Privacy is contextual and social, less legal and technical

Privacy is more than a couple settings and a consent checkbox on a form somewhere. Privacy and publicity seem to be pretty straightforward concepts and, legally, they are treated fairly superficially and defined mechanically. A result of that is a similarly superficial treatment in conversations about privacy and publicity in social and commercial engagements which rarely touches on what privacy really means to us. This leaves us fundamentally confused and conflicted about privacy because we have a deeper sense of what privacy means to us but the typical conversation about privacy lacks the language to describe that deeper sense of it all.

Anil Dash and dana boyd recently published articles on Medium titled “What is Public?” and “What is Privacy?“, respectively, which dive deeper into what publicity and privacy mean to us. If you are interested in what privacy and publicity mean in modern times, you should read both articles carefully:

What Is Public? andWhat Is Privacy?

One of the paragraphs in Dash’s article that stood out for me was this one:

What if the public speech on Facebook and Twitter is more akin to a conversation happening between two people at a restaurant? Or two people speaking quietly at home, albeit near a window that happens to be open to the street? And if more than a billion people are active on various social networking applications each week, are we saying that there are now a billion public figures? When did we agree to let media redefine everyone who uses social networks as fair game, with no recourse and no framework for consent?

I agree more with boyd that privacy is more about social convention. I particularly like this extract from boyd’s article:

The very practice of privacy is all about control in a world in which we fully know that we never have control. Our friends might betray us, our spaces might be surveilled, our expectations might be shattered. But this is why achieving privacy is desirable. People want to be in public, but that doesn’t necessarily mean that they want to be public. There’s a huge difference between the two. As a result of the destabilization of social spaces, what’s shocking is how frequently teens have shifted from trying to restrict access to content to trying to restrict access to meaning. They get, at a gut level, that they can’t have control over who sees what’s said, but they hope to instead have control over how that information is interpreted. And thus, we see our collective imagination of what’s private colliding smack into the notion of public. They are less of a continuum and more of an entwined hairball, reshaping and influencing each other in significant ways.

I also think this next extract nicely captures why people become angry with brands and why reputational harm happens at an emotional level. If you represent a brand, you should read this a few times:

When powerful actors, be they companies or governmental agencies, use the excuse of something being “public” to defend their right to look, they systematically assert control over people in a way that fundamentally disenfranchises them. This is the very essence of power and the core of why concepts like “surveillance” matter. Surveillance isn’t simply the all-being all-looking eye. It’s a mechanism by which systems of power assert their power. And it is why people grow angry and distrustful. Why they throw fits over being experimented on. Why they cry privacy foul even when the content being discussed is, for all intents and purposes, public.

Privacy is contextual. Law is also a poor mechanism for protecting it because law tends to be mechanical (it has to be). What we need more is a better awareness of what privacy and publicity mean in a social context and where the line is.

Jeff Jarvis made a statement about privacy in This Week in Google 261 which really caught my attention:

Privacy is a responsibility. It is an ethic of knowing someone else’s information.


Photo credit: Lost in Translation by kris krüg, licensed CC BY-SA 2.0

Randi Zuckerberg and contextual privacy

Waiting

One of the biggest ironies of the 2012 holiday season was Randi Zuckerberg’s family photo being tweeted by her sister’s Facebook friend, Callie Schweitzer, and the resulting privacy debate. If you missed it, Buzzfeed has a pretty detailed account of what happened which includes the photo that was tweeted and the initial exchange between Zuckerberg and Schweitzer on Twitter.

Zuckerberg regards this as a matter of “human decency” and much of the debate only has focused on Facebook’s privacy controls, questions about the correct etiquette to follow when posting content about other people online and the irony that Mark Zuckerberg’s sister fell prey to this apparent privacy slight. A far more interesting issue which this controversy highlights is privacy’s contextual nature. Zuckerberg published the photo to her Facebook Timeline and shared it with a limited group of people (either “Friends of Friends” or just to her Friends but with her sister tagged with the result that Schweitzer was able to see the photo as Zuckerberg’s sister’s friend). Schweitzer then shared the photo on Twitter which, as you know, has two privacy options: completely public or closed and private.

While Facebook has fairly nuanced privacy controls with a degree of complexity, Twitter allows users to either keep their profiles public (in which case anyone can see what you tweet, for the most part) or closed and only accessible to approved users. The privacy paradigms are very different and by tweeting the photo originally shared with a limited group of people on Facebook, Schweitzer basically crossed the streams and took Zuckerberg’s photo out of its original context where her expectation was that only the people she chose to share it with would see it and published it in a very public forum not limited to just those people Zuckerberg chose.

This is largely about Zuckerberg’s legitimate expectation of privacy which, in our law, is a fundamental consideration for determining whether a person’s right to privacy has been infringed. The seminal case on the right to privacy in South Africa is the Constitutional Court case of Bernstein and Others v Bester NO and Others. The Constitutional Court said that the right to privacy is informed largely by a legitimate expectation of privacy which, in turn, means that a person must establish that:

he or she has a subjective expectation of privacy and that the society has recognized that expectation as objectively reasonable.

The subjective component means that a person can’t have an expectation of privacy where that person has consented to have his or her privacy invaded. The objective component introduces a requirement for reasonableness when assessing an apparent privacy violation. There is a notion of a “continuum of privacy interests” which is a helpful application of this idea of a legitimate expectation of privacy. The Court in the Bernstein case said the following:

The truism that no right is to be considered absolute, implies that from the outset of interpretation each right is always already limited by every other right accruing to another citizen. In the context of privacy this would mean that it is only the inner sanctum of a person, such as his/her family life, sexual preference and home environment, which is shielded from erosion by conflicting rights of the community. This implies that community rights and the rights of fellow members place a corresponding obligation on a citizen, thereby shaping the abstract notion of individualism towards identifying a concrete member of civil society. Privacy is acknowledged in the truly personal realm, but as a person moves into communal relations and activities such as business and social interaction, the scope of personal space shrinks accordingly.

This is an explanation for why people in the public eye have a different legitimate expectation of privacy than people who are deeply private and secretive. A person’s legitimate expectation of privacy is determined by their level of publicity and the consents they have given to invasions of their privacy. This further complicates Zuckerberg’s position given that she was Facebook’s head marketing executive while she was there and, given her brother’s notoriety, she remains very much in the spotlight as an Internet celebrity of sorts.

Leaving aside Zuckerberg’s arguable status as a person in the public eye, taking her photo out of its original context and sharing it in a different and very public forum likely exceeded her legitimate expectation of privacy. Her expectation was that only the people she chose to share the photo with on Facebook would see it, not everyone on Twitter and, subsequently, everyone who saw the photo in the many news reports on the controversy.

As many commentators have mentioned, this story is, to a degree, an indictment of Facebook’s convoluted privacy controls. In some respects Facebook’s privacy controls are complex because they are an attempt to cater for very granular sharing choices (for example, share only with Facebook friends but allow a friend tagged in a photo to share with her friends, thereby extending the share – likely what occurred here). They are certainly more intelligible today than they have been in the past but the options available to the person doing the sharing contrasted with the controls available to the person given access to that content creates opportunties for sharing that often exceed the user’s original intention.

Context is an underappreciated and vital aspect of privacy. It is implicit in the legitimate expectation of privacy and it is becoming a particularly tricky factor in an interconnected social Web. To paraphrase Shrek:

There is a lot more to privacy than you think. Privacy is like onions. Onions have layers.