Digital Privacy vs Freedom: Is there really a trade-off?

This article was guest written by Mostafa Hegab and Basheer Alsayd, Writing Analysts at Unicast Entertainment

Privacy has been featured quite a bit in the news recently. From Facebook selling ad information to personal data breaches, the headlines have one thing in common: privacy. As personal data continues to be exploited, the focus has shifted from why we need privacy to how we can protect it as our dependency on the internet grows. The internet is a fairly new medium that continues to evolve, and we are constantly learning how to live with it. While large companies have harvested a significant amount of users’ personal information, they have also turbocharged the need for data protection laws. This urgency, however, has raised some concerns about certain freedoms. So while society takes on this debate once more, it might be beneficial to understand how humanity has dealt with privacy throughout the ages, and how privacy has become intertwined with democracy.

While digital privacy is the talk of the town nowadays, privacy as a broad concept has been persistent throughout human history. Ancient Greek philosophers were the first to take on the matter of privacy. In his writings, Aristotle makes a clear distinction between “public” and “private”, defining a place as “private” if the activities within the said place are independent of the larger society (Swanson, J. 1992). Ancient Roman society, often compared to its Greek counterpart, was also respecting of individuals’ privacy; not only that, Roman law contained a right to privacy. The law itself was not detailed, but its “guarantee of privacy” was enough for the time. Furthermore, private or “secret” correspondence was an interaction that was valued by Roman society (Periñán, B. 2012).  While neither the ancient Greeks nor Romans could have foreseen the internet, the basic right of privacy has not changed since then. 

As much as one might be inclined to believe that privacy has been a purely “Western” issue, that is not quite true. In the Muslim holy book, the Quran, Muslims are instructed not to spy on others and not to enter homes without first obtaining permission from the residents (Hayat, M. 2007). Not to forget the importance of privacy within the Catholic faith, as is evident with the ongoing debate on whether Priests are ethically obligated to report crimes they hear during confession.

 This debate about internet privacy is not even the first time humanity struggled with the balance between technology and privacy. The invention of the camera stirred debate about privacy in the late 1800s, leading lawyers Samuel Warren and Louis Brandeis (who became a Supreme Court justice) to define privacy as “a right to be let alone and a right of each individual to determine, under ordinary circumstances, what his or her thoughts, sentiments, and emotions shall be when in communication with others”, a definition that is in line with our modern understanding of privacy (Holvast, J. 2009). 

Having covered societies grappling with the privacy issue throughout history, what does this mean for the modern privacy debate? 

With the increasing accessibility of the internet, personal data has become digitized, making the rift between innovation and privacy grow larger. Since Facebook’s infamous Cambridge Analytica scandal, it has become more obvious than ever that the exploitation of users’ data can be used to obstruct freedom. Through harvesting a large amount of personal information, data companies have been able to target unsuspecting users to influence voting patterns. Although the incident shocked many, the exploitation of internet users’ personal information has been a cause for concern since the 1970s.

Activists  have been calling for data protection laws for quite a long time, with Germany passing the first of its kind in 1970. Among other things, the law classified email and IP addresses as personal data (Federal Data Protection Act, 1970). If there is any question as to whether these laws are necessary, one must contemplate why voting is accepted to be anonymous. Furthermore, if it is illegal to gather information on a citizen by going through their mail, shouldn’t the same apply to their email? 

Despite being the country that houses half of the world’s ten most profitable internet companies, the US is often portrayed as having ineffective privacy laws. While there is some truth to that, it is not entirely accurate. Due to the federal system, laws are often passed on a state level before national federal laws are crafted, thus leading to a federal system lagging when it comes to regulations. That is not to say that there are no federal laws that deal with privacy; for example, the US Privacy Act of 1974 limits the government’s ability to collect information about US citizens and guarantees citizens’ the right to access all the collected information, and, shockingly enough, even correct it. More famously though, the Health Insurance Portability and Accountability Act (HIPAA) protects patients’ medical information from being revealed to anyone without the consent of the patient, as well as the exploitation of said information by insurance companies and whoever might have access to it. 

Across the Atlantic Ocean, the European Union has a reputation for having stringent regulations when it comes to internet privacy. That is not unearned. The EU passed the General Data Protection Regulation (GDPR) in 2016, and it has become the benchmark against which all privacy laws are measured. The GDPR only allows the processing of personal data in 6 cases: consent, contract, public task, vital interest, legitimate interest, or legal requirement. Furthermore, the law states the companies must disclose all information they collect as well as data breaches that risk unauthorized access to clients’ personal data. However, the most interesting part of the GDPR is its insistence that companies conceal the identities of the individuals whose data is collected, when appropriate, through either pseudonymization or full anonymization. To put it simply, the data collected would not and could not be traced back to the subject it was collected from. That is what makes the GDPR the gold standard of privacy laws.

Yet, there are still some concerns about internet privacy. The GDPR was not enough. The reason? The EU is a great consumer market, but, when it compares to the world’s largest markets, it is not much more than that. With the ten largest internet companies being evenly split between China and the US, change must come from one of those two countries. The chances of China introducing strict privacy regulations that effectively hinder the ability of companies to collect and exploit consumer data are between zero and none, therefore such regulations must come from the US. Naturally, this is not encouraging. American congress is not particularly known for its speed in crafting and approving legislation. However, there is cause for optimism. Currently, there are three pieces of legislation awaiting approval that tackles privacy protection: the Consumer Data Privacy and Security Act, the Consumer Online Privacy Rights Act, and the Setting an American Framework to Ensure Data Access Transparency and Accountability Act. All three of these proposed legislations cover the same range of topics including, Individual rights, business obligations, and enforcement. Although they differ slightly in the provisions they have covered, they are very similar nonetheless and highlight what is currently at the forefront of privacy protection. The three bills guarantee the consumer’s the right to access, correct and delete their data that has been collected, and to opt-out of any and all data processing by online services. As for businesses, the aforementioned laws would ensure that they only collect the necessary data and would forbid its use outside a really specific and narrow scope.

With all these data protection measures potentially being put into place, there have been growing concerns regarding how these measures could hamper freedom of the press. A valid criticism against The General Data Protection Act, for example, has been made by human rights lawyer, Nani Reventlow, who believes that there has been a lack of effort to balance the GDPA against the right to freedom of expression. Reventlow argues that although the GDPA had provisions covering journalistic exemptions, the law has also been used as a weapon against journalists. One instance of this took place in Romania when local authorities tried to force an award-winning investigation portal to “reveal its sources following its publication of an investigation into a corruption scandal” (Reventlow, 2020). Although we believe that data protection is essential to a well-functioning democracy, it is also quite a tricky subject to address. There is ample nuance to be discussed when it comes to privacy laws, from limiting freedom of expression to hindering business practices; the subject is not so black and white.

However, some could argue that the pressing matter now is ensuring that privacy protection is implemented, even at the temporary cost of limiting freedom. Pankaj Sharma, a partner at Ernest & Young Consulting, argues that privacy has become such a major concern to the point where it has to overshadow freedom of speech. In his recent interview with Unicast Entertainment, Pankaj Sharma says “Freedom of speech is not so much of a concern, but privacy is a big concern, I would say…from a public policy person’s point of view. And what we saw is that sometimes self-regulation does not work….my own view is that privacy laws need to be brought in place and that much of a regulation is required.”

So even though certain aspects of the GDPA and other data regulation policies can be deemed counterintuitive to the nature of democracy, it is still obvious that they are necessary now to ensure the long-term protection of democratic values. Besides, democracies have always seen regulations that sounded anti-democratic when taken at face value, but with time and improvement, were proven to be effective in maintaining and making them more efficient. One example of this is the discussion surrounding representation in democracy. At first, there was a lot of criticism towards representative democracy for its less  “pure democratic” nature and the need for career politicians. But as it has been improved over the years, scholars have started to argue that representation is necessary due to its idea of deferral and its opposition to immediacy, arbitrariness, and hastiness (Urbinati, 2006). 

We maintain that even though freedom of expression is important, it is not absolute. What could be conceived as a limitation on said freedom, might just be what is necessary to protect it. That is the case with privacy protection laws. A necessary step that ensures an individual’s freedom to express themselves through their own free will without being subjected to exploitation.

If you are interested in hearing more on social media, regulation and freedom of speech, watch Unicast’s interview with Pankaj Sharma here https://youtu.be/tRJ-w3MnnyA ! 

References

1. Swanson, J. (1992). Introduction. In The Public and the Private in Aristotle's Political Philosophy (pp. 1-8). Ithaca; London: Cornell University Press. Retrieved May 30, 2021, from http://www.jstor.org/stable/10.7591/j.ctvn1t9wp.5

2. Periñán, B. (2012). The Origin of Privacy as a Legal Value: A Reflection on Roman and English Law. American Journal of Legal History, 52(2), 183–201. https://doi.org/10.1093/ajlh/52.2.183

3. Hayat, M. A. (2007). Privacy and Islam: From the Quran to data protection in Pakistan. Information & Communications Technology Law, 16(2), 137–148. https://doi.org/10.1080/13600830701532043

4. Holvast, J. (2009). History of Privacy. The Future of Identity in the Information Society, 13–42. https://doi.org/10.1007/978-3-642-03315-5_2

5. Reventlow, N.J. (2020). Can the GDPR and Freedom of Expression Coexist? AJIL Unbound, 114, 31 - 34.

6. Urbinati, N. (2006). Representative democracy: Principles and genealogy. Chicago: University of Chicago Press.