CH_2
Privacy Protection

THE MANY DIMENSIONS OF PRIVACY

The protection of privacy is fundamentally about autonomy, power, and knowledge. As noted in the introductory chapter, the old adage “knowledge is power” speaks volumes. The protection of personal privacy speaks to the ability of individuals to control what is known about themselves. Individuals who can control what others know about them have a degree of personal autonomy. Privacy protection also helps to define the relationship between the citizen and the state and between the consumer and the corporate interest. Fundamentally, it attempts to balance what is best for the individual with what is best for the larger community the individual lives within. The intriguing question is: Who decides where the balance lies?

Privacy is one those concepts that seems at first blush to be so easy to define, yet on closer examination becomes a moving target. At its most basic, privacy refers to the line that is drawn between the public and the private; it relates to the autonomy of the individual in relation to the larger community. But where this line should be drawn is both culturally specific and epoch-sensitive. A universal norm for what comprises socially appropriate behaviour does not exist, and thus the impetus to shield particular activities from the eyes of one’s family, friends, and neighbours will differ from country to country and from era to era. For example, pre–twentieth-century English-speaking cultures were very reserved with respect to what individuals communicated to one another. It was expected that people would “keep a stiff upper lip” and that feelings and emotions would be suppressed. Fast forward to twenty-first-century English-speaking culture, wherein people go on television to confess to, or accuse one another of, all manner of outrageous transgressions. Pre–twentieth-century women in Western countries kept their legs concealed from public view under long dresses. A hundred years later there was far less societal pressure on women to conceal their body parts, and in this century many of them choose to draw a very small circle around what they consider “private.”

This could be considered a triumph for women’s personal autonomy, but individual control over the space considered private remains contestable and is still subject to cultural norms. Witness the 2010 International Football Association (FIFA)’s decision to ban the Iranian girls’ soccer team from the Youth Olympics because the girls wear hijabs (head scarves). Three years earlier, soccer referees in Alberta, Ontario, and Quebec randomly banned girls wearing hijabs from playing because provincial rules deemed that anything worn on a player’s head compromises safety, despite the fact that players wearing prescription eyeglasses were not prohibited from playing. The wearing of the hijab is an example of a culturally specific norm of privacy rooted in religion (concealing a part of the body for purposes of modesty) conflicting with rules devised by an organization that does not share that norm. Though FIFA refused to take a stand on the provincial disputes, it later deemed that wearing the hijab is an expression of religious affiliation that contravenes the rule that players’ uniforms must be politically and religiously neutral. From a privacy perspective, however, it can be argued that forcing young girls to expose their heads in order to participate in a sporting event not only favours Western norms within the association, it also represents a profound violation of privacy and personal autonomy — that is, it does not allow the individual to decide how much of her body she will expose while playing soccer.

The debate over what is an appropriate athletic uniform for women is not confined to soccer, nor is it confined to particular parts of the world. In 1999, the FIVB (Fédération Internationale de Volleyball) declared bikinis to be the official uniform of women’s beach volleyball competitions. The requirement to wear skimpy outfits resulted in the Indian team and others threatening to boycott international competitions. Musings from such soccer luminaries as FIFA president Sepp Blatter that woman soccer players should adopt a similar dress code in order to increase the popularity of the sport sparked harsh criticism from those who claim attitudes such as his demean women.¹ While Western feminists and Iranian mullahs are unlikely allies, they find themselves with similar complaints: specifically, that athletic dress codes for women detract from their athletic achievements by focusing on their sexuality. The uniforms of both the Iranian girls’ soccer team and international women’s beach volleyball teams illustrate that the decision as to where the public/private line is drawn with respect to modesty is determined not only by the individual but also by the community she lives in or, in this case, competes within. The privacy question remains the same, however: some things are put in full view of the community, other things are not. Who should decide what can or should be shielded from public view?

Notions of what appropriately rests in the private sphere and what should exist in the public sphere differ not only among cultures and generations but also among those who have different ideological outlooks. So, the free market proponent will claim that it is up to each individual to draw his or her own line and up to individuals to determine which activities they will either engage in or abstain from in order to stay on one side of the line or the other. Others argue that privacy is too fundamental to human dignity to leave to the marketplace. They seek government regulation to limit the intrusion of both governments and corporations into our personal space. Complicating the debate is the observation that the line demarcating the personal from the public space does not guarantee personal privacy. When the domestic sphere is shielded from public scrutiny, this can result in instances of domestic violence being ignored by public authorities who feel that what happens behind closed doors is not their business. As Anita Allen observes: “For some women, male hegemony and repressive confinement to the private sphere have stood as obstacles to genuine privacy and the exercise of privacy-related liberties.”² Returning to our example of the hijab, it becomes clear that privacy as it relates to personal modesty is only one very small part of the privacy debate — privacy relates to a huge range of human activity. Moreover, new technologies have begun to erode individual privacy at an ever-accelerating rate, adding new urgency to the debate over where the line should be drawn between public and personal spaces.

At one time, privacy discussions remained the purview of a very limited academic set — lawyers mostly, with the odd contribution from political scientists, sociologists, and those with expertise in information communications technologies. Because privacy protection often involves highly complex technological developments, the debate can be very abstract and technical. But with the ever-increasing pressure on personal privacy that has resulted from new technologies, academics and professionals in an extraordinarily wide range of disciplines are adding their voices. Individuals who are becoming privacy-aware are also raising concerns in their capacity as consumers, as is demonstrated in chapter 6, which discusses social networking.

This is not to suggest, however, that concern for privacy is a recent phenomenon. Privacy concerns are found in studies of ancient Greece, Jewish societies, the Bible, and English Puritans in seventeenth-century New England. Legal discussions of the nature of the right to privacy began in the late nineteenth century with Samuel Warren and Louis Brandeis’s “The Right to Privacy.” In this oft-cited 1890 article, Warren and Brandeis define privacy as “the right to be let alone” and bemoan the decline of privacy with the advent of photography and sensationalist journalism. Combined with the printing press, photography allowed the circulation of candid images of people with or without their consent. Warren and Brandeis observed that these developments led to information that was previously private to be “shouted from the rooftops.”³ One wonders what Warren and Brandeis would have to say about the advent of digital photography that allows just about anyone to take multiple pictures anytime and distribute them to everyone. Uploading these images to the World Wide Web amplifies “shouting from the rooftops” to such an extent that it can be heard around the globe. These new developments notwithstanding, the reason that the Warren and Brandeis definition has held sway for more than a century is undoubtedly because of its simplicity and the difficulty others have had in trying to create a more sophisticated definition.

Building on the Warren and Brandeis definition, it is generally accepted that privacy is necessary to maintain human dignity, as it is fundamental to personal autonomy. It is our ability to retreat to a place of solitude and anonymity that allows us to grow and develop as individuals. Various freedoms such as freedom of expression underpin democratic societies, and these too rely on privacy. As the internationally distinguished constitutional scholar Zelman Cowen argued in 1969: “A man without privacy is a man without dignity; the fear that Big Brother is watching and listening threatens the freedom of the individual no less than the prison bars.”⁴

Privacy is related to, but not the same as, confidentiality. Confidentiality refers to the legal duty of a person who is given personal information about another person by virtue of a professional relationship. The traditional approach to the disclosure and transfer of certain types of sensitive information such as that relating to health recognizes that personal information is special and must be managed accordingly because it has originated in confidence. At the core of the confidentiality interest is the recognition that it is not centrally linked to the autonomy and security of an individual, but rather is an interest only insofar as it is recognized and fostered by the law-making authority. As such, a law-making authority may abrogate this interest when the other interests are deemed to be more important than the confidentiality interest. In other words, confidentiality is considered to be a significant interest worthy of protection, but it is not a fundamental right as many claim privacy to be.

Privacy must also be distinguished from secrecy. Secrecy has negative connotations, suggesting that those who seek privacy are hiding something that they are ashamed of. Accordingly, transparency advocates seek to minimize the ability of governments to hide particular activities from public scrutiny. Secrecy provisions in legislation are usually based on the “need to preserve the secrecy of government operations in order for government to function effectively.”⁵ Maintaining a smooth-running government might mean concealing the bids of companies competing for government contracts from their competitors or might refer to concealing information that relates to national security.

The interests of the government and the citizen with respect to secrecy can be the same, but at times they might be quite different. As the Australian Law Reform Commission observes:

The secrecy interests of agencies and the privacy interests of individuals will sometimes be complementary. For example, both an agency and the subject of information held by the agency might have an interest in non-disclosure of that information to third parties. Those interests, however, may sometimes conflict. For example, a person may want access to his or her personal information to check that it has been recorded correctly and is not being disclosed without his or her consent; but to grant that access could intrude upon the secrecy interests of the agency.⁶

That said, there is concern that the decision to conceal might have less to do with important things such as national security and more to do with protecting wrongdoing in government. The same can be said about the motivation for secrecy within the private sector. This issue will be dealt with in more depth in the chapter that discusses transparency.

In this study, privacy will be defined as the right of individuals to be let alone to pursue their self-interest without observation or interference from others. Informational privacy is defined as the ability of individuals to have some measure of control over their own information in order to pursue their self-interest without observation or interference from those who are in possession of their personal data, unless there is an established and justifiable reason for such observation or interference. This very rudimentary attempt to provide a definition that has eluded so many others is not particularly sophisticated, but it does provide a conceptual framework within which issues associated with new and emerging technologies can be analyzed. It also provides a basis for understanding the relationship between transparency and privacy, and the legislative manifestations of these concepts: access to information and protection of privacy.

THE MARCH TOWARD REGULATION

While privacy has been recognized implicitly as an important component of free and democratic societies, it was recognized explicitly in major instruments of international law after World War II. United Nations declarations such as the Universal Declaration of Human Rights (1948) and the International Covenant on Civil and Political Rights (1966) regard privacy as a fundamental human right that is necessary to safeguard the individual’s autonomy and dignity.⁷ Nationally, privacy is recognized as a right in constitutions: most countries provide protections for communications and the inviolability of the home.⁸ In those countries where privacy is not protected explicitly in constitutions, courts have found other provisions for protecting privacy.

In Canada, privacy is implicitly recognized in the Canadian Charter of Rights and Freedoms and by virtue of such court decisions such as R. v. Dyment. This 1988 case involved taking and testing a blood sample from a patient without his consent or knowledge and using the results to convict him of impaired driving. As Justice Gérard La Forest, of the Supreme Court of Canada, commented:

Society has come to realize that privacy is at the heart of liberty in a modern state. . . . Grounded in man’s physical and moral autonomy, privacy is essential for the well-being of the individual. For this reason alone it is worthy of constitutional protection, but it also has profound significance for the public order. The restraints imposed on government to pry into the lives of the citizen go to the essence of a democratic state.⁹

Justice LaForest goes on to quote from the 1972 report of Canada’s Task Force on Privacy and Computers: “This notion of privacy derives from the assumption that all information about a person is in a fundamental way his own, for him to communicate or retain for himself as he sees fit.”¹⁰ This follows the writing of Alan Westin, who wrote the seminal book Privacy and Freedom in 1967. Westin defined privacy as the desire of individuals to choose freely how much of themselves to expose to others. It is thus important for individuals to control both what information is known about themselves and what is released.¹¹

Most privacy protection comes by virtue of laws passed in legislatures that seek to give individuals control over their person. In the last few decades, countries around the world have developed information privacy legislation that seeks to protect the privacy of information held by governments. The roots of this legislation can be traced back to the introduction of voluntary guidelines developed by the Organisation for Economic Co-operation and Development (OECD) in 1980 in Guidelines Governing the Protection of Privacy and Transborder Flows of Personal Data. These guidelines anticipated the privacy challenges associated with new technologies that allowed the combining of data from a variety of sources to create comprehensive databases; they were designed to discourage member countries from introducing laws that conflicted with one another.¹² The guidelines recognize that “although national laws and policies may differ, Member countries have a common interest in protecting privacy and individual liberties, and in reconciling fundamental but competing values such as privacy and the free flow of information.”¹³ These voluntary guidelines were followed in 1995 by the European Union’s Directive on the Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of Such Data. This directive states:

1. In accordance with this Directive, Member States shall protect the fundamental rights and freedoms of natural persons, and in particular their right to privacy with respect to the processing of personal data.
2. Member States shall neither restrict nor prohibit the free flow of personal data between Member States for reasons connected with the protection afforded under paragraph 1.¹⁴

Member states were compelled to transpose this directive into law by 1998, which they did. Importantly, the directive stipulates that personal data from the European Union (EU) cannot be sent to any country that does not have privacy protection equivalent to that of EU members.

The 1995 directive has serious implications for trade between countries and created the impetus for the development of privacy laws within the European Union and elsewhere. The United States resisted the pressure to enact comprehensive privacy laws by entering into a “safe-harbour” agreement with EU in November 2000; this agreement comprises a set of principles developed by the US Department of Commerce and the EU. Companies that choose to comply are certified as such and are protected from having their data flow severed. Though the activities of transnational organizations are important for developing international norms and regulations, the decisions of trading blocs such as the EU may ultimately act as the domino that pushes countries elsewhere into following suit in order to maintain economic ties.

Other countries around the world began to follow in the EU’s footsteps. In Asia, the Privacy Framework of APEC (Asian-Pacific Economic Cooperation, an organization devoted to fostering sustainable economic growth in the region) recognizes both privacy and the importance of freely flowing information and asserts its commitment to assisting in the development of uniform practices globally. It also supports the advancement of international mechanisms to enforce privacy while maintaining information flow, which includes enabling enforcement agencies to fulfill their mandate to protect information.¹⁵ While this framework has been called “OECD Lite,” Johanna Tan rightly notes that it “represents a consensus among countries that come forth from different legal systems, values, culture, and which are at different stages in enacting their privacy protection.”¹⁶ As such it constitutes a significant first step in its recognition of basic data protection principles.

In Canada, the Canadian Standards Association followed the EU lead by developing the Canadian Model Code, which outlines ten fair information principles: (1) accountability; (2) identifying purposes; (3) consent; (4) collection limitations; (5) use, disclosure, and retention limitations; (6) accuracy; (7) safeguards; (8) openness; (9) individual access; and (10) challenging compliance.¹⁷ These principles simply state that organizations that collect information should be clear about why they are collecting the information, who will see it, and how long it will be held. Those whose information was collected must be able to see what is being held and how it is being held and be able to complain to someone within the organization if the information is inaccurate or is not being adequately protected. The principles formed the basis of subsequent legislation passed in Canada and elsewhere in the public, private, and non-profit sectors. The legislative regimes passed by Canada and Argentina were deemed to be “adequate” by the EU.

Eight years later the OECD passed another set of guidelines. OECD Guidelines for the Security of Information Systems and Networks: Towards a Culture of Security sets standards for the design and use of information communication technologies. These standards have been adopted for use by such international bodies as the United Nations, the Council of the European Union, Asia-Pacific Economic Cooperation, and Asia-Europe Meeting.

The guidelines and directives issued by national, regional, and international bodies address the concerns relating to the security of data collected from individuals and stored by both governments and businesses. These same bodies recognize that while privacy concerns are important, robust economic activity is dependent on the free flow of information. While the particulars of all these documents might differ, the basic thrust is similar — to protect data collected from individuals without inhibiting the flow of information. These initiatives are resulting in global convergence of legislation.

Recently, privacy legislation in many jurisdictions was extended to cover the private sector, and most recently, to not-for-profit groups that engage in commercial activities. For example, in 2010 Alberta’s access and privacy commissioner’s office recommended that a not-for-profit recreation facility comply with a request for information regarding an incident that resulted in a sports team being fined for the alleged misdeeds of one of its participants in the facility’s bar. The privacy commissioner found that because the bar in the facility sold beverages to patrons, the facility was considered to be a commercial enterprise, and as such, was covered by the Privacy Act.¹⁸ This is an example of “coverage creep” that will no doubt result in privacy protection in virtually all organizations.

Similarly, coverage creep has now moved legislation beyond simply enabling privacy commissioners to respond to complaints; in some jurisdictions organizations themselves may be compelled to report privacy breaches.¹⁹ There are many ways that information could be exposed, such as by sending information via fax to the wrong number or through the theft or loss of a computer or hand-held device. Although privacy protection is expanding, there is considerable variation with respect to how broad the legislative mandate is in any particular jurisdiction and what powers privacy commissioners have. For example, some privacy commissioners have the ability to compel compliance with legislation, while others can only make recommendations and must rely on moral suasion. These differences notwithstanding, the trend is toward more robust legislation.

The concern for privacy and the development of privacy protection practices and legislation is a result of four interrelated factors: the first three are the result of technologies that make new forms of privacy invasion possible, while the fourth factor relates to the EU’s directive. The first factor that has raised concern is that computers have improved the ability to store, retrieve, and transfer information. These improvements can lead to more efficient and effective services. The computer’s capacity to improve the management of large volumes of information, however, also raises an important privacy question. Will unnecessary and irrelevant information be collected because of the computer’s storage capacity? Ruth Gavison argues that the modern concern for the protection of privacy can be attributed to “a change in the nature and magnitude of threats to privacy, due at least in part to technological change.”²⁰ In this regard, the Supreme Court of Canada notes:

In fact, in our modern informational society, where intimate details of one’s life may be available through computerized information accessible to many more persons than those initially entrusted with the knowledge, the security that information will be kept in privacy may be even more significant than one could have historically imagined.²¹

Privacy legislation can provide a foundation of rules and regulations to address these and other issues.

A second factor is the growing concern about government “data banks” or “data warehouses.” Governments collect a dizzying array of information about individuals because of the nature and extent of the services they deliver, such as health care, social services, education, and licensing. An important privacy question is: Should comparisons of different databases through “data matching” be permitted in order to build electronic profiles of individuals? Should “data mining” be permitted to determine trends and patterns of behaviour? This ability to link different categories of information about an individual across departments or levels of government raises particular concern. These activities are also prevalent in the private sector. Data mining and data matching will be explored in more depth in the next section, but suffice to say at this point that privacy legislation governing the public sector is seen as an important way of keeping government open and accountable by allowing citizens some measure of control over what personal information their governments hold and for what purposes it is used.

A third factor that has led to the proliferation and convergence of privacy legislation is that elements of e-commerce are raising privacy concerns in relation to the Internet. Internet companies are creating devices to identify, track, and develop profiles of consumers. Consumers are concerned about the loss of anonymity, as well as the potential sale of their personal information to third parties for a variety of purposes. Internet companies include social networking sites. In 2007, the hugely popular Facebook began tracking its users’ activities on third party websites and announcing these activities to the individual users’ friends, as well as delivering ads relevant to those activities that featured the users’ information.

Pause for a moment and think about that as a consumer: you make a purchase from a website that sells sex toys; this visit is announced to your friends on Facebook (which includes your mother, your work colleague, and your favourite teacher from grade three) and encourages them to consider buying a toy for themselves, as you, their friend, have determined this product is worthy of purchase. Although Facebook later changed this policy, its CEO announced in 2009 that privacy is a social norm from the past. Subsequent changes to Facebook’s privacy practices made privacy controls far more complicated for the average user, just by virtue of giving the user more options for information dissemination control.²² By 2010 Facebook had announced that it would be sharing its users’ information with “pre-approved partner websites.” Facebook’s continued changes to its privacy practices have led its critics to charge that although users ostensibly have more power to control how much information is shared about them, few have the technical acumen to properly manage their privacy settings. The complicated case of Facebook will be discussed in depth in chapter 6.

A fourth factor contributing to proliferating and converging privacy laws is legislative as opposed to technological: the 1995 directive of the European Union discussed earlier in this chapter.²³ This directive raised the possibility of trade sanctions against countries with inadequate laws for privacy protection. To be a member of the EU, countries have to be signatories to the European Convention on Human Rights. This convention provides a right to respect for a person’s “private and family life, his home and his correspondence” and has been broadly interpreted by the European Court of Human Rights. Because of its experience with Fascist and Nazi governments during the World War II era, Europe was exposed to atrocities inconceivable to most North Americans as a result of the unchecked use of personal data that exposed race, ethnicity, and sexual and political orientations. These experiences sensitized Europeans to privacy considerations, resulting in the development of strict guidelines for data processing; the 1995 Directive compels EU member states to terminate data flows to those countries that it deems are not sufficiently protecting data.

Privacy, then, is primarily protected through legislation worldwide that developed to some extent through “peer pressure” over the last few decades. Both the numbers of countries with legislation and the numbers of the sectors covered in legislation is increasing, as is the pressure to conform as a prerequisite for entering into trade agreements. At the same time global forces such as the threat of terrorism, the concern for security, and the proliferation of invasive new technologies are simultaneously eroding privacy regimes in many countries, such as Canada, Great Britain, the United States, and France. Predictably, a veritable industry has sprung up to promote the protection of privacy, including lobbyists and non-governmental organizations dedicated to the issue. The most visible of the latter is Privacy International, based in London and Washington. While free-flowing data is very good for trade, it can cause very real problems when used for purposes other than for what it was collected. These problems are the subject of the following section.

DATA FLOW, THE THIRST FOR INFORMATION, AND THE PROBLEMS OF PRIVACY PROTECTION

If the magnitude of data collected by retailers, government officials, and others is astonishing, the ability of new information technologies to facilitate the transmission of this information around the globe is even more so. This data flow is critical for commerce, but it is also important for other purposes, such as crime prevention. The different purposes of data flow create vexing problems for privacy protection, particularly for certain groups of people. Many corporations are multinational and thus personal information may cross borders as part of their routine business practices. This is often the case for national companies as well. For example, a local company might provide Internet connectivity, but the person providing technical assistance might be located on another continent. This person not only has access to the customer’s account information but, through remote access to the customer’s desktop, can often fix the problem virtually. As technology enables the easy dissemination of information and the distribution of both employees and those providing goods and services to the company on contract, the physical location of the company becomes increasingly irrelevant.

Once information crosses a border, however, it becomes subject to the laws in that jurisdiction. This practice first attracted notice in Canada when the province of British Columbia announced that it planned to outsource the management of BC medical information to an American company. Since the passing of the USA Patriot Act in 2001, in response to the 9/11 terrorist attacks, American companies are required to surrender information to the FBI upon request and are prohibited by the same act from revealing that the security of the data has been compromised. (The title of the act is in fact an acronym; the full name is the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act.) Once the information has passed into the hands of the American government, there is no assurance that the information will be used only for the purposes for which it was collected, as the act allows for the possibility of other uses.

The problem with such an outsourcing situation quickly becomes clear. For example, an HIV-positive person living in Vancouver has no assurance that his medical information will not be given to the FBI or to US customs officials. As being HIV-positive was at one point reason to be denied entry into the United States, an HIV-positive Vancouverite could have been prevented from engaging in a popular weekend activity: cross-border shopping. If individuals cannot be assured that their personal information will be treated with the same respect for privacy as it is in their own country, it seems reasonable to ask whether such transfers should be permitted. The questions raised by privacy commissioners and others about data crossing borders resulted in the revamping of Canadian regulations for the contracting out of information management.²⁴ If it appears that the data are being used or disclosed inappropriately, there are problems with complaints and enforcement. Privacy commissioners are limited in their jurisdiction, and the scope of their investigations and enforcement mechanisms do not extend to other countries. The USA Patriot Act has created a plethora of other problems that will be discussed later in this chapter and this book.

A related issue for privacy protection is that of data matching. The combination of a variety of databases that contain personal information can be used to draw very detailed electronic profiles of consumers and citizens. Private sector records include such things as details of products purchased (what, when, how many), financial records, phone records, video rentals, books purchased from bookstores or borrowed from libraries, and detailed travel information. State records include an even longer list of information: taxes paid, charitable donations, property owned, vehicle registration, customs information relating to travel in and out of the country, immigration status, trial results and sentences, and forensic information gathered through law enforcement such as fingerprints and DNA records. Closely related to this is data mining, which involves using a set of automated techniques to extract information that is buried in large databases to determine patterns of behaviour. The resulting information that is drawn from “matching” and “mining” data can be used to produce a profile of the citizen consumer. These profiles can be used for relatively benign purposes, such as a government department trying to detect social service fraud or a store determining to which addresses a sales flyer advertising lawn furniture should be sent, or the more privacy-infringing activities of racial profiling or creating profiles of the “types” of people most deserving of credit or most likely to commit crimes.²⁵

In the United States, terrorist prevention agencies make extensive use of data matching and data mining to determine who might be a terrorist and where vulnerabilities to national security might exist. While other governments, including the Canadian government, are not as enamoured of these techniques as tools in their counterterrorism arsenals, some do share information (such as passenger lists on airplanes) with the United States, which the US can in turn compare to data already in its possession. Profiling and data sharing are becoming increasingly popular methods of determining who is allowed to board a plane or cross a border. At best, these activities can be described as discriminatory because they place limits on personal freedom on the basis of someone’s ethnicity or circle of acquaintances. At worst, inaccurate information can result in horrific consequences for innocent citizens. The infamous example of a thirty-four-year-old Canadian telecommunications engineer who was detained in the US while in transit home from an overseas vacation offers a frightening illustration of data sharing and profiling gone wrong.²⁶ Syrian-born Maher Arar was accused of having links to al Qaeda, and was eventually deported to Syria, where he was tortured and made to confess to attending an al Qaeda training camp in Afghanistan. He was detained for almost a year without being formally charged with a crime. The RCMP provided information to the United States that led to his detention and deportation; the RCMP had created an extensive profile of Arar through searching public documents that they then shared with their American counterparts. This background check included a rental agreement signed by someone suspected of al Qaeda links. After an investigation by a Commission of Inquiry, the Canadian government exonerated Arar, admitted to making multiple errors in this case, and paid $10.5 million to him in restitution. The American government, however, refuses to remove Arar and his family from its “watch list” that prohibits certain individuals from travelling though American air space.

Given the pressures of the global marketplace and the efforts of governments to work together to prevent terrorism and international crime, attempts to block transmission of personal information to other countries will be next to impossible. For this reason, privacy commissioners have focused their efforts on establishing legislation that outlines circumstances when transmission outside of the jurisdiction is permissible (e.g., agreements in place that provide for a comparable standard of privacy protection and audits to determine whether there are unauthorized uses and disclosures). In this way, privacy commissioners are able to investigate the activities of the body that discloses the information if concerns are raised about uses and disclosures in another country. That said, regulation of data that move from one jurisdiction to another can be very difficult, particularly given the competing demands for its use. The next chapter illustrates the complexity of the issue with respect to medical information.

Thus far this chapter has focused on information privacy — the flow of personal data that is collected, transmitted, and stored by organizations. This form of privacy is clearly emerging as one of the most vital. But it is not just technology or the propensity of organizations to collect data that threaten our privacy, it is also our willingness to exchange privacy for something else. Teenagers give up a measure of personal autonomy for the electronic leashes that their parents present to them in the form of cellphones. Being instantly available to their parents is considered a small price to pay for the ability to be instantly available to their peer group. The teenagers’ parents relinquish control over their information every time they sign up for a loyalty card at their neighbourhood gas station or grocery store. Allowing a corporation to track their purchases and their movements for marketing purposes is considered to be a fair exchange for the reward points they collect every time they make a purchase. These points can be redeemed for yet more goods and services. In the marketplace, privacy appears to be a negotiable commodity, readily sacrificed to satisfy material desires.

What would seem utterly baffling to someone who lived a hundred years ago surely would be the readiness of people to reveal the most intimate details of themselves to a virtually limitless audience. This includes posting pictures of themselves in compromising situations (such as having had too much to drink) on Facebook, or posting YouTube videos of themselves engaging in activities that most people would consider very personal — squeezing a pimple, kissing, or defecating. Others go on syndicated television shows to confess to or denounce others for committing all manner of egregious behaviours. Or they might participate in a reality TV show. The premise of this TV genre is to track the behaviour of “ordinary people” in a variety of situations that will likely provoke intense emotional reaction (and therefore drama and sensationalism). As Andy Warhol predicted in 1968, “In the future, everyone will be world-famous for fifteen minutes.” It would seem that those who willingly participate in these privacy-invasive activities are willing to do so to achieve Warhol’s fifteen minutes of fame.

While those who participate in the aforementioned activities may not have thought through all the consequences of their actions, they are at least to some degree exercising free will when they engage in them. Many privacy advocates point out that the choice of privacy is the luxury of those who can afford it. The rich can purchase homes with high fences around them, while the poor are confined to multiple housing units with private living areas but shared common spaces. The rich can enjoy recreation in private clubs, while the poor play street hockey or kick the soccer ball around the field of the local school. The rich drive privately owned vehicles; the poor take public transit. Free will to protect privacy can be exercised to the degree that a person is both able and prepared to exchange it for some other good.

What is worrisome about the preceding examples is that some people are forced to give up their privacy in order to gain access to something they need as opposed to something they want. The most obvious example of this is the ability of the poor to access social services. In order to avoid fraud, the state requires recipients of various forms of aid to provide an enormous amount of information which is then compared to other databases of similar information that can be accessed by a variety of service providers. In effect, the state keeps these people under surveillance in order to ensure that they are not earning income beyond a certain level or to determine whether they are living with a person of the opposite sex. Most middle-class taxpayers would object to the state stipulating what their living arrangements should be, or how many jobs they can hold, but welfare recipients are forced to comply with these intrusions into their personal affairs in order to receive state benefits.

In Canada, modern welfare practices evolved from those that governed the interaction between the federal government and indigenous people. As historian Keith D. Smith observes: “The importance of surveillance was well understood by those concerned with ‘civilizing Indians’ in the late nineteenth century.”²⁷ The Department of Indian Affairs kept meticulous records on all aspects of the lives of its wards, including such things as what style of clothing particular Indians wore. These records were not compiled for the purpose of understanding the Indian way of life, but reflected and promoted the Euro-Canadian understanding of what comprised normality. “The underlying impetus of all this observation and intelligence gathering was to provide a portrait of the progress of colonial rule. It identified individuals and groups who were adhering to state policies, and singled out those who were not for further remedial discipline.”²⁸ Feminist writers hasten to point out that it is not a coincidence that in the twenty-first century, those who are subjected to the most privacy-invasive practices are single women with children; much has been written about the state’s imposition of restrictions on their behaviour in order to maintain morality. Once again, this is particularly true for minority women now and in the past. Smith notes that “in all spheres, the actions of women were placed under particularly close scrutiny in regard to restrictions on their movement. . . . The mission to impose patriarchal relations and the private/public dichotomy operative in non-Indigenous Canadian society was unmistakable.”²⁹ Canada is not unique in this regard; privacy-invasive practices aimed at the poor, the marginalized, ethnic minorities, homosexuals, and women have a long history in countries around the world.

It is not just the poor who can be coerced with respect to relinquishing privacy, however. Employers and prospective employers subject workers to all manner of privacy incursions, from benign forms of interaction to outright surveillance. Privacy invasions start right at the point of hire. For example, the City of Edmonton in Alberta, Canada, requires applicants for city jobs (which are unionized with relatively high pay and benefits) to complete an online application process. Until recently, applicants were obliged to sign a form acknowledging that they have read the following: “Please be aware that the data you provide on this application form will be transferred to our electronic recruitment system, Taleo, hosted in the USA, and may be subject to U.S. laws.”³⁰ The reference to “U.S. laws” meant that the information that a job candidate in Edmonton provides would be subject to the USA Patriot Act. As was noted earlier, it allows the US government access to any information that a US company might have, and to use this information for purposes other than for what it was collected. This might not sound like such a big problem — unless of course you happen to be an observant Muslim with the last name of bin Laden. Your dilemma becomes whether to provide the City of Edmonton with the voluminous information that is required in the application process, knowing that it might find its way into the hands of a foreign government who will use it for counterterrorism purposes, or for some other purpose. No problem — you have nothing to hide, right? But again, what happens if you coincidentally happen to share the same name and birthdate as someone else who is wanted on drug smuggling charges? What might happen the next time you fly to the Caribbean for a winter vacation and your flight stops to refuel in Florida?

Another invasive hiring practice comes in the form of employee assessments. One firm that specializes in these assessments claims: “Employee Assessments allow your company to understand and predict human performance and potential, ensuring you select the right person for the right job. They improve the quality and efficiency of your recruiting, qualifying, interviewing and selection processes, allowing you to make better hiring and promotion decisions and ensuring your employees will be a perfect fit in your company culture.”³¹ This is done through tests that ask questions in seven areas, including “personality, motivation, and culture fit.” Obviously, questions that go beyond trying to determine job skills and experience will be far more detailed and invasive than simply asking for the last place a prospective employee worked. Whereas questions designed to assess such qualities as “judgment” were previously posed in a face-to-face interview, assessment now takes the form of multiple choice tests completed on a computer and sent to a third party for analysis. This third party may be a company located in another country. The dilemma job seekers face is that if they refuse to give up particular information, they are limiting their employment opportunities.

Once an applicant is actually hired, there are many forms of privacy invasions that he or she might be subjected to. Many companies require their employees to submit to random drug testing. A positive test could result in dismissal or suspension. While some drugs (such as alcohol, heroin, or crack cocaine) pass through a person’s blood system within hours, traces of marijuana can remain in tissues for many months. Similarly, particular combinations of over-the-counter drugs can give false positives. Evidence of this is demonstrated at every Olympic Games when athletes are stripped of medals and an uproar ensues as to the validity of the test that showed them testing positive for a banned substance. In the case of an employee who fails a drug test, the implications are equally severe in that this form of dismissal can seriously compromise future employment prospects. The inclination, therefore, is for an employee who tests positive for drugs to keep the details of the incident as quiet as possible. Employees are also subjected to many different forms of surveillance while at work. New technologies are permitting companies to keep watch over employees when they are at home as well. These developments will be discussed in more depth in chapter 5, but suffice to say that surveillance includes the use of videotaping, the use of biometric identifiers (voice recognition, retinal scans, fingerprints) for security purposes, and the use of radio-frequency identification tracking devices. While all of these technologies have serious privacy implications for individuals, employees are theoretically not “forced” to acquiesce to them. But is there really any free choice if employees must by economic necessity continue to work for a particular company?

There are far more subtle ways in which an employee’s privacy can be compromised but which nonetheless represent an incursion into an individual’s personal space. A management tool that is growing in popularity is the “retreat,” which is designed to break down barriers that prevent employees from engaging in collaborative creative thinking. The word retreat suggests safety — the removal of oneself to a place of safety and security where one can reflect on matters of importance. Retreats have in the past been used primarily for spiritual purposes and were solitary experiences wherein participants prayed, meditated, or reflected, sometimes in darkness. More recently, retreats have been used for so-called “team building.” In these exercises, participants go to an off-site location to focus on issues that they do not normally focus on in their day-to-day work lives. Goals of organizational retreats typically relate to such things as strategic planning or improving communication; the achievement of retreat objectives requires the active participation of attendees. While some participants embrace the opportunity to share their thoughts and reflections with others, other participants may resent what they perceive to be an intrusion into their personal space. This can also be said about the “workshop,” a similar exercise that requires participant interaction and exchanging information.

Students in educational institutions are being primed for these increasingly common workplace activities. More and more of their courses require them to post online blogs wherein they are required to publicly reflect on course themes and critically assess the blogs of other students. The difficulty with “reflection” with respect to privacy is that when we give serious thought or consideration to a particular issue in the social sciences or humanities, we do so from a perspective that is closely tied to who we are (for example, our gender, our social class, our ethnicity, our upbringing). Explaining our perspective might require that we share aspects of our personal lives that we are not comfortable with sharing in a professional context. This is particularly true if we think that our perspective could differ from that of the majority of the group and if we are not sure that the group will look kindly on a dissenting viewpoint. This discomfort must be measured against the possibility that our reluctance to participate will lead others to brand us as lacking collegiality or difficult to work with. As one former privacy commissioner observes: “There is considerable pressure on us in all aspects of our lives to be more open with everyone about our feelings and states of mind. In some quarters, to maintain a sense of privacy about aspects of one’s existence is viewed as anti-social.”³² Even more troubling, of course, is that many instructors neglect to review the privacy statements of the blogging or social networking sites that they use; some sites require users to consent to the site using personal information in ways that some might find objectionable. Privacy-aware students will encounter additional problems when they enter the workforce; more and more companies are using electronic application processes for positions. Very few students understand the implications of their checking the “I agree” box on consent forms. Those who are aware may be graduating with a huge student debt and thus not in a position to choose not to consent (and by default, not apply for the job).

While the transmission of information facilitates trade and commerce, it can have grave consequences for the ability of individuals to control what others know about them. The appetite for our personal information appears to be insatiable, and various incentives are provided that make it seem reasonable enough to share it. The public lack of concern with the risks is undoubtedly also a consequence of the unequal impact of privacy invasion on particular people. Minorities, the poor, and those who are in need of support from the state are acutely aware of these issues in a way that the middle-class majority is not. As is often the case, those whose rights are the most threatened are the least equipped to defend themselves.

PRIVACY PROTECTION, PERSONAL AUTONOMY, AND CONTROL

The preceding discussion illustrates that threats to privacy come from many directions. These threats may be externally generated or may arise as a result of benign neglect through either ignorance or indifference. What is clear is that privacy is a complex concept with many dimensions. Notions of what properly comprises an individual’s “personal” space are both culturally derived and evolving along with social norms. Though it might be difficult to define precisely how, it is clear that rapid technological change has dramatically multiplied and amplified the threats to privacy. Unfortunately, privacy is one of those things that most people do not think about too much until it is lost. As the Standing Committee on Human Rights and the Status of Persons with Disabilities observed:

Classically understood as “the right to be let alone,” privacy in today’s high-tech world has taken on a multitude of dimensions. According to certain privacy experts, it is the right to enjoy private space, to conduct private communications, to be free from surveillance and to respect the sanctity of one’s body. To the ordinary Canadian, it is about control — the right to control one’s personal information and the right to choose to remain anonymous. Privacy is a core human value that goes to the very heart of preserving human dignity and autonomy. It is a precious resource because once lost, whether intentionally or inadvertently, it can never be recaptured.³³ (Emphasis in the original.)

But as with any resource in society, there are other interests that compete with privacy. Chief among these are national security, managerial efficiency, and social and political engagement. But it is the concept of transparency that trumps all competitors — this value is fundamental to good governance. As such, transparency’s close companion, access to information, must be balanced with privacy, just as the interests of the individual are frequently weighed against those of the larger community in other political debates. Access to information and its importance to the development of a good and just society are the focus of the next chapter.