Privacy is doing fine, thank you very much
The famous "privacy paradox" embodies these contradictions insofar as users are increasingly concerned about governments and online companies invading their personal lives, while in practice nothing seems to be stopping them revealing private details and leaving traces in the bottomless databases of the digital economy. How is it that the climate of heightened risk does not seem to have any resonance on user behaviour? The most hardened pessimists cite gullibility, resignation and a lack of information. Yet it appears that online users are not unaware of the risks they are taking with their personal data. Because they tip the cost/benefit scale of using the Internet in favour of "surrendering" their privacy and advocate those who see Internet users as sentient agents weighing the pros and cons. But it seems that users are doing some much more subtle mediation and in some instances agree to disclose information that they would not want to reveal in other situations. Indeed, we tend to lump together a whole set of issues into the same widespread anxiety that are actually different and put values and legal principles at play that are contradictory. There also needs to be some exploration of the range of aspects the personal data protection debate conjures up if we are to find an initial response to the "privacy paradox."
Caught in the three-pronged surveillance noose
In any discussion on privacy, we first have to know who is doing the surveillance. This is such a hot issue right now because there are three different surveillance entities – the government, companies and individuals – working together to get our data. In the wake of the SAFARI case that broke in 1974 with plans for a huge bureaucratic file on all French people, government surveillance was the impetus for France's Data Protection Act and in 1978 the creation of CNIL (French National Commission on Data Protection). Amid accusations of blanket network surveillance with no legal oversight, in June 2013 governments were once again the subject of public debate on privacy when the Edward Snowden revelations were made public. The American security agency documents served as a reminder to Internet users, who had seemingly lost track of the fact, that Web technologies are shamelessly indiscreet, porous and completely laid bare to the big ears of government. Granted, before the Prism affair public attention was essentially focused on corporate surveillance whereby through widespread recording and exploitation of their user data, major players in the digital economy are feeding algorithms that are both customizing targeted ads and fine-tuning the efficacy of content suggestion and ranking services. But the intelligence gatherers on blogs, Facebook and Pinterest is not just the government or Web platforms, it is also neighbours, exes, managers, teachers, future employers and parents – people who online users often see as more important. This third type of so-called "lateral," "interpersonal" or "horizontal" surveillance came about through self-disclosure on online social networks. As Gilles Deleuze had predicted, the social Web transformed the "surveillance society" into the mutual "control society" where by revealing themselves to others, people are grooming their image by the sheer act of self-control and curbing their behaviour.
By expanding alongside one another, these three types of surveillance appear to be putting digital users in a noose and locking them into a position with little chance of escape. In this era of big data, now more than ever user data is one of the key sources of value and innovation in the digital economy, its fuel and its promise for the future. Web services devise predictive algorithms that consume huge volumes of different data points to generate unpredictable correlations. Ad marketing needs an increasing number of traces to customize its target profiles. Security services detect risky behaviour and malicious intent using online traffic metadata. Communicating objects try to connect to one another to enhance user services with the information they can retrieve from another family of communicating objects. Open data, which legitimately claims to enable better institutional oversight, can run the risk of making personal data public. Etc. Everything is happening as if, from all sides, our societies want to make digital data the fulcrum of their transformation. Is this hunger for data a sign that privacy is on its way out, pointless modesty from a bygone era that needs to be sacrificed in order to enter the modern digital age? That is not the answer this instalment points to, rather it underscores we have undeniably never been as keen to protect our private lives and personal identities. On the other hand, the way in which users perceive and experience privacy is undergoing changes and the tools for protecting privacy are evolving simultaneously.
Security, efficiency and freedom of expression
Let's go out on a hypothetical limb: the process that is destabilizing the image we have created of privacy could be explained as a movement of privacy individualization. We are progressively moving away from seeing privacy as an explicit rule shared by all that defines collective rights toward viewing it as a personal claim whereby everyone asserts their independence and singularity. It had long been thought that privacy was a collective good that served as a foundation for a set of universal standards and values shared by the society as a whole, like tact, modesty or discretion. Today this unequivocal and generic definition of privacy is being undermined by people concerned about setting the terms themselves and not leaving the job of deciding them to others. Privacy is edified as a right to protection and increasingly conceived as a freedom. It is not disappearing; it is becoming more individualistic. At no other time has this assertion been so obvious as with the self-revelatory practices on online social networks. Users believe that neither the law nor Facebook should determine what is appropriate or inappropriate to say about yourself on your personal page. Each individual demands the right to determine their own definition of what is personal and what is public. In no way is the individualization of the line between public and private threatening the existence of a personal realm. Precisely the opposite: by making a personal decision, people cherish what they want to hide that much more and can be extremely touchy about malicious uses of what they have chosen to confide on Web platforms. The intense efforts being made on the Internet to build a reputation cannot be disassociated from the means people use to remove, doctor, screen and protect certain aspects of their lives. Privacy is an increasingly personal affair and this individualization movement is prompting individuals to demand control of their digital lives at the same time as they are giving credence to principles that are making them agree to compromise it.
In many situations, privacy protection is a commodity that must be protected in the face of another principal: government surveillance in the name of national security; platforms siphoning our browsing histories in the name of better service; surrendering information to others that might jeopardize us in the name of freedom of expression. Each of these rationales are extremely legitimate, which substantiates the fact that they espouse individualistic expectations of autonomy, efficacy and security for all. Opinion polls show users seem to accept that their governments are accessing their digital data by hiding behind the precarious pretext of "I have nothing to hide," which is evidence of individualistic retreat in the face of a collective risk . When asked, users also prove to be very ambivalent about sellers collecting their personal data. While they say they are wary of personalized advertising, they are however asking platforms to be effective and provide them services that are effortless and relevant, which in turn make them highly tolerant when it comes to Web services increasingly taking their history data if it enhances their experience. Self-disclosure practices are on the rise on online social networks in the name of freedom of expression and all studies show they are neither innocent nor inconsequential, that they are partly evidence of calculation and stage directing and that by agreeing to make personal information public, users think of this new private-public space as a visibility platform where showing yourself to some but not others is justifiable.
Three things come to mind amid these clamours for independence. Firstly, they cover such a wide range that they invariably present us with geographically changing moral dilemmas in the changing geography. We can be simultaneously very suspicious of government surveillance and very open to the idea that laying ourselves bare on the Internet is a way to build one's identity; or we may be terrified by data files circulating between advertisers and trust governments to protect individuals through widespread surveillance, etc. The debate on how digital data is used is juggling all of these justifications by pitting them against each other, sometimes at the risk of losing users.
Secondly, one might question the logic of always making the individual the point of convergence and the arbiter of all these demands. By individualizing oneself, privacy has become a commodity that everyone is forced to both defend and surrender based on whether we prefer efficiency, security or freedom of expression. The theme of "personal data as heritage," whereby we all become the owners of our data, is increasingly looming large over the discussions, even if it is rejected by anyone who fears data individualization is the harbinger of a move toward privacy merchandising where people can hold on to or hand over their personal data. Left to their own devices, individuals do not always have the wherewithal people need to make the right choice when dealing with new surveillance empires. While it is more and more difficult for institutions to "protect people from themselves," general and collective regulatory frameworks have never been as necessary as they are now.
Thirdly, in legal circles today there is a transformation afoot to make the process of creating a right to personal data more procedural than substantive. The legal proposals being debated these days are less focused on defining what privacy needs to be protected than they are on instituting oversight rules to verify the "contextual integrity" of the treatments that we subject them to.
Between the fears, heartfelt desires and a will to control, surveys conducted on the relationship users have with their data clearly reflect modern-day ambivalence. First of all, opinion polls revealed that users are quite informed and say they are aware of the various ways their data may be used. Contrary to popular belief, young people are not the least tuned in, but rather intermittent users that limit their online behaviour. Interview-based surveys also show that to deal with the risks, some users become extremely creative in protecting their personal lives: junk email accounts, fake responses on e-commerce site questionnaires, private Internet browsing, ad blocker software, etc. Only one-third of users resort to these strategies and they are usually on a very thin firewall, but in our societies there is ever-heightened awareness of personal data protection and a desire to find new ways of flying under the radar. That said, most studies show a systematic divergence between being aware of the risk and what we actually do. In fact, despite cries to leave the social networks or unplug, it has not affected the way online users handle digital technology and they continue to provide information and leave traces for online trackers. It could be that the process of adjusting digital practices actually happens at a much more refined level than the stark contrast between totally connected and completely unplugged. Users do not want to protest Facebook or erase themselves from the Web, but through a slow learning process they are proving to be increasingly mindful and cautious about their digital habits . As the use of digital technology becomes second nature, they seem to be both less eager and less hostile. Users are looking for a compromise they can reach between the freedom to show themselves as they want to be seen, circumspect acceptance of security requirements and more fastidious confirmation that the wide net catching our online footprint is indeed being used to enhance the service provided. While not wanting to sacrifice any of these principles, they do need frameworks for making active choices rather than being shunted from one contradictory requirement to the next, which relieves them by reinforcing a sort of passive resignation.
How do we remove the noose?
To loosen the noose around people's necks, we must turn our attention to the range of initiatives and projects being prompted by the current climate of concern. Legal experts, technologists, educators and service designers are facing down the paralysing doomsday prophecies by offering options for reinventing personal data protection. There has probably never been such stimulating and inventive ideas about privacy and personal data. They first ask people to be mindful of the range of data and processing techniques. Not all the data needed for the digital economy contain identifying information nor threaten the privacy of ordinary citizens. We can "open" data to enable new services or new grassroots actions using information streams that do not trace directly back to individual people. For that matter, even though this argument needs to be handled very carefully, it is surprising to realize that in many cases digital players are doing mass data processing but users still have the impression they are part of targeted treatment. New forms of algorithm-based processes are doing away with the subjects behind the faceless collection of their data footprints. The categorized individual of conventional marketing has become a behavioural probability.