Schneier on Security

A blog covering security and security technology.

« Failures of Airport Screening | Main | Processing Exit Visas »

April 19, 2005

A Taxonomy of Privacy

Interesting law review paper by Daniel Solove. Here's the abstract:

Privacy is a concept in disarray. Nobody can articulate what it means. As one commentator has observed, privacy suffers from "an embarrassment of meanings." Privacy is far too vague a concept to guide adjudication and lawmaking, as abstract incantations of the importance of "privacy" do not fare well when pitted against more concretely-stated countervailing interests.
In 1960, the famous torts scholar William Prosser attempted to make sense of the landscape of privacy law by identifying four different interests. But Prosser focused only on tort law, and the law of information privacy is significantly more vast and complex, extending to Fourth Amendment law, the constitutional right to information privacy, evidentiary privileges, dozens of federal privacy statutes, and hundreds of state statutes. Moreover, Prosser wrote over 40 years ago, and new technologies have given rise to a panoply of new privacy harms.

A new taxonomy to understand privacy violations is thus sorely needed. This article develops a taxonomy to identify privacy problems in a comprehensive and concrete manner. It endeavors to guide the law toward a more coherent understanding of privacy and to serve as a framework for the future development of the field of privacy law.

The paper is a follow-on to his previous paper, "Conceptualizing Privacy."

Posted on April 19, 2005 at 1:32 PM • 3 Comments • View Blog Reactions

To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.

Comments

Q. What is Privacy?
A. Sorry that is private.

Israel Torres

Posted by: Israel Torres at April 19, 2005 3:58 PM

Daniel's blog:

http://danielsolove.blogspot.com/

Posted by: YC at April 20, 2005 1:59 AM

As the operator of the blog "The Privacy Law Site," -- http://privacy-law.blogspot.com -- and as someone who works in this field, I have some thoughts on this issue.

Privacy means different things to different people, but perhaps the simplest definition is the right to control information about oneself. This is useful is we include "information" to include images and audio gathered through surveillance. In the end, it is the information, and not particular images, that affect. Just as important in this day and age is to know and affect just how that information is received and interpreted by others, particularly those with power.

In 2005, individuals need a way to know and be a part of how governments and private businesses such as credit agencies and insurers and gathering information about them, and making business decisions based on that information. Is the information accurate? Are the judgments fair? Do they reflect societal norms? If not, what then?

In some ways, people have more privacy now that 100 years ago, when they likely would have lived in a small town. But in the 21st century people have multiple "identities," housed in large computer databases and created by algorithms and actuarial tables. It is the creation and use of such information at the impersonal level that should drive the law of privacy in the future.

Posted by: Privacy Lawyer at May 2, 2005 10:12 AM