some point in their careers: journalists, librarians, public servants, human resources personnel, lawyers and those who work with the criminal justice system, social workers, and information technology and health care professionals, to name just a few. Others, such as historians doing archival work and environmentalists seeking information about the ecological impacts of development proposals, may also find this text of interest. Its purpose is to outline the general principles associated with access and privacy and related issues. The principles at times compete, and the issues around implementation are often very similar worldwide. While students might anticipate benefiting from the ability to use their understanding of access and privacy concepts in the conduct of their professional lives, they may find that the greatest benefit will be gleaned from their ability to act as savvy consumers and enlightened voters.

While FOI and protection of privacy are discussed in general terms, the central theme of this book is the balance of the two as they relate to governance. It challenges citizens to think about their underlying assumptions concerning such concepts as privacy, security, accountability, and democracy. It asks them to consider competing perspectives and that the privileging of privacy over access and vice versa speaks to underlying values that may or may not be shared. Moreover, the perspective that legislative regimes reflect may have less to do with the building of a just and good society than with the power relations within society. The reflective decision maker will understand these power dynamics and will “unpack” assumptions and the ideological baggage that goes with them in order to settle on the best course of action. A decision maker who does this goes considerable distance toward avoiding unintended and possibly undesirable consequences. In order to be shrewd consumers and fully participating citizens, individuals need to understand the relationship between access and privacy in order to keep those in control of information accountable. Professionals who deal with access and privacy legislation can use this knowledge to assist them in exercising their own power prudently with respect to the information they control. Ultimately, though, the ability to analyze the balance between access to information and protection of privacy through the lens of competing societal interests will help immeasurably in the development of a good and just society.