Do you remember the first time someone read your most personal journal? I do. And I stopped keeping them after that. It feels like such a betrayal, not to mention a terrible invasion of privacy. Right? So what about when your credit card company or bank suddenly wants to replace your credit or bank card because your information might have been appropriated by a third party? Or your hydro company sends out a polite letter saying not to worry but just in case, they have to let you know that there might have been a security breach. Did you feel the same way you felt the day you found out your journal or some other personal document had been read? I’m willing to bet not. So how does that work? A bank isn’t a person but because the person who read it is, somehow it matters more. Am I wrong?
Did you know that 84 per cent of Internet users say they have never given away personal information online? Did you know that at least 89 per cent of Internet users have, in fact, given away their personal information online?
I am fascinated by the way the notion of privacy has evolved over time, particularly since the advent of the Internet and social media. On the one hand, I am an individual who voluntarily inhabits the virtual social space and on the other hand, I’m a legal adviser to a global company and I deal with matters relating to privacy and the management and control of data on a global scale. These worlds couldn’t be more different. Consider that whether a company is the controller or the processor, the statutory obligations to protect data and personal information are significant. And now consider that if you are published, have a web site (corporate or personal), a Facebook page, a Twitter account and/or a profile on LinkedIn, and any other semi-private or public personas, there could be a lot of information about you out there. It is conceivably accessible to anyone on the Internet. It’s basically a question of what we chose to share: whether we do so with forethought, or not.
A very salient case came out in the fall of 2010 that raised important questions about a person’s reasonable expectation of privacy as it relates to a Facebook account. In Lougheed Imports Ltd. (West Coast Mazda) v. United Food and Commercial Workers International Union, Local 1518, the employer terminated two employees on the basis of egregious and offensive conduct which took place, in part, on Facebook. The employees, “J.T.” and “A.P.,” were Facebook friends with other colleagues, they had nearly 100 and over 300 “friends” respectively, posted updates about their employer and other employees, and so the British Columbia Labour Relations Board ruled in the circumstances the pair “could not have a serious expectation of privacy given that 366 people [had] been granted access to the private site” and so the employer had acted within its rights to terminate their employment.
Let this be a cautionary tale to those who are friends with colleagues and who would trash their employers in what should now reasonably be considered to be a public forum: it could get you fired.
Turning back to the more philosophical side of the privacy discussion, an article I recently read in the British Wired brought to mind papers that I had written in grad school about the social “gaze” and it has made me consider how as individuals we regard that social gaze in a modern context — if at all. Jeremy Bentham had some interesting ideas indeed, and the article reminded me how intrigued I was by them in the past. If memory serves me correctly, at some point Bentham was asked to come up with the design for an efficient prison. The prison design had a centre spire or column of sorts having “Y”-shaped windows that were designed in such a way so that guards could look out at the prisoners, but the prisoners could not see the guards or indeed into this spire. Beyond the spire, the prisoners were to be housed in cells that were in a building having a similarly circular form, facing inward onto a courtyard and the spire, and outward onto the world. While in and of itself the model meant that fewer guards needed to be on-site, which would make it cheaper to maintain from a staffing perspective at least, the reality was that in practice the prisoners became increasingly paranoid and aggressive — as one can imagine — because they could never know when they were being watched or by whom.
Turning back now to modern social media, if you are on Facebook and have 300 friends, you can’t physically see or interact with them, or always know whether or not your postings are being viewed, saved, shared, or followed by them. So in actual fact, the external “gaze” in this case might not really be so different. Except we have a choice about whether or not to blind the gaze, say by deleting our account or by “un-friending” a particular person. This is quite possibly the key that makes it possible for us to embrace the “invisible” gaze online and not feel oppressed by it: choice. Community by any other name is still a community, virtual or live.
Informed consent is one of the key principles that drives much of the privacy law we have today. When it comes to individuals and companies that harvest information, anti-spam legislation (Bill C-28) has now been passed by the government in Canada and is due to come into force later this year. However, there is nevertheless the matter of the what, how, and into whose hands our personal information is going, whether or not we have statutory recourse. When it comes to our banks, utilities, and the like, most of us have faith they have the controls in place necessary to guard our personal information and data. But did it ever occur to you that when someone sends you a chain e-mail, there could be someone on that list of people you “replied” to who isn’t someone you know and who could be harvesting the valid e-mail addresses of everyone named in the e-mail so they can now spam this list with junk e-mails? There are many facets to privacy and this certainly isn’t the end of the discussion.
What is privacy in my opinion? Loosely guarded by most personally, covered by statute that most people and companies can scarcely comprehend, let alone adhere to (technically and practically/technologically) and quite possibly at serious risk of going the way of the dinosaur.
I know what you are thinking — I’m just as bad as you are — which is probably true, but then the seemingly personal information I put out could be misinformation. You shouldn’t believe everything you read just because it is on the Internet. . . .
Sarah Dale-Harris is corporate counsel at Accenture Inc. and can be reached at email@example.com or at 416-641-3151. The opinions expressed in this article are those of the author alone.