Four types of reasons for explain why personal data is and will always be in demand:
- government agencies may want to have access to data about citizens to serve them better
- commercial parties want to be able to serve their customers or clients better
- personal data like credit risks or commercial past performance can be used to assess risks in a transaction, but to link customers with transactions this requires (re)identification.
- collection of personal data is also deployed in employer - employee relations by use of surveillance and logging
- government agencies may want to gather data in the interest of public good
- central problem of public goods is managing access to them, more specifically exluding access to those who do not contribute (free riders)
- by gathering personal data these free riders can be identified
Reasons why people object to gathering personal data:
- people might not want to have to learn about another person's private life (the right to be left alone, decisional or constitutional privacy)
- people might not want another person to learn about their private life (informational privacy or tort privacy)
Ethics of data protection is concerned with the latter.
Properties of personal data:
- multiple-realizable: may be stored in different places or different media
- may be generated by a variety of techniques, from RFID tags to searching databases to cameras
- data does not have a meaning separate from the context in which it is used
When is someone processing personal data? Consider the following:
- C1: 'X is in restaurant A at time t1'
- C2: 'Y is in restaurant A at time t1'.
In isolation 'Y is in the Restaurant at time t1' does not tell you anything about X, but when combined with C1, it can be deduced that X and Y were meeting in A.
People present guises to others in daily life, but they can also disguise themselves, like tax evaders for example. They use different names x and y to register different bank accounts so the authorities can't deduce that x = y, resulting in tax fraud. This results in the need to recognize and (re)identify people unambiguously, to arrest, detect tax fraud, etc.
By relating little facts like 'the owner of a blue Ford' or 'the owner of a bank account 1234567' to the same person, knowledge about this person can rapidly be expanded. This is also important because, 'for a loss of privacy to occur, the information must be 'about' the individual'. Therefore it is also essential to define what counts as personal data (and is worthy of protection).
According to EU: '"personal data" shall mean any information relating to an identified or identifiable natural person ("data subject"); an identifiable person is one who can be identified, directly or indirectly (id nr, appearance, ...)'
Distinction between referential and attributive use of descriptions (such as that guy with a blue ford):
- attributive: that random guy yesterday at the mall who owned a blue Ford
- referentially (particular person): that specific guy who owned a blue Ford
Both these uses expose information on people and represent identity-relevant information. The EU data-protection laws only protect from referential use of data and leaves attributive use unprotected, leading to little moral constraints for use of data. The object of protection should not be defined as referential data but as identity-relevant information.
Four types of moral reasons for protecting data, which form grounds for principles like EU data-protection act and Organisation for Economic Cooperation principles:
Information is very useful for criminals, some harms could not have been inflicted without certain information. Refer to this as 'information-based' harm.
- identity theft and fraud, plundering bank accounts etc
- victims can be tracked down via internet
- preventing information-based harm provides a strong moral reason to limit access to personal data
- nazi regime as a well known argument against a central database of people, note that the nazi's didn't violate privacy, but only used insufficiently protected data
- by selectively releasing (dis)information you can destroy someone's career
- in a western country, being classified as a Muslim could also be considered information-based harm (reduced chance for jobs etc)
Information can be used to create inequilaties or unfair situations. Consumers provide transaction information each time they buy something. This information can also 'buy' them something, in the form of discounts for example (AH bonus kaart). Sharing information might therefore pay off physically or less tangible such as personalized queries or profiles.
The implications of signing a contract regarding identity-relevant information is not always clear to the customer. Therefore we cannot assume that the developing market for information will guarantuee fair transactions, and thus the flow of personal data has to be constrained and regulated as a new commodity.
Goods have no natural meaning; they are subject to culture and society. A just distribution of goods (or information) is thus also influenced by what this good means to these people:
- medical treatment is allocated on the basis of need
- political office on the basis democratic election
- money on the basis of free exchange
Dominance of goods should be prevented (ie. monopolies based on dominance of a good). Dominance could lead to advantages in other spheres (buying votes (political), buying better healthcare (economical), educational, medical, etc...). The violation of these spheres is especially offensive to our sense of justice. In order to prevent this, the ‘art of separation’ of spheres has to be practised and ‘blocked exchanges’ between them have to be put in place. This also applies to information:
- medical information used for medical purposes is not objectional
- library search data used for library services is not objectional
Informational injustice is defined as disrespect for these 'spheres of justice' or 'spheres of access'. A violation of privacy is more often a transfer of data across the boundary of separate 'spheres of justice'.
Four moral reasons for protecting personal data have been provided. The first three reasons (avoiding harm, preventing exploitation in markets for personal data, and preventing inequality and discrimination) can be shared by both liberals and communitarians; they both oppose inflicting harm, exploitation, and discrimination. The last reaons (moral autonomy) comes from the self and the morals he wants to identify with. By providing 3 values that all parties divided by privacy issues share, we can think about designing smart schemes of constraints on the flow of personal data.