D7.4: Implications of profiling practices on democracy

Title: LEGAL PROTECTION OF PRIVACY

Legally speaking, privacy is not the same as private life, but the protection of private life is indeed one of the legal tools intended to protect privacy. Private life is protected by art. 8 of the ECHR, together with the family, one’s home and correspondence. Terms like private life, family, home and correspondence are obviously vague in the sense that their precise meaning will depend on the context. Are e-mails sent from an office computer protected? Are e-mails sent from a work email account protected if sent during the night from one’s laptop at home? Can a biological father who has never seen his child claim visiting rights on the basis of art. 8? Does one need a legal warrant to search an office that is temporarily used as a home? Though most of these questions have been answered in court, art. 8 does not speak for itself, it needs interpretation on a case to case basis. One could say that art. 8 contains different rights that aim to protect privacy, without claiming that this exhausts the legal protection of privacy.

Besides the protection of private life, other human rights like due process; prohibition of unlawful detention and inhuman or degrading treatment also relate to the protection of privacy. This is the case even if their first aim is to protect the position of the defence in criminal cases; prohibition of arbitrary use of state powers or the protection of the integrity of the person. Even the right to free speech has a dimension that protects one’s privacy, in the sense that government should not consistently monitor the way I speak out in the public sphere, since the awareness of such monitoring may induce me to constrain myself in the expression of unconventional opinion. Privacy can also be protected by the criminalisation of unlawful entry, of ill-treatment, of assaults on bodily integrity and other actions that impact one’s sense of privacy. Besides human rights and criminalisation, administrative law can impose obligations on natural and legal persons with the aim of safeguarding the privacy of clients, consumers, voters or others. This can be achieved by prohibiting exposure to a public of what is nobody’s business; by prohibiting access to sensitive personal information; and by regulating access to and processing of personal data in general.  

If the entitlement to privacy can be facilitated by means of (1) a variety of human rights, (2) criminalisation and (3)  administrative laws, one may wonder what privacy is all about. It seems to make sense to provide some kind of working definition that clarifies how we should understand privacy in relation to democracy and the rule of law. In the next section we will undertake such effort and relate it to the impact of profiling practices.

Privacy and identity: idem and ipse

Entire libraries could be filled with books on the definition, scope and meaning of privacy. Central features seem to be intimacy, anonymity, reserve, solitude and autonomy. This indicates concern with an individual’s inner core, allowing a person a space of her own and separating her from the rest of the world. The more interesting definitions, however, focus on the relational core of privacy. In 1975, social psychologist Altman discussed privacy as a dynamic process of boundary control, taking place between a self and its environment. Recently, Agre and Rotenberg seem to build on this when they move beyond a ‘static conception of privacy as a right to seclusion or secrecy’, discussing privacy in terms of ‘negotiated relationships’. They define the right to privacy as

‘the freedom from unreasonable constraints on the construction of one’s own identity’.

Besides building a relational and dynamic understanding such a definition also links privacy to identity and identity construction, which is of great interest for the future of identity in the information society, particularly when discussing the impact of profiling technologies.  

The term identity refers to two different concepts of identity, that are interrelated. First, identity derives from the Latin idem, meaning sameness, similarity and/or continuity. Two loaves of bread can be the same, or identical, in the sense of being similar (for example, both are ciabatta, rather than the one being a ciabatta and the other being a pistolet). One loaf of bread can be said to be the same, or identical with itself in the sense that this particular loaf of bread it the same loaf it was yesterday; this implies continuity and introduces the phenomenon of time. As should be obvious, sameness has to be asserted in opposition to difference or otherness: two ciabattas are the same because they differ from other types of bread; one individual loaf is the same loaf in the course of time because it differs from all other things. Group profiling technologies build on sameness in the sense of similarity (categorisation); personalised profiling build on sameness in the sense of unique identification or continuity with oneself.

Second, the term identity refers to the concept of ipse or self. This concept overlaps with the idem-identity as it depends on a sense of the continuity of one’s own existence: however much I may change in the course of time, I will still claim to be the same person. Apart from this, ipse-identity also concerns the sense of self that is constitutive of the human subject. This sense of self means that I view the world from a particular, situated, embodied perspective that I will never be able to get rid of completely; it depends on my perception of my body as my own body, radically different from perceiving my body as one body amongst many others. Philosophers have thus differentiated between our body as Leib and Körper; as the experienced body that constitutes our sense of self, and as an object like other objects. The most interesting link between these two bodies – that are in fact one and the same - is that in order to perceive of my body as an object like other objects, I need a body in the other sense. Objectification presumes a subject that objectifies. Profiling technologies cannot produce or even detect a sense of self; they are built on sameness, even when they construct sophisticated personalised profiles that seem to define a person in many dimensions of her social, private and public life. They can, however, impact our sense of self. This is due to the fact that the construction of one’s own identity depends on the confrontation with others, especially with the way other people seem to ‘profile’ us.  I learn about me because of the feed-back I receive from the material and social environment. In the end this means that I have no privileged access to my own identity, as it is via others that I gain pictures or profiles of myself. This conception of identity presumes that most identity-building happens without conscious intention; it is not a voluntaristic project. Processing information about our self happens, as it were, under the skin. This, however, does not mean that one has no control whatsoever; the ambiguity of our self as Leib and Körper already indicates that we have the capacity to become aware of our self as an object and become experienced in consciously accepting or rejecting particular influences on our identity.

Understood in this sense, ipse-identity is (1) inherently relational, because it is constructed in confrontation with an environment; (2) fluid and dynamic, because this construction is an ongoing process as the environment changes and (3) while mostly progressing at a pre-reflective level, identity-building can become part of conscious intention and reflection, indicating the particular capacity of human beings to be conscious of their own consciousness.

As mentioned when introducing the distinction between the concepts of idem- and ipse-identity, the two are interrelated. On the one hand idem-identity presumes the ipse-identity of the subject that establishes idem-identity and on the other hand our sense of self develops in counterpoint to and while accommodating to the ‘profiles’ that others project onto us. This means that when Agre and Rotenberg define the right to privacy in terms of identity-construction they are talking about ipse-identity, but we should remember that ipse-identity cannot emerge without the idem-identity we experience (our sense of continuity) and the idem-identity we are attributed by others (as this is how we establish our sense of self in contrast to others). It also means that while the human person of flesh and bones - in this context - referred to the ipse-identity of a person, the idem-identity that is provided by the legal person will impact this ipse-identity for it creates and prohibits opportunities and risks that will shape my sense of self as I act on them. For instance, if the law considers me to be a father it will attach certain legal contraints to this status, that enable me to exercise parental rights, obligate me to provide for my children and attribute liability for their actions if committed under a specified age. Apart from many other profiles that may impact me as a father (the expectations of my in-laws, those installed by education and other forms of enculturation, etc.), this will impact my sense of self. The difference between the role attributed to me as a father by law and the role of father attributed by the common sense of those I live with, is that the legal expectations are more explicit, while those internalised during my upbringing or education are more or less implicit. As indicated before, they function ‘under my skin’. If profiles are generated by advanced profiling technologies they may impact my sense of self without any awareness on my part, for instance by offering me targeted services otherwise not available. The point is not – only – whether those who profile us have good or bad intentions or whether they use profiles to manipulate our inferred desires, but that knowledge is constructed that could be used to manipulate our preferences without us having a clue.  

Privacy and identity: freedom from and freedom to

Following Agre’s and Rotenberg’s definition of the right to privacy, I shall now explore how privacy is related to freedom. Instead of moving into the debate on whether privacy is a right or a liberty (if there is such a difference), I will first explore the phenomenon and the concept of privacy in relation to identity-building. Privacy is not a right, but a good that can be protected by means of individual rights and liberties; in other words privacy is the object of certain rights and obligations. In fact I will claim that privacy in its fullest meaning, does not precede such rights but depends on their effectiveness.

To argue this claim we have to look back into the history of the rule of law, as discussed in section . As we have seen, rule by law, the hall-mark of the modern state, is based on the positive freedom of the King to legislate and thus command his subjects. It demonstrates the freedom of the king to constrain the actions of his subjects. In a democracy this positive freedom belongs to the citizens, who rule themselves by means of participation and/or representation.

Complementary to democracy, the rule of law integrates the idea of positive freedom with that of negative freedom. In a democracy this means that citizens not only enjoy the freedom to rule themselves at the political level, but can also claim freedom from governmental constraints on the way they wish to rule their own lives in private and social spheres. This is why rule of law – other than rule by law – implies human rights effectively guaranteed by an independent judiciary, as discussed above. Privacy can then be termed the combination of positive and negative freedom that allows a person to participate in public life and to negotiate boundaries in both social and private life. In that sense, privacy is the result of individual legal rights that enable citizens to effectively ward off unwarranted intrusions.

However, if we acknowledge the fact that unwarranted intrusions upon our privacy may arise in both public, social and private life, it should be clear that the creation of negative liberty not only concerns non-interference by the state, but also by other actors in the social and private sphere. From a social perspective for instance, life in a village can be more restrictive of one’s privacy than life in a metropolitan city. This is connected respectively with the transparency of the relationships in a village community as far as it nourishes on strict social control, and the possibility of remaining relatively anonymous in urbanised surroundings. In other words: in a village one may be ‘profiled’ continuously by one’s fellow locals, while in a large city this is practically impossible.

There are, however, other ways in which social constraints can be imposed on those living in a metropolitan world, thanks to the development of the social public sphere created by the writing press and, later on, the proliferation of mass media. The advance of this type of social control has been one of the main worries of liberals and of the liberal strand of political philosophy, dating back to Constant and Mill in the 19th Century. They emphasise the intimidating effects of public opinion and plead a separation of public life (in which positive freedom is to bloom) and private life (where one can foster one’s negative freedom). Berlin articulated this in his influential Two concepts of liberty in the second half of the 20th century, warning against the totalitarian tendency of the positive freedom of government on the social sphere if unchecked by the creation of a space for negative freedom. More recently Thomas Nagel built on this liberal defence of negative liberty by celebrating societal reticence in the face of political correctness and abrasive exposure of the private behaviour of public officials. In law, the allergy against such exposure in the social public sphere has been articulated famously by two distinguished legal scholars, Warren and Brandeis, in their landmark article in the Harvard Law Review of 1890, where they pleaded a right of privacy against one’s fellow citizens, articulated as the right to be left alone, based on tort (private law). This is an issue apart from the constitutional right or liberty that protects against government invasion; Warren and Brandeis were primarily concerned about the way private information of well known public figures was disseminated into the public sphere by one’s fellow citizens (notably the tabloid press).

Such undesirable experiences of living in a glass house may seem to be restricted to the rich and famous; originally the right of privacy was indeed conceived as the right of those in power or fame to take action against the transparency of their behaviour (that is, when not intentionally put on stage for the public gaze). One can argue that the impact of public exposure on those living outside the realm of fame and power was rather marginal, since nobody was really interested in their private affairs and – more importantly – the means to observe their behaviour in any systematic way were absent. Continuous ‘profiling’ as can happen within a small village community, seems to have been out of the question. This is, however, not the whole story. From the 19th Century onwards, certain specific localities were artificially constructed to enhance the continuous visibility of their local ‘inhabitants’ and the recordability of their behaviours: schools, prisons, hospitals, offices and factories. The emerging focus on a peculiar type of detailed control of human beings inside such institutions has been described in extenso by Foucault, who related the advance of such loci of control or discipline to the invention of modern social science (informed by statistical inference). In fact criminology further developed his notion of disciplinary institutions and its entanglement with social science in relation to the more recent phenomenon of a ‘society of control’, in which the monitoring of individuals inside institutions has been replaced by a more pervasive tracking and tracing of individuals and their behaviour throughout society. This is not to say that we live in a panopticon, informed by Big Brother; the point here is rather that it is not necessarily state control that tends towards preventive monitoring of as many people as possible, but also commercial business enterprise that wishes to know all about us to provide us with targeted services that are customised to our inferred preferences. Apart from schools, prisons, hospitals, factories and offices we now find many other social spaces with embedded intelligent electronic devices that can monitor our behaviour and/or biometrics: airports, swimming pools, hotel and catering services and, last but not least, the smart home.   

So, while liberals have traditionally been worried by the force of public exposure of what they consider their private life and by the force of public opinion as it is transformed by the logic of mass media, others have indicated the interplay between monitoring infrastructures and the impact that the knowledge these infrastructures produce can have on those monitored. As mentioned in FIDIS deliverable 7.2 such monitoring can be used to customise services or even, as described in FIDIS deliverable 7.3, entire environments. It may, then, be the case that consistent monitoring and processing of data can destroy the negative freedom of citizens, because the customisation seems to enhance processes of normalisation to such an extent that I no longer know which desires are mine and which have been produced by profiling technologies. As Lawrence Lessig writes: 

When the system seems to know what you want better and earlier than you do, how can you know where these desires really come from? (…) profiles will begin to normalize the population from which the norm is drawn. The observing will affect the observed. The system watches what you do; it fits you into a pattern; the pattern is then fed back to you in the form of options set by the pattern; the options reinforce the patterns; the cycle begins again.

This is not to take a Luddite position, or to plead a conspiracy of those that are working on AmI. It is, however, important not to take for granted the rhetoric of those who plead further investment in a technological infrastructure that will enable invisible, pervasive and ubiqoutous computing within networked and interoperable environments, stuffed with embedded intelligent devices. The rhetoric I refer to focuses explicitly on the human centredness of AmI that is supposed to provide custom-made services, taking out of our hands both burdensome activities and choices (whilst at the same time exponentially increasing our choices, which is only possible if we have the profiling technologies to categorise and choose for us within certain parameters).