Digital Society Forum Digital Society Forum
Dossier 19/04/2015

Privacy is doing fine, thank you very much

Concerns about how personal digital data is being treated have never been higher. The looming shadow that omnipresent surveillance casts an open society now permeates public discourse and user characterizations to such an extent that some see the illusion of freedom and self-reinvention that came along with the spread of the Internet as a cruel joke. The Web is shifting from being a tool of liberation to a modern-day instrument of enslavement. Admittedly, there is a rare complexity to the issues surrounding the protection of privacy and personal data and this Digital Society Forum instalment seeks to give readers clues to help them find their place in this multifaceted debate that is frequently putting what we say at odds with what we do.

The famous "privacy paradox" embodies these contradictions insofar as users are increasingly concerned about governments and online companies invading their personal lives, while in practice nothing seems to be stopping them revealing private details and leaving traces in the bottomless databases of the digital economy. How is it that the climate of heightened risk does not seem to have any resonance on user behaviour? The most hardened pessimists cite gullibility, resignation and a lack of information. Yet it appears that online users are not unaware of the risks they are taking with their personal data. Because they tip the cost/benefit scale of using the Internet in favour of "surrendering" their privacy and advocate those who see Internet users as sentient agents weighing the pros and cons. But it seems that users are doing some much more subtle mediation and in some instances agree to disclose information that they would not want to reveal in other situations. Indeed, we tend to lump together a whole set of issues into the same widespread anxiety that are actually different and put values and legal principles at play that are contradictory. There also needs to be some exploration of the range of aspects the personal data protection debate conjures up if we are to find an initial response to the "privacy paradox."

Caught in the three-pronged surveillance noose

In any discussion on privacy, we first have to know who is doing the surveillance. This is such a hot issue right now because there are three different surveillance entities – the government, companies and individuals – working together to get our data. In the wake of the SAFARI case that broke in 1974 with plans for a huge bureaucratic file on all French people, government surveillance was the impetus for France's Data Protection Act and in 1978 the creation of CNIL (French National Commission on Data Protection). Amid accusations of blanket network surveillance with no legal oversight, in June 2013 governments were once again the subject of public debate on privacy when the Edward Snowden revelations were made public. The American security agency documents served as a reminder to Internet users, who had seemingly lost track of the fact, that Web technologies are shamelessly indiscreet, porous and completely laid bare to the big ears of government. Granted, before the Prism affair public attention was essentially focused on corporate surveillance whereby through widespread recording and exploitation of their user data, major players in the digital economy are feeding algorithms that are both customizing targeted ads and fine-tuning the efficacy of content suggestion and ranking services. But the intelligence gatherers on blogs, Facebook and Pinterest is not just the government or Web platforms, it is also neighbours, exes, managers, teachers, future employers and parents – people who online users often see as more important. This third type of so-called "lateral," "interpersonal" or "horizontal" surveillance came about through self-disclosure on online social networks. As Gilles Deleuze had predicted, the social Web transformed the "surveillance society" into the mutual "control society" where by revealing themselves to others, people are grooming their image by the sheer act of self-control and curbing their behaviour.

By expanding alongside one another, these three types of surveillance appear to be putting digital users in a noose and locking them into a position with little chance of escape. In this era of big data, now more than ever user data is one of the key sources of value and innovation in the digital economy, its fuel and its promise for the future. Web services devise predictive algorithms that consume huge volumes of different data points to generate unpredictable correlations. Ad marketing needs an increasing number of traces to customize its target profiles. Security services detect risky behaviour and malicious intent using online traffic metadata. Communicating objects try to connect to one another to enhance user services with the information they can retrieve from another family of communicating objects. Open data, which legitimately claims to enable better institutional oversight, can run the risk of making personal data public. Etc. Everything is happening as if, from all sides, our societies want to make digital data the fulcrum of their transformation. Is this hunger for data a sign that privacy is on its way out, pointless modesty from a bygone era that needs to be sacrificed in order to enter the modern digital age? That is not the answer this instalment points to, rather it underscores we have undeniably never been as keen to protect our private lives and personal identities. On the other hand, the way in which users perceive and experience privacy is undergoing changes and the tools for protecting privacy are evolving simultaneously.

Security, efficiency and freedom of expression

Let's go out on a hypothetical limb: the process that is destabilizing the image we have created of privacy could be explained as a movement of privacy individualization. We are progressively moving away from seeing privacy as an explicit rule shared by all that defines collective rights toward viewing it as a personal claim whereby everyone asserts their independence and singularity. It had long been thought that privacy was a collective good that served as a foundation for a set of universal standards and values shared by the society as a whole, like tact, modesty or discretion. Today this unequivocal and generic definition of privacy is being undermined by people concerned about setting the terms themselves and not leaving the job of deciding them to others. Privacy is edified as a right to protection and increasingly conceived as a freedom. It is not disappearing; it is becoming more individualistic. At no other time has this assertion been so obvious as with the self-revelatory practices on online social networks. Users believe that neither the law nor Facebook should determine what is appropriate or inappropriate to say about yourself on your personal page. Each individual demands the right to determine their own definition of what is personal and what is public. In no way is the individualization of the line between public and private threatening the existence of a personal realm. Precisely the opposite: by making a personal decision, people cherish what they want to hide that much more and can be extremely touchy about malicious uses of what they have chosen to confide on Web platforms. The intense efforts being made on the Internet to build a reputation cannot be disassociated from the means people use to remove, doctor, screen and protect certain aspects of their lives. Privacy is an increasingly personal affair and this individualization movement is prompting individuals to demand control of their digital lives at the same time as they are giving credence to principles that are making them agree to compromise it.

In many situations, privacy protection is a commodity that must be protected in the face of another principal: government surveillance in the name of national security; platforms siphoning our browsing histories in the name of better service; surrendering information to others that might jeopardize us in the name of freedom of expression. Each of these rationales are extremely legitimate, which substantiates the fact that they espouse individualistic expectations of autonomy, efficacy and security for all. Opinion polls show users seem to accept that their governments are accessing their digital data by hiding behind the precarious pretext of "I have nothing to hide," which is evidence of individualistic retreat in the face of a collective risk . When asked, users also prove to be very ambivalent about sellers collecting their personal data. While they say they are wary of personalized advertising, they are however asking platforms to be effective and provide them services that are effortless and relevant, which in turn make them highly tolerant when it comes to Web services increasingly taking their history data if it enhances their experience. Self-disclosure practices are on the rise on online social networks in the name of freedom of expression and all studies show they are neither innocent nor inconsequential, that they are partly evidence of calculation and stage directing and that by agreeing to make personal information public, users think of this new private-public space as a visibility platform where showing yourself to some but not others is justifiable.

Three things come to mind amid these clamours for independence. Firstly, they cover such a wide range that they invariably present us with geographically changing moral dilemmas in the changing geography. We can be simultaneously very suspicious of government surveillance and very open to the idea that laying ourselves bare on the Internet is a way to build one's identity; or we may be terrified by data files circulating between advertisers and trust governments to protect individuals through widespread surveillance, etc. The debate on how digital data is used is juggling all of these justifications by pitting them against each other, sometimes at the risk of losing users.

Secondly, one might question the logic of always making the individual the point of convergence and the arbiter of all these demands. By individualizing oneself, privacy has become a commodity that everyone is forced to both defend and surrender based on whether we prefer efficiency, security or freedom of expression. The theme of "personal data as heritage," whereby we all become the owners of our data, is increasingly looming large over the discussions, even if it is rejected by anyone who fears data individualization is the harbinger of a move toward privacy merchandising where people can hold on to or hand over their personal data. Left to their own devices, individuals do not always have the wherewithal people need to make the right choice when dealing with new surveillance empires. While it is more and more difficult for institutions to "protect people from themselves," general and collective regulatory frameworks have never been as necessary as they are now.

Thirdly, in legal circles today there is a transformation afoot to make the process of creating a right to personal data more procedural than substantive. The legal proposals being debated these days are less focused on defining what privacy needs to be protected than they are on instituting oversight rules to verify the "contextual integrity" of the treatments that we subject them to.

Honing practices

Between the fears, heartfelt desires and a will to control, surveys conducted on the relationship users have with their data clearly reflect modern-day ambivalence. First of all, opinion polls revealed that users are quite informed and say they are aware of the various ways their data may be used. Contrary to popular belief, young people are not the least tuned in, but rather intermittent users that limit their online behaviour. Interview-based surveys also show that to deal with the risks, some users become extremely creative in protecting their personal lives: junk email accounts, fake responses on e-commerce site questionnaires, private Internet browsing, ad blocker software, etc. Only one-third of users resort to these strategies and they are usually on a very thin firewall, but in our societies there is ever-heightened awareness of personal data protection and a desire to find new ways of flying under the radar. That said, most studies show a systematic divergence between being aware of the risk and what we actually do. In fact, despite cries to leave the social networks or unplug, it has not affected the way online users handle digital technology and they continue to provide information and leave traces for online trackers. It could be that the process of adjusting digital practices actually happens at a much more refined level than the stark contrast between totally connected and completely unplugged. Users do not want to protest Facebook or erase themselves from the Web, but through a slow learning process they are proving to be increasingly mindful and cautious about their digital habits . As the use of digital technology becomes second nature, they seem to be both less eager and less hostile. Users are looking for a compromise they can reach between the freedom to show themselves as they want to be seen, circumspect acceptance of security requirements and more fastidious confirmation that the wide net catching our online footprint is indeed being used to enhance the service provided. While not wanting to sacrifice any of these principles, they do need frameworks for making active choices rather than being shunted from one contradictory requirement to the next, which relieves them by reinforcing a sort of passive resignation.

How do we remove the noose?

To loosen the noose around people's necks, we must turn our attention to the range of initiatives and projects being prompted by the current climate of concern. Legal experts, technologists, educators and service designers are facing down the paralysing doomsday prophecies by offering options for reinventing personal data protection. There has probably never been such stimulating and inventive ideas about privacy and personal data. They first ask people to be mindful of the range of data and processing techniques. Not all the data needed for the digital economy contain identifying information nor threaten the privacy of ordinary citizens. We can "open" data to enable new services or new grassroots actions using information streams that do not trace directly back to individual people. For that matter, even though this argument needs to be handled very carefully, it is surprising to realize that in many cases digital players are doing mass data processing but users still have the impression they are part of targeted treatment. New forms of algorithm-based processes are doing away with the subjects behind the faceless collection of their data footprints. The categorized individual of conventional marketing has become a behavioural probability.

What is more, we are seeing a series of initiatives to realign the mismatch created between individuals and data owners. To begin with, this is about creating legal requirements on stronger transparency and control for data collectors so they are required to show and explain what they are doing; designers are also talking about viewing data streams to make their circulation more real. Experiments are also being conducted to give users back their data and let them control how it is used, like what is being done in Fing's MesInfos experiment. Demands for data portability, privacy by design or the right to be forgotten are all major inroads to gaining the trust of users. One last point in the current discussions has to do with the issue of the user's informed consent. In the privacy individualization process, the issue of consent, as delicate and shaky as it is, is now a necessary rite of passage. Agreeing to the General Terms of Use these days is much more akin to blackmail than informed choice. If individuals are demanding control of their data and their online life, they have to be given tools that are much simpler and easy to understand when choosing, mediating and controlling their relationship with online platforms. Trust is not gained by changing people's images through talk, but rather by giving them the means to act and have a real handle on events that concern them.


To react to this article, I log in I sign up

Darren Darren
Darren Darren 30/09/2019 10:59:44

Sans partager les données envoyées, il est impossible d'évaluer correctement les préoccupations réelles en matière de protection de la vie privée.

Sandrine Fromentin
Sandrine Fromentin 11/09/2016 12:43:15

L'Etat Français devrait être plus présent sur ces questions... Des organismes, des associations, ou autres structures devraient être crée en partenariat avec l'Etat! Sinon vous laissez la porte ouverte aux structures qui sont étrangères, aux structures américaines! Après seul eux pourront nous dicter nos choix! :-(

Aline Frenelle
Aline Frenelle 17/08/2016 11:22:09

On pourrait ajouter que les attentes des individus en matière de vie privée évoluent, et que le curseur est tiré vers le bas.
Qu'attend une personne qui s'expose et exhibe sa vie sur les réseaux sociaux. A t'elle des attentes en matière de respect de la vie privée ? je n'en suis pas sur...

Nortti Marta
Nortti Marta 10/11/2015 11:11:32

Les objets communicants cherchent à se connecter entre eux pour augmenter le service rendu à l’utilisateur de la connaissance qu’ils peuvent extraire d’une autre famille d’objets communicants.

Célia Aljarez
Célia Aljarez 06/10/2015 11:09:07

Le web outil de surveillance oui certainement. Mais comme partout j'ai envie de dire, seulement internet permet d'aller beaucoup plus loin et surtout sans qu'on puisse le voir. Car c'est là le soucis, c'est que l'on ne voit rien. Que ce soit Facebook ou Google, pour ne citer qu'on, on ne sait absolument pas quelles sont les données relevées et à quoi elles servent.

Gabrielle Fournier
Gabrielle Fournier 03/09/2015 12:31:30

Merci pour cet article super intéressant ! Je pense que le web est en effet l’outil de surveillance par excellence... vu le nombre de données personnelles qu’on y enregistre chaque jour. Il y a bien une raison pourquoi on peut y trouver des tas de choses ! Et c’est vrai, alors que tout le monde s’inquiète sur sa « vie privée digitale », enfin compte, personne ne cesse de s’exposer … J’ai l’impression que la jeunesse ne fait plus que ça, s’exposer partout, facebook, instagram, youtube etc. C’est carrément de la folie et le pire, c’est qu’ils ne voient pas la gravité des conséquences. Je sais que de nos jours, lorsqu’on cherche un emploi et qu’on a un entretien, l’employeur jette un coup d’œil sur les profils sur les réseaux sociaux de leur candidat, afin de juger si cette personne est sérieuse ou pas. Et on va dire quoi, si l’employeur trouve des photos d’une soirée pleine d’alcool, de délire, d’images inappropriées et peut-être encore plus. ..Et bien c’est tout simple, cette personne ne recevra pas ce poste. Fallait y penser avant de publier toutes ces photos et même si elles ne sont pas rendues public, qui cherche, trouve. C’est ça la magie mais aussi le plus grand problème avec le web et comme le dit bien cet article c’est exactement ça le paradoxe de la vie privée. La surveillance du marché, c’est ça qui nous inquiète le plus. Prenons l’exemple des objets connectés offert par les assureurs, tel Axa ou encore le groupe Pasteur. Il a des objets connectés pour toute sorte de produits, pour l’assurance auto, l’assurance habitation, les mutuelles, sous forme de bracelet, de GPS, de balance connectée ou de montre. Ces objets permettent effectivement d’observer et analyser le comportement, les habitudes et les activités des assurés. Évidemment, les assurés se sentent contrôlés dès qu’ils portent ces objets connectés car il s’agit là de données très personnelles, de la vie et de son état de santé. Or, les assureurs insistent sur le fait que ces données sensibles ne sont pas utilisées afin de pénaliser un assuré pour avoir un mode de vie pas vertueux mais ils servent uniquement de dispositif de prévention, pour l’assuré-même et insistent sur le fait que ces données sensibles restent protégées par la loi de 1978. Mais les doutent persistent …

Georges Malamoud
Georges Malamoud 10/05/2015 17:16:29

Si je comprend bien l’une des thèses este passage du collectif à l’individuel dans les représentations et donc les comportements.

Pourquoi ne pas aller plus loin que l’individuel en l’éclatant également, tout en lui gardant son unité ? L’individu utilisateur de l’Internet est en effet plus que jamais une collection d’identités qui lui permettent non seulement de fréquenter divers « cercles » ou de donner différentes représentations de lui, mais d’enrichir son pouvoir d’action sur le monde à travers ces diverses identités.

Autrefois sagement rangées dans des cases bien séparées, c’est par leur juxtaposition que de nouvelles représentations sont possibles. Que ces identités soient étanches ou poreuses, soit du point de vue de l’individu ou de ceux qui le voient, est moins important que l’articulation entre ces identités et les comportements que cela déclenche chez lui.

Je n’ai pas vraiment vu cet angle dans les articles de ce dossier, mais peut-être n’ai-je pas actionné ma bonne identité ici ? Celle qui est attendue ?

Sign up

Join the Digital Society Forum to discuss and react on articles and be informed of upcoming events