Privacy: Transforming the fuzzy bear into the barely fuzzy

Scenario one:
I recall an incident in my childhood that I thought nothing of at the time, but now I realise was a violation of others’ privacy. I couldn’t sleep one night, so went into my folks bedroom to complain about it in the hope they’d let me go and watch TV. When I entered the room Mummy and Daddy were wrestling. I didn’t think adults played games, but they assured me that everybody likes playing games at times. Apparently it had something to do with bumblebees and sparrows. What I had done was enter into a secluded realm, or what should’ve been had I known that the bedroom was for wrestling during the night times. Being the polite English boy I never grew up to be, I apologised for interrupting their game and went back to bed. I now know I had become an intruder, I had violated their privacy. Partly my own fault, partly theirs, partly just a fact of life.

Scenario two:
When shopping online recently, I was asked for quite a few personal details during the registration process in order to successfully purchase an item for about a fiver. Blindly, I gave them my real mobile number, my email address and shoe size thinking it was just for the delivery. Well actually, not really thinking at all. It was a reputable firm and I just got on with it as quickly as possible. Over the following few days I was bombarded with text messages, phone calls and the electronic equivalent of those leaflets that come through the door that only serve a purpose if you’re ever running low on toilet tissue. I thought I was in control of my data, I knew the firm I was giving it over to, I made the choice.

Scenario three:
As an undergraduate student, when completing a module review form for a course I was recently attending, I gave some details that perhaps the module convener does not want to hear. It was nothing personal, it was not rude, but it certainly was not a glowing report of the course. The whole thing was a mess, the teacher read from the slides – which I could have done at home from the comfort of my own bed with a tin of Cadbury’s Roses. However, when filling out the form I gave it both barrels, particularly annoyed that day by the sun. It was out. It was too hot. Yet I have distinctive handwriting. I believe it to be the handwriting equivalent of ten GPs, each constructing a draft of a memo, putting their individual snippets together with all the structure of an undercooked quiche. I was clearly identifiable, or more specifically, my words of criticism could be easily re¬-identified. I bottled it. I took the form out the room with me and dumped it, mainly through fear of my anonymity being revoked and the potential friction this might cause.

Each of the above hypothetical situations, whilst slightly comical, act to make a point. Privacy can mean many things simultaneously and individually, changing across scenario and time, with both a desired and an actual ‘level’. Each scenario above represents at least one form of privacy violation, which should allow us to work out what privacy is. Scholars throughout the years, notably from 1890 onwards, have sought to define privacy, yet each have a particular perspective. The first scenario highlights the perspective of privacy in terms of a spatial intrusion, or perhaps privacy protection over bodily functions (or the secluded realm for wrestling). The second scenario highlights privacy concerns over control of information, dissemination and to an extent violation of personal space through personal communication devices. The third situation demonstrates the importance of privacy as anonymity in allowing freedom of expression. We could consider privacy to be a wild bear. A bear that needs respecting, or it will come back and tear our anonymous head off our shoulders. Each of these stances on privacy have been researched and hypothesised over the last 100+ years, yet how do we consolidate these ideas? How do we know if two “privacies” are equivalent in their valence or direction?

When thinking about privacy we tend to take a limited perspective, often using one or a few constructs of privacy. As such we may overlook the other constructs of privacy and unintentionally encroach upon them. Take for instance the development of “privacy policies” related to online services we sign up to, like Facebook, or any ecommerce site. When designing these policies, by thinking about information control, can we be sure to encapsulate potential spatial, seclusion or expression privacies? You may ask, “why should we?” Especially if all we are doing is trying to conform to the UK Data Protection Act. But is this responsible?

Enough with the questions, for there exists some glimmer of hope as my prospering marks the end of the beginning (thanks, Winston). By gathering a lay perspective on privacy using qualitative methods, then narrowing our findings through vignettes and quantitative memory recall experiments, we propose a prototype of privacy. A conceptual framework that encompasses the different facets of privacy, and their respective centrality to determine the core issues of privacy, and how the different concepts of privacy relate in terms of their centrality. For example, is being intruded upon in the bathroom as great a privacy violation as the NSA sucking the life out of my encrypted data transmissions?

Imagine cutting an onion in two. By first defining privacy constructs as understood by everyday people, then aligning them in relative terms as to their privacy ‘weight’, we can place these constructs in different segments of the onion, and place more central privacy terms towards the inner layers, and less central terms towards the outer layers. So, when creating policy, or conducting academic research on privacy, or designing a website, we can look to the cross section of this onion and identify related privacy terms across privacy perspectives, and determine if we are likely to encroach upon them, and if so, how critical these issues are. This was the motivation for our recently accepted paper Privacy as a fuzzy concept: a new conceptualization of privacy for practitioners in the Journal of the American Society for Information Science and Technology, and whilst there are always caveats to any conducted research, we hope it will provide the first steps to developing a tool to visualise, and a means to understand, the similarity and centrality of different privacy concepts.

Dr David Houghton