The debate around data protection and privacy is often portrayed as a race towards complete secrecy. The author of this research paper argues that instead, we need to strike a balance between protection against harmful surveillance and doxing on one side and safety, health, access, and freedom of expression on the other side.
tl;dr
Privacy rights are fundamental rights to protect individuals against harmful surveillance and public disclosure of personal information. We rightfully fear surveillance when it is designed to use our personal information in harmful ways. Yet a default assumption that data collection is harmful is simply misguided. Moreover, privacy—and its pervasive offshoot, the NDA—has also at times evolved to shield the powerful and rich against the public’s right to know. Law and policy should focus on regulating misuse and uneven collection and data sharing rather than wholesale bans on collection. Privacy is just one of our democratic society’s many values, and prohibiting safe and equitable data collection can conflict with other equally valuable social goals. While we have always faced difficult choices between competing values—safety, health, access, freedom of expression and equality—advances in technology may also include pathways to better balance individual interests with the public good. Privileging privacy, instead of openly acknowledging the need to balance privacy with fuller and representative data collection, obscures the many ways in which data is a public good. Too much privacy—just like too little privacy—can undermine the ways we can use information for progressive change. Even now, with regard to the right to abortion, the legal debates around reproductive justice reveal privacy’s weakness. A more positive discourse about equality, health, bodily integrity, economic rights, and self-determination would move us beyond the limited and sometimes distorted debates about how technological advances threaten individual privacy rights.
Make sure to read the full paper titled The Problem With Too Much Data Privacy by Orly Lobel at https://papers.ssrn.com/sol3/papers.cfm?abstract_id=4578023
The United States has historically frayed away from enacting privacy laws or recognizing individual privacy rights. Arguably, this allowed the United States to innovate ruthlessly and progress society relentlessly. The Fourth Amendment and landmark Supreme Court cases shaped contemporary privacy rights in the U.S. over the past half of the century. In the aftermath of the September 11, 2001 terrorist attacks, however, privacy rights were hollowed out when H.R. 3162 aka the Patriot Act was passed, which drastically expanded the Government’s surveillance authority. In 2013, whistleblower Edward Snowden released top-secret NSA documents to raise the public’s awareness of the scope of surveillance and invasion of privacy done to American citizens and citizens of the world by and large. In 2016, the European Union adopted regulation EU 2016/679 aka General Data Protection Regulation (GDPR). Academic experts who participated in the formulation of the GDPR wrote that the law “is the most consequential regulatory development in information policy in a generation. The GDPR brings personal data into a complex and protective regulatory regime.” This kickstarted a mass adoption of privacy laws across different States from California’s Consumer Protection Act of 2018 (CCPA) to Virginia’s Consumer Data Protection Act of 2021 (VCDPA).
History, with all its legislative back-and-forth evolutions, illustrates the struggle around balancing data privacy with data access. Against this backdrop, the author argues that data is information and information is a public good. Too much privacy restricts, hampers, and harms access to information and therefore innovation. And, while society has always faced difficult choices between competing values, modern technology has the capability to effectively anonymize and securely process data, which can uphold individual privacy rights while supporting progressive change.