Is Privacy an illusion? Some thoughts.

When visiting the internet to learn more about privacy and how it influences our daily life, it is amazing to see how many articles there are. Privacy means a different thing to each of us (or does it not?). What is for sure is that the way privacy is conceived is different in different cultures, over time, the level of awareness, the degree of education, etc. But an axiom is that privacy is something inherent to human development and civilisation and is a part of our being.

When taking some dictionaries, privacy is defined in many ways. The Cambridge Dictionary describes privacy as someone’s right to keep their personal matters and relationships secret. That is for sure a definition we all like, moreover because the definition speaks about rights.

A nice definition is to be found in the Oxford dictionary: “A state in which one is not observed or disturbed by other people” or “the state of being free from public attention”.

When privacy is a right (and we all do like rights) is privacy also an obligation? And if so, for whom?

The simple answer is that it is both, a right and an obligation. The General Data Protection Regulation (GDPR) is a fine piece of work describing the rights and obligations of the different stakeholders. It is a pity it focuses on rights (mainly for the data subjects) and obligations (mainly for the controllers and processors) and a little bit a mix for the supervisors, but reality is that it is for all stakeholders both.

There is no doubt that privacy is a right and an obligation, and it is so for each of us. People often think that only rights are applicable to them but a society cannot survive on rights only. There is a need for obligations (and the positive attitude of each of us to comply with these obligations). The first condition linked to privacy is respect. Respect for the privacy of others but not limited to privacy: respect for others. Respect makes that privacy works (which means that its goal, which is to create trust can be realised).

This is a very important finding because if we take only the law, we can define rights and obligations and by consequence breaches and penalties. But no law is perfect and by consequence there will be as many situations being confusing and not covered by the law, as there are where the law gives clear guidance.

A speaking example is someone arriving in hospital after an accident. For sure the law describes his rights on privacy and foresees specific exemptions for medical staff (otherwise they cannot do a proper job) but the law does not offer a clear line between what is compliant with the law (and/or the spirit of the law) and what is not. Nothing to worry about you think, for that we have scholars writing articles on the matter, courts to decide, religious people to give moral statements, and so on.

Is life so simple? Or is our first finding the answer? The only way to act right is to apply the obligation to respect the other. That is clear and things will automatically come right. Or not?

Problem is that this is only true as a theoretical concept because each individual feels this obligation differently (some see no harm in ignoring completely the privacy of themselves or others, and some are of the other extreme, some are very well educated and for them respect for their neighbour is a fundamental of their life, others not at all).

It is not possible to analyse in a short article all the possible angles. But the above already shows that even with a comprehensive law, surrounded by many intelligent people explaining us the why’s, courts to present rulings, etc. we will not be able to enjoy fully privacy or allow others to do so.

This is not only because ‘others’ do not comply; even we are to blame. Some days an individual might be full of optimism and courage (and privacy is less important), another day the individual feels weak and privacy is a shield he/she needs.

And then there pups up the one million euro question: is privacy an illusion?

We are living in a world where the production and exchange of data is exponentially growing. No human can state that he or she is able to oversee this mass of information, to identify the data which directly or indirectly links to him/her. The authors of the GDPR are aware of this and by creating this legislation they hoped to give some guidance and some rules to the game. But the illusion is here, no law can protect an individual and his privacy (as no law can protect you from murders or burglars). The only one who is able to provide protection is the collectively of humans by respecting each other. And since this collectively is not a homogeneous group, it will be indeed an illusion to think we have privacy. And realising this hurts, because we all want it so badly.

Of course we can do many things ourselves. Be careful with the information we share on ourselves, our families, friends and in general on all others. We have laws like the GDPR to oblige data controllers and processors to take the necessary measures and to tell supervisors about the role they have to play. We have the growing awareness in our minds, in the media, in art and literature, etc. that privacy is a value we must honour. But we will not be able to close the box of Pandora completely.

Is it now the moment to panic?

To set our minds to rest, we should start to distinct privacy from anonymity. The GDPR promotes the processing of anonymous data (and that is good because often anonymous data gives already answers to questions we have: more precisely in marketing studies). But individuals must be aware that nobody is anonymous. We are in many data bases and often for the right reasons. That is a fact we have to live with.

Privacy is the respect for the data which are not anonymous and which we have to share in order to live in this modern society. And we need to respect the data because we owe respect to eachother.

We should not feel guilty that private data is shared. Often one reads or hears that privacy is the right to share individual data on his own free will. This is not entirely correct. In most cases we do not even have the choice to share or not our data.

It is also true that controllers could limit the use of private data and organise themselves better to do so (e.g. governments tend to have too many databases and often their access protection is weak).

An important fact is that we should be aware that more sharing might be even a good thing. An example is a central DNA database which could safe many lives. It enables specific treatments, allows doctors to treat a patient with adequate medicine, and it can help people protecting them from genetic weaknesses. The counter side is that there is a huge risk on abuse and we could become very vulnerable. Risks can be mitigated and a balance should be made between risks and the positive effect. As risks managers state: the residual risk is the guideline.

If our society evolves to more or less sharing of private data is not the main question. The first finding (respect) is a key we all hold as a mitigating factor (next to the so-called technical and organisational measures). Creating awareness and educating all individuals in combination with good legislation, good technical solutions, is often the best and most realistic approach. And by doing so, an illusion might become liveable reality.