What is the Meaning of Data Privacy?
Privacy and Expectations
In 2020, many legislative changes are happening to privacy laws on a global scale. Some older individuals might remember what ‘privacy’ really means. Younger generations have not known privacy. In just a few short generations, privacy has become an invaluable commodity. As a commodity, this means that your privacy is also for sale. Corporations, government, law enforcement, even private citizens can sell your personal information.
What does it mean to have a reasonable expectation of privacy? Benjamin Franklin once said, “Those who can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.” ‘Reasonable expectation of privacy’ is a significant element to the creation of privacy laws.
Legal slang for the meaning of privacy is sometimes referred to as the “right to be left alone.” People do have reasonable expectations of privacy. Anyone who unreasonably and seriously compromises another’s interest in keeping their actions or personal data from being known can violate the law. These individuals can also be held liable for the intrusion.
Take a moment to realize that although there are privacy legislation, laws, and expectations, nothing is absolute. A person’s expectations of privacy must be considered “reasonable.” Does that mean that privacy law is flexible? There are some rules and regulations that, if not followed, can lead to lawsuits, penalties, and even criminal prosecution. The flexibility of the legal concept of privacy is that there are some instances when people should realize they are exposed in today’s society. If in a public street, most people know that businesses everywhere have video surveillance equipment to protect their businesses. A person at a bank has long ago realized that the bank would have multiple surveillance cameras and generally a sign on the door asking that sunglasses be taken off. This example is to demonstrate that expectations of privacy can exist but within reason.
In public, with so many cameras, surveillance, or even cell phones, privacy no longer exists. If you are in a situation or place that you would feel offended if intruded upon, there may be reasonable expectations. There are common areas in which legally the demand for privacy exists. Some of these common areas include your home, public restrooms, dressing rooms, and hotel rooms. Areas in which your physical privacy is necessary to maintain common dignity. It is not to say that there can be no expectations of privacy in public; the law can still protect you from having your image or personal information being shared that is slanderous or would be considered humiliating.
Americans can go back to the founding fathers and the Constitution to understand their privacy rights. The Fourth Amendment to the US Constitution touches on the issue of privacy. “The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.” It is easy to find the logic in that this amendment also covers digital properties, as today, ‘papers’ are now more likely to be digital documents. Cellphones are effects or belongings. It implies that privacy is a right, and individuals should be able to avoid unwanted and intrusive interference in their affairs.
The Future of Privacy
People are becoming far more aware of the value of their privacy. The future of privacy is undergoing rapid changes as individuals and groups stand up to unwarranted data collection. The value of privacy is being added to the products we buy, much like labels of ‘organic’ or ‘non-GMO.’ Its as if society, with the rapid onslaught and growth of technologies, lost privacy to corporations over time, and it is now being sold back to them as a value-added product feature.
Bart Willemsen, Vice-President Analyst for Gartner, predicts that privacy as a feature will become a trend over the next year. “Privacy-first products are likely to follow this trend. To increase customer trust, executive leaders need to build a holistic and adaptive privacy program across the organization and be proactive instead of responding to each jurisdictional challenge.”
Amendments to privacy laws and new legislation are coming into effect worldwide, as consumers make demands that their privacy is protected. Lawmakers’ actions are in direct response to the insistence of large groups that have come together to assert that their privacy is no longer for sale. In response, more than 60 jurisdictions, countries, or unions have enacted privacy legislation to protect their citizens. By 2023, 65% of the world’s population will be covered by some form of privacy legislation.
Today, those numbers are closer to 10%. To meet the consumer’s demands, corporations are enacting transparency and privacy policies to create a level of trust and assurance within their customer relations. Take note that transparency and privacy are distinctly two different issues. As Glenn Greenwald pointed out, “Transparency is for those who carry out public duties and exercise public power. Privacy is for everyone else.”
Changing Company Policies
Corporations across the globe are changing their privacy policies to meet the demands of consumers. While many companies still have a business plan based solely on creating profits through the selling of personal data, many businesses are beginning to move away from that type of marketing. These businesses realize that to have a long-term relationship with the consumer starts with faith and trust. Business interactions are a two-way street. Consumers who no longer have respect or confidence in your business will begin to look elsewhere for the same product – even if it costs more to obtain.
According to Steve Jobs, privacy means people know what they’re signing up for, in plain language, and repeatedly. I believe people are smart. Some people want to share more than other people do. Ask them.” As privacy legislation like the General Data Protection Regulation or GDPR and the California Privacy Rights Act or CCPA have required corporations to give consumers a choice in participation, opting-out, changing their data, and more, company leaders are waking up to the idea of honesty. When a business is up front with individuals about the use of data, types of data that is kept, who it is shared with, and why – giving consumers a choice – there are still many consumers who will agree to the terms. When respect is given, it is often returned.
What About Health Data?
Everyone knows that one of the first things that every patient sees or signs before seeing their physician or specialist is a HIPAA Privacy Notice. We all think that our health information is our most sensitive personal data. It is information that can be used against us by employers, insurance companies, and banks if it were not protected from misuse. As Americans, we are lulled into believing that no one sees our health data. The constant exposure to HIPAA Privacy Policies has created a false sense of security.
Biologist and author Craig Venter thinks differently. “Privacy with medical information is a fallacy. If everyone’s information is out there, it’s part of the collective.”
This is a true statement. However, it is necessary to study health data to provide the research information required to improve healthcare. Without this information, researchers would not fully understand what types of illnesses impact specific groups of individuals. Even within the HIPAA regulations, privacy does not come before public protection. For example, as the world is facing a global pandemic, personal health privacy does not apply. Public safety comes as a priority.
Can We Have Expectations of Respect and Trust?
If we consider the definitions of these qualities, it may point us to a path of moderation when it comes to privacy issues. According to the Cambridge Dictionary, the term ‘respect’ can be defined as “politeness, honor, and care shown toward someone or something that is considered important; a feeling that something is right or important and you should not attempt to change it or harm it.” If a corporation insists on being treated “as a citizen,” then corporate responsibility would allow for the respect of the individual – a fellow citizen. Cambridge defines ‘trust’ as the ability “to believe that someone is good and honest and will not harm you, or that something is safe and reliable.” When a corporation extends its goods and services to the public, do they not want the consumer market to ‘trust’ in their product and reputation?
These definitions and requirements of any positive relationship are why the reaction to a data breach results in a loss of trust in the company’s reputation by the consumer. Beyond any legal fees or penalties, the most considerable cost to a business that experiences a breach of data comes from reputation loss. Consumers are willing to spend more money to do business with companies that make them feel good about the same product. The negativity of a corporation that misuses data, and does not show respect to the consumer, will lose them in droves.
If we refer back to the statement by Steve Jobs above, to level with the consumer and ask their permission, corporations will be surprised at the trust that is then returned. Consumers and individuals understand that with today’s technology, data collection is a necessity to do business, transfer goods, or make purchases. The ‘reasonable expectations of privacy have caught up with the technological age we live in. Individuals feel safer knowing that the bank has cameras in the lobby. They believe that some technology that records their information is beneficial. This is followed by the belief that the company registering the data is not misusing it or breaching it.
To properly comply with privacy legislation and to demonstrate respect – returning the consumers’ trust – corporations regularly incorporate internal privacy policies to manage the data. This can include data redaction policies that can remove personally identifiable data prior to storing or anonymizing the data. Privacy policies often have a specific date on which personal data is destroyed. All security measures are taken to ensure the safety of the collected information to honor the trust the consumer had placed in them. This two-way relationship of trust and respect is how privacy will be defined in the future and how the legislation will be based when it determines what is “reasonable expectations.”