Why privacy matters even if you don’t care about it (or, privacy as a collective good)
“How much do people care about privacy?” This is a key, enduring, question in ongoing debates about technological surveillance. As survey after survey regarding changing privacy attitudes is presented as proof that privacy is dead, one might wonder why we should bother protecting privacy at all.
One common answer is that the privacy surveys are wrong. If survey-makers only asked the right questions, they would see that people do actually care about their privacy. Just look at the most recent Pew Research Survey on privacy and surveillance. We should protect privacy rights because people care about it.
While this answer is fine, I find it unsatisfying. For one, it’s hard to draw firm conclusions about privacy attitudes from the surveys I’ve seen (compare the Pew survey linked above to this Pew survey from the year before). Those attitudes might ebb and flow depending on the context and tools being used, and social facts about the people using them. More importantly, though, while privacy surveys can be very valuable, it’s not clear that they are relevant to key policy questions about whether and how we should protect privacy.
This leads to what I think is the better (but perhaps more controversial) answer to the puzzle: privacy is worth protecting even if turns out most people don’t care about their own privacy. As counterintuitive as it seems, questions about privacy and surveillance don’t–and shouldn’t–hinge on individual privacy preferences.
That’s because questions about privacy rights, like questions about speech or voting or associative rights, are bigger than any individual or group. They are, instead, about the type of society we (including all those survey-takers) want to live in. Or as scholars have suggested, privacy is best thought of as a collective rather than merely an individual good.
Privacy is like voting
Many of our most cherished rights, such as expressive, associational, and voting rights, are understood to protect both individual and collective interests. The right to vote, for example, empowers individuals to cast ballots in presidential elections. But the broader purpose of voting rights–their raison d’être–is to reach collective or systemic goods such as democratic accountability.
The fact that many individuals in the United States don’t vote doesn’t tell us much about whether the right to vote is worth protecting, let alone whether we should enact or scale back a particular set of voter protections. When it comes to voting, we intuitively understand that the right to vote has societal benefits that are worth protecting regardless of individuals’ attitudes towards voting. For example, the very existence of robust voting and electoral rights—the possibility that people might exercise their voting power if unhappy—incentivizes accountability on the part of government officials.
Privacy is like voting. Privacy rights create space for individual freedom, but their raison d’être is protecting broader societal and systemic goods. The point of protecting privacy rights—even rights that we choose not to exercise—is to facilitate the creation and furtherance of these social goods. Absent the space provided by the rights to private thought, private communications, and private associations, it is difficult to imagine how any of the major socio-political movements of the past century—from civil rights, to women’s rights, and gay rights—could have survived long enough to influence policy.
The same, perhaps, can be said of major innovations in science, business, and technology. When properly balanced, privacy rights protect the creative process; they create space for deviance, and for experimentation; they allows for the testing and weeding out of weak arguments; they create new pathways for minority viewpoints and groups to gain public support, and for unpopular legal and political arguments to move from off the wall to on the wall.
The question of whether privacy rights are worth protecting is tied to the value we place on these systems and processes–and the public goods they facilitate–rather than to any individual’s interest in the secrecy of their own information. Even if it turns out to be true that most people don’t care about their privacy, that would not be enough to settle important questions about whether (and what) privacy rights society should protect. Privacy rights, like voting rights, are the types of rights that are worth protecting even if many of us don’t care to exercise them.
Rethinking privacy harms
Once we recognize that a critical purpose of privacy rights is to protect collective interests, we have to rethink some of the ways we evaluate privacy harms in our legal and political discourse. For example, courts and policymakers evaluating the harm from (say) data breach or overbroad surveillance must look beyond the intrusion on a particular individual’s privacy and give weight to the broader societal harms of the legal rules or rulings being promulgated. In privacy cases, as with first amendment and voting rights cases, the harm to the individuals is often less important than the harm to society.
Unfortunately, courts and policymakers very often undervalue the societal harms of privacy intrusions. In data breach litigation, courts typically throw out privacy claims unless the victims can prove the data thieves misused their stolen information. This is a very high bar that does little justice to the many social costs of the poor security practices that cause data breach. In its 2012 decision in Clapper v. Amnesty International, the Supreme Court set a similarly high bar for plaintiffs challenging surveillance laws. The Clapper majority’s decision was premised, again, on the theory that the plaintiffs could not prove that they suffered more than speculative harm from the government’s expanded surveillance powers, which in the view of four dissenting justices had a “very strong likelihood” of ensnaring lawful communications.
In Fourth Amendment cases courts routinely contort themselves to force decisions with broad implications for collective interests (decisions that fundamentally affect “the right of the people to be secure”) into a narrow individual-privacy box. Take Maryland v. King, in which the Supreme Court authorized Maryland’s practice of genetic testing suspects arrested, but not charged or convicted, with a violent felony. The majority’s operative legal analysis focused on the “negligible” intrusion caused when the police swabbed the suspect’s cheek with a Q-Tip, and not the brave new world of warrantless genetic testing. In evaluating the reasonableness of the government’s conduct, the majority weighed the degree to which the cheek-swab “intrudes upon an individual’s privacy,” on one hand, and “the promotion of legitimate governmental interests” in crime prevention, on the other.
Put otherwise, the Court weighed the right of the people of Maryland to efficient law enforcement against one man’s right to have his cheek let alone. If it doesn’t seem like a fair fight, it’s because it’s not. As the Court concluded, “[a] gentle rub along the inside of the cheek does not break the skin, and it involves virtually no risk, trauma, or pain”—a small price to pay for the safety of the people of Maryland. Not only does Court’s legal analysis gives short shrift to societal implications of broadened genetic surveillance, it focuses on the wrong individual harm: the momentary (and “negligible”) intrusion of a cheek-swab, rather than the privacy implications of suspicionless DNA searches and lifelong inclusion in ever-searchable, all but permanent, law enforcement DNA databanks.
The Court’s pro-privacy decisions are often similarly contrived. In U.S. v. Jones, the Court held that the Fourth Amendment regulates the use of GPS trackers by law enforcement. The case presented difficult questions about the scope of privacy rights in public places in the face of new technologies that allow pervasive tracking of location and patterns of life. Instead of grappling with the implications of unchecked, ubiquitous location tracking, the Court fashioned a brand new legal rule rebuking the FBI’s minor physical intrusion onto the undercarriage of Mr. Jones’s Jeep. The Jones case, of course, wasn’t about the car; it was about the broader implications of the type of unchecked, automated, warrantless location surveillance, which has become increasingly routine.
In Jones, as in King, the justices of the Supreme Court understood the impact of their rulings on collective interests—those stakes are addressed in the merits and amicus briefs, the concurrences and dissents, and even in the majority’s dicta. But in each case, the Court went well out of its way to make those stakes seem tangential to what it framed as its real job, crafting rules to protect the cheeks and the car-undercarriages of individual Americans. This misses the forest for the trees. Even recognizing the need for strong limits on judicial decisionmaking (enforced in part through justiciability rules), one must believe that there is—there must be–better ways to do justice to the broader societal impact of legal rules that undermine privacy.
Privacy rights are worth protecting for reasons that go beyond any individual’s interests in avoiding embarrassing disclosures, minor physical intrusions, or pecuniary damage. Privacy rights are worth protecting because they create space for innovation, creativity, expression, dissent, competition, and political participation. They are a condition precedent to the healthy functioning of our political and economic system. Policymakers and courts should do more to recognize these social and collective interests protected by privacy in their decisions.
What are the doctrinal implications of recognizing privacy as a collective good? While there is no simple answer, we may look to our experience with other “collective rights” for guidance. When it comes to free expression, association, and voting, Courts and policymakers have long devised doctrinal mechanisms to fill the gaps between the individual and collective interests protected by these rights.
In First Amendment cases, courts apply a modified version of traditional standing requirements–the same requirements used to toss privacy and surveillance claims–to account for the societal harms of speech-chilling statutes. Under the Supreme Court’s overbreadth cases, litigants may challenge speech restrictions that are substantially overbroad even where they are unable to demonstrate individualized harm to their own speech rights. The collateral damage from overbroad statutes on speech and associational rights is just too high, and courts will strike such laws rather than to wait for the perfect litigant.
Courts have also relaxed standing requirements in election law. According to Saul Zipkin’s 2014 piece Democratic Standing, when adjudicating disputes involving voting rights courts “attribute structural or probabilistic harms to plaintiffs without an individualized showing of particular harm.” These doctrinal fixes are necessary to correct the awkward fit between the individual-harms focus of traditional standing doctrine and the core purpose of election law, which is the protection of a system and a process rather than of any individual vote:
Standing, premised on a litigant who has suffered injury in fact, fits awkwardly with election law, which often involves claims of harm to the electorate or the democratic process and presents contexts where it may be impossible to identify an individual who has suffered concrete harm. Surveying an array of election contexts […] demonstrates that federal courts have applied standing in a distinct manner in this setting, thereby positioning themselves as monitors of the electoral process. [From the asbstract].
Courts have not, to my knowledge, adopted similar corrective mechanisms in the context of privacy rights, though they have had several notable opportunities to do so (the Clapper case, discussed above, is a recent example).
Perhaps they should. Modified constitutional standing requirements—or at least a rethinking of what the harms from privacy intrusions entail—may be necessary to do justice to broader privacy interests, at the very least for the subset of privacy rights that are inextricably intertwined with freedom of thought, expression, and the proper functioning of the democratic process (what some have called the rights to intellectual privacy). In many other contexts, remedies crafted by lawmakers, rather than courts, are likely to be more appropriate.
Changing the discourse
To be sure, the doctrinal analogies discussed above quickly reach the limits of their usefulness. Changing a few laws is unlikely to get at the problem’s root, which is the contrived and outdated vocabulary of privacy rights and the wooden policy and political discourse built around it. Our inability to conceptualize privacy as more than a purely individual right is damaging: it drives our broken notice-and-consent model of privacy protection, and it makes genuine debate (whether in the courts or otherwise) about the costs and benefits of surveillance difficult and unwieldy.
The longer we avoid grappling with the broader implications of privacy intrusions–the longer we frame the issue as a question of balancing the individual preferences of a few civil libertarians against the convenience and security of the many–the more likely it becomes that the big questions will be decided for us: by technology, by fear, and by the inertia of a new status quo, created without deliberation.
Perhaps most good citizens do in fact believe that they have “nothing to hide, and therefore, nothing to fear” — whether they do is interesting, but largely besides the point. The more important question is whether we want to live a society where no one can hide anything, and what the heck we do if we’re already there. And that’s one we’re not likely to find answered in an opinion poll.
- Most of the arguments in this post are not novel. Articulating the connection between privacy rights and democratic values has been an important goal of privacy scholarship for a very long time. Several scholars have argued that the Fourth Amendment, in particular, should be thought of as a collective right–an argument that is supported by the provision’s reference to a preexisting right of the people to be secure against unreasonable government interference with persons, places, papers, and things. See this textualist analysis by David Gray, this recent commentary by Thomas Clancy, and this 1985 note from Richard McAdams. Similar perspectives find support in works by Dan Solove, Neil Richards, Danielle Citron, and many others.
- While I’ve been talking about privacy as a collective good, I suspect there may be better ways of describing the non-individual aspects of privacy rights. One option is to start thinking of privacy, or one type of privacy–the type that’s most likely to deserve the special standing rules described above, and so on–as a political right; a right properly grouped with a number of other political rights protected by fundamental laws in democratic states.
- I haven’t discussed European conceptions of privacy here. In my view the European focus on privacy harms as harms to individual dignity do not fare much better than our own when it comes to accounting for the societal and collective interests protected by privacy.
- A final point, which I think should be obvious. Recognizing privacy as a collective good does not imply privacy absolutism, but rather a recalibration of the scales and a change in our discourse to better account for the societal benefits of privacy.
UPDATE: The Supreme Court recently granted certiorari in Spokeo v. Robins, a case about the scope of Article III standing requirements. The case is notable as its facts center on an alleged violation of a data privacy statute, the Fair Credit Reporting Act. I haven’t read the petitions, but will try to share my thoughts when I do.
The views and opinions in this article are those of the author and expressed in his personal capacity.