Book Asks New Questions on Privacy
The book's authors are political scientists: Colin Bennett is at the University of Victoria in Canada, and Charles Raab is at the University of Edinburgh in Scotland. They set out, among other things, to convince the privacy community of the relevance of political science. They succeed.
The first of the book's three parts considers the goals of privacy. The authors evaluate the traditional legal claims of privacy as a right of individuals. They argue that privacy has a value for society beyond the single individual or simple aggregate of individuals. It's an important but not entirely novel argument.
What is novel is how Bennett and Raab use the social value of privacy to ask interesting new questions. They want to know, for example, who gets what type of privacy. Does the distribution of privacy correlate to gender, ethnicity, social class, age, income, occupation or other socioeconomic categories? Except for Oscar Gandy at the University of Pennsylvania, no one asks these questions because of the traditional focus on individual rights where everyone is equal.
Individual perceptions of privacy risks vary, and we know little about this as well. Surveys about privacy often lack enough granularity to differentiate among groups. Better data might influence the regulatory agenda. Not everyone has the same preferences when it comes to privacy, but we don't know who wants what.
The central section of the book reviews the policy instruments that govern privacy. These include transnational documents such as the European Union Data Protection Directive, national laws, self-regulatory codes and technology. The authors find that the range of incentives for self-regulatory codes is broader than in the past.
The last section addresses the policy effects of the various regimes of privacy protection. How do we evaluate the many and varied instruments of privacy? This is another area where we have little data. Privacy debates to date rarely focus on ways of measuring which protections are successful and which are not. Everyone has an opinion, but we don't have enough facts to make rational selections.
Bennett and Raab approach the process not by conducting actual evaluations, but by framing the debate on the proper criteria for doing an evaluation. It is important to agree on standards, or the results will only add noise. The authors emphasize the difficulty of evaluation because of the complexity and multitude of data protection institutions, internationalization of information processing and lack of a clear definition of privacy. Wisely, the authors limit their attempts at evaluative standards to internationally recognized principles of fair information practices.
The last question posed by the book is whether international privacy protection is a race to the top, a race to the bottom or something else. Here, the authors draw from the work of other political scientists who frame globalization issues in useful terms. The conclusion is that there is clearly no race to the bottom. The authors suggest that it is hard to find evidence that corporate location decisions are being based on data protection laws or that privacy laws are leading to a loss of investment. On the contrary, the overwhelming evidence demonstrates the spread of privacy laws around the globe.
They don't find a race to the top, either. The absence of a concerted worldwide privacy movement akin to Amnesty International is noted, along with the fickle attitude of mass media. This is evidence of spotlighting, the coming together of groups who fight single privacy battles and then disband. This is not a race to the top but a "halting and meandering walk." That sounds about right.
In the end, the pluralism of policy goals and data protection instruments means that privacy will stay on the public agenda. Indeed, the privacy "industry" has many players these days, including data protection agencies, advocates, journalists, chief privacy officers, auditors and academics. Though privacy is a public policy issue of general concern, the authors see the future characterized by progress here and regression there. It's hard to imagine anything else.
Most members of the privacy community, especially CPOs, will find the book useful and thought provoking. Whether you are a fan of privacy or wish it would all go away, the book has something to offer.
The book's importance is in asking new questions and setting challenges for evaluating the privacy institutions we have created. Readers will leave with sharper vision, a clearer agenda and better arguments. Because it isn't apparent whether pro- or anti-privacy viewpoints will benefit from better data and real evaluations, maybe a chance exists for broad agreement on the procedural agenda set out by Bennett and Raab.
"The Governance of Privacy" is published by Ashgate Publishing, and more information can be found at www.ashgate.com.
Also new on the bookshelf is the 2003 edition of the Privacy Law Sourcebook, published by the Electronic Privacy Information Center (www.epic.org). The Sourcebook is still the most useful privacy reference book. The new edition adds new laws, updates others and offers new international materials. Don't practice privacy without it. n