Underestimating Privacy Risks

We frequently underestimate the value of privacy and its attendant risks.  Just read Time magazine’s cover story for instance.  The piece discusses data mining of our personal information and concludes that “everything about you is being tracked — get over it.”  To be sure, the piece acknowledges the possibility that data mining could impact employment opportunities and credit applications as well as generate unease about the inability to control personal information.  But it gives those risks scant attention and underestimates them for a number of reasons.  First, the piece places undue faith in the prophylactic power of people’s ability to “navigate” their data trails.  For instance, it notes that people are learning not “to say anything private on a Facebook wall, keep your secrets out of email, use cash for illicit purposes.”  But one person’s responsible online behavior won’t protect against others’ indiscreet disclosures of that person’s personal information.  (James Grimmelmann’s Saving Facebook astutely captures those sorts of risks).  Second, the story assumes that the vast majority of data mining is unlikely to cause harm because “no human being ever reads your files.”  Tell that to the man who nearly lost a job opportunity because Choicepoint’s dossier on him falsely suggested that he had two felony convictions.  Twenty-first century technologies like data mining exacerbate reputational, financial, emotional, and physical suffering associated with privacy problems.  We shouldn’t just get over it.

You may also like...

2 Responses

  1. Ryan Calo says:


    Excellent post.

    Joel quotes me in the Times piece as saying that data mining is somehow only harmful if the information is wrong. That is *not* what I said. Data mining and brokerage is harmful when the government buys it to use against its citizens, for instance, and in the surprisingly common instances where companies use data to deny opportunities (or offer worse ones) to current or prospective customers. Not to mention rampant identity theft due to poorly safeguarded data or ill-conceived procedures for authentication.

    As Dan Solove has so importantly argued, the mere fact that all these faceless entities have and use our information in myriad unknown ways enacts a price. It creates a sense of unease, discomfort, and powerlessness that privacy law seems loath to register but that is clearly a privacy harm onto itself.


  2. HR Anderson says:

    I had not seen the Time piece. Thanks for the link. I agree that twenty-first century technologies may, as you say, exacerbate some privacy-related harms (although I’m sure we would differ as to the degree of that exacerbation). However, does it necessarily follow that these activities/problems lead to a net loss for society? We cannot be sure without also considering the many benefits associated with the collection, distribution and use of truthful information, which I attempt to do in another context here: http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1759374 (Shameless self promotion? Check). I have not considered the case of data mining (that would involve a separate pragmatic balancing, I believe) but I have considered the more general question of whether certain privacy harms are “worth it.” I tend to answer that question in the affirmative but I can see how others reasonably would answer “no.”