The Privacy Paradox: We have both too little and too much privacy
Privacy was never an easy matter. Most humans want a reasonable degree of privacy, but want to be nosy too. It has always been a tricky balance.
Privacy is intimately connected to rights, and, in our society, there is a constant swinging of the pendulum back and forth between emphasis upon individual rights and emphasis upon collective rights. A case could be made that in recent times the pendulum has swung a bit too much towards individual rights and a bit too far from collective rights, but that is a discussion for another day.
Nonetheless, debates about rights contain some very important lessons that can inform debates about privacy as well. We have lots of jurisprudence about rights and their boundaries. One boundary where rights cease is the point at which harm to another person begins. No-one has the right to harm another. The old adage that the right to swing one’s arms stops just short of someone else’s nose is a folksy and pithy expression of this well-tested principle.
So how could it be possible to have both too little and too much privacy? The debate about rights holds the clue. It is entirely likely that there are two distinct types of privacy. The first type would be privacy about matters dear to you but which will not harm others. Perhaps we should call this type of privacy “NEB privacy”. The NEB stands for Nobody Else’s Business. But there is also the matter of the sort of privacy which many desire, out of guilt, embarrassment or the risk of disadvantage, which would be privacy about something which has a non-trivial risk of harming others. Perhaps we should call this type of privacy “ROID privacy”. The ROID stands for Risk to Others of Injury or Death. There can, of course, be questions about a grey zone between these two types, but more on that later.
It seems to me that today we have too little NEB privacy and too much ROID privacy. I’ll deal with the easy one first.
The decline of NEB privacy is fairly obvious, as it has been considerably exacerbated by the communications revolution. Some of that decline has been accepted as a fact of life. We have largely acquiesced to having our shopping (and window-shopping) tastes tracked on line, with internet data mining having become a major industry. But there is also a profoundly seamy side to it as well. Hackers and fraudsters have a vastly easier time engaging in identity theft than was once the case, and slightly naïve folk are frequently amazed to see private electronic communication with friends, especially on social media, end up being distributed to an unlimited audience. The unwary can find that reputations can become quite fragile when a few ill-chosen words delivered to a relative or close friend a decade or so in the past can be resurrected with a few clicks and held out to be both contemporary and meaningful.
Intrusions into NEB privacy by electronically enabled fraudsters has resulted in not only an extraordinary amount of financial loss, but also in a remarkably low arrest and conviction rate for such offenses. At some point government will need to mandate the deployment of both passive and active countermeasures to prevent things like phone number spoofing and identity and site hijacking. There has long been a reluctance on the part of government to impose on the purveyors of electronic communications services the obligation to cleanse and insulate their networks from a wide range of illicit and fraudulent activities, because of the difficulty and cost of doing so. And there will always be a technological race between the crooks and the regulators, but that is hardly an excuse not to try to regulate.
High-school age children are especially vulnerable to the loss of privacy in the cybersphere, because they often combine poor judgement in what they thought was private speech and lack of resilience when their words or images are amplified by malicious electronic distribution. Hence the huge uptick in cyber-bullying.
And at the less damaging end of the spectrum, loss of NEB privacy can still be thoroughly annoying. A few months ago I did write a piece in this magazine which touched, in a more light-hearted way, on some of the intrusions caused by the tech revolution (Fruits of the Tech Revolution: The Good, The Bad, and the Absurd). Our inability to block the intrusions has, of course, created a sort of verbal arms race, and I find myself having to invent new responses to the apparently unstoppable flood of spam and scam phone calls, always from new (spoofed) numbers. My latest favorite retort is, “Do your parents know that you are playing with the telephone?”
But if the erosion of NEB privacy is annoying and sometimes harmful, the rise of ROID privacy risks dramatically more harm.
Of course, the Covid-19 pandemic has brought the issue of new and exaggerated ROID privacy to the fore. It is worth noting, however, that spreading a communicable disease is not the only way in which individuals may be dangerous to those around them. Nonetheless, I will begin with some Covid-related analysis and then broaden the discourse.
Last summer a friend of ours needed to take her car to the dealership for some service work. The dealership offered a courtesy shuttle service to take her home. The shuttle consisted of a van with some passengers and a driver. A cautious person of an age for which Covid can be very dangerous, she asked if all had been vaccinated. The passengers affirmed that they were, but the driver became irate, claiming that she had no right to ask him that question.
While I am convinced that he was wrong, many in our society share his peculiar belief that asking them public health related questions like their vaccination status, health status, or travel history is an invasion of their privacy. They also expect that their exaggerated privacy rights will extend to their employment setting. Furthermore, they believe that the modern trend to ask them such questions is a new encroachment on some long-established privacy right. Many of those who believe in such forms of privacy are so strident about it that some organizations in our society have acquiesced to their views, albeit a bit reluctantly, and have allowed them to be present or to work without answering such questions.
And, unsurprisingly, many of the folk who think that their public health status is a private matter are the same ones who feel that compliance with public health rules is a matter of individual choice.
However, their dearth of historical knowledge is striking. Their alleged privacy rights with respect to ROID privacy are not of long standing. To the extent that they exist, they are recent and informal. I recall that even over 60 years ago, when I travelled, I had to carry my yellow vaccine passport and present it when requested. Furthermore, the much-vaunted confidentiality of the so-called doctor-patient relationship has never been absolute. Indeed, obligatory reporting with respect to certain communicable diseases is of long standing. But other reportage is required as well, so if a physician feels that some health condition, be it cardiovascular, metabolic or neurological, might make it unsafe for a person to drive, that too is reportable.
Furthermore, the questioning of apparently well persons about where they have been, with the possible outcome of a period of quarantine, is also not a new “invasion of privacy”, as some have claimed, but has an extraordinarily long history.
Quarantine orders based not upon symptoms but merely based on where one had visited have been widely used in Europe for well over six centuries. The plague that swept Europe from 1346-1353, and returned periodically thereafter, made early legislators somewhat aware of patterns of disease transmission. On July 27, 1377, in the Republic of Ragusa (centred on what is today the city of Dubrovnik, not the city of Ragusa in Sicily), the governing council passed an ordinance requiring all those aboard visiting ships to first spend 30 days (a “trentine”) on a nearby unpopulated island. In general, quarantines first became widely used during that century to protect port cities from plague. Venice, for example, required ships coming from infected ports to stay at anchor for forty days (quaranta giorni), hence quarantine. The vast majority of communicable illnesses have much shorter incubation periods, of course, but the biblical importance of forty days gripped the imaginations of the time. After all, the first great quarantine was Noah’s 40-day highly diverse couples cruise, during which time the rest of the planet was disinfected. There has been some modernization since then, and, today, the word is applied to isolation periods tailored to actual incubation periods.
So, it does indeed bother me when I hear of folks invoking privacy rights as an excuse for not answering reasonable questions that bear on the probability of them being infectious, and hence dangerous to those around them. It is perhaps instructive to take note of the questions one is asked on entering a hospital or vaccine clinic site. Logically, anyone ought to be able to ask and get an answer to those questions if they are expected to be anywhere near the person they are asking, especially indoors.
But dubious expectations of ROID privacy are not exclusively about risks of injury or death related to the transmission of communicable diseases. Some of it relates to risk of injury or death from assault, in all its forms. Causing another person physical harm intentionally is a criminal offense, and convictions for doing so are a matter of public record. There is an exception in those cases where the perpetrators are under the age of 18, and the Youth Criminal Justice Act (YCJA) applies, usually conferring anonymity to assist rehabilitation. However, even under the YCJA, in rare cases, youths are given adult sentences, in which case their identity is known. Occasionally, as well, a judge may declare that the name of a convicted juvenile should be made known because of risk to the public. So, we have a legal system the original intent of which was that a person’s history of conviction for violence would be known to those with whom they will subsequently interact, except for the above-mentioned exception for the very young.
There are good reasons for this, not the least of which is risk mitigation, because of concern over possible recidivism. Simply put, there is a greater likelihood that those who have already been convicted of violent offences will reoffend than there is that some average member of the public will commit a similar act in the first place.
However, over the past few generations, the safeguards that came from knowing who was inclined to be violent eroded, as population increased and we gathered in larger and larger urban areas. Cities confer anonymity. Villages do not. The anonymity of the city conferred a sort of informal de facto privacy, so that an inconvenient or embarrassing history of criminal violence might well not be known to the neighbors of the person with that history. This accidental conferring of ROID privacy for violent offenders is of recent origin, because, historically, our towns and cities were so small that every knew everyone else, and knew pretty much everything about them. I live in Kingston, Ontario. During the War of 1812, it had a population of 2,250. Toronto (then called York) was smaller, at 1,460. Even by 1834, Toronto still only had 9,252 residents. Four years after Confederation, in 1871, our capital, Ottawa, boasted only 21,525 inhabitants. Clearly, back then, the communities were small enough that everyone knew so much about every one else’s business that no ROID privacy related to any history of violence could possibly have existed. Thus, this sort of ROID privacy is, by historical standards, something of a new fad. No doubt, a case could be made that a modicum of ROID privacy of this sort is a good thing, helping folks put the past behind them. But it is my view that it has now gone rather too far in the urban setting. After all, if I knew that a neighbor had a prior conviction for flying into a rage and injuring or killing someone, I’m pretty sure I would mitigate my risk by not complaining to him about his dog crapping on my lawn.
Another context in which there is a risk of inappropriate ROID privacy being generated relates to occupations which have some duty of confidentiality. I won’t address the issue of the secrecy of the confessional in the Catholic Church, as there are a sufficient number of mystery novels and films that explore the moral dilemmas that priests encounter. But lawyer-client privilege, physician-patient confidentiality, the press custom of protection of the identity of sources, and the confidentiality expected of ombudspersons all raise questions about ROID privacy. For each occupation, the confidentiality is important, but there is always a delicate balancing act if something is learned, perhaps accidentally, which presages possible harm to others, or to the client.
Of the four occupations, I have a sense, based upon reading, and a few interviews, that, for the most part, the lawyers handle the tricky balance fairly well. They are all trained to reflect upon three questions before using the public safety exception to break privilege, specifically:
(a) Is there a clear risk to an identifiable person or group of people?
(b) Is there a risk of serious bodily harm or death?
(c) Is the threat of danger immediate or imminent?
If they answer yes, they know they can break privilege. But the problem they face is that the questions don’t specify how much risk. It’s always a guess. Plus, they’re really going to irk the client, who is sometimes a scary character. Looking back, I think most get it right. But a handful do not.
Physicians seem to have more difficulty with the tricky balance. For them, there are two categories of exceptions to their obligations to protect confidential patient information. One is the range of matters where they are explicitly required to report, and compliance is very much the norm in such situations. More problematic for them are the matters where they are permitted to disclose, but not required to. Canadian courts, including the Supreme Court, have not imposed a mandatory duty on physicians to alert third parties of a danger posed by a patient. But while they are not obligated to, they may disclose confidential information when they have reason to believe that there is an imminent risk of serious bodily harm or death to an identifiable person or group. While it is hard to gather any statistical material on this, it seems likely that many practitioners are quite reluctant to exercise their right to warn when it is not explicitly mandated.
Journalists, for the most part, feel strongly that the maintenance of a free press means that they have the unfettered right not to disclose their sources. Often that is true. But not always. It is eleven years since the Supreme Court of Canada (SCC) found for the Crown in R v. National Post. It is now clear that confidential sources must be disclosed in those fairly rare cases where the needs of law enforcement trump the interests of the media, despite the recognition of the important role that confidential sources play in making sure that stories of the public interest are brought to light. I remain uncertain that all of our journalists fully accept the tricky balance, and I suspect that in some cases their understandable desire to protect sources sometimes causes them to choose confidentiality over public safety and effective enforcement of the law.
Ombudspersons are in an even more difficult situation, as their potential clientele may be scared off if there are doubts about the confidentiality of their discussions. But sometimes ombudspersons have a duty to warn of impending danger. Carrying out that duty can be hard on them, and can, in some cases, compromise their ability to carry on. There are a couple of pages on just such a case in section 2 of my report to the Board of Governors of Concordia University of the extensive Board of Inquiry that I conducted there in 1994 (The Cowan Report). It convinced me that ombudspersons may be substantially disadvantaged if they perceive a duty to warn, and break ROID-type confidentiality in the interests of public safety. It is only logical, then, to assume that this occurs somewhat less frequently than it should.
It is also worth noting that there is something of a privacy movement, or privacy lobby, in Canada. There are, as well, federal and provincial privacy commissioners, who are expected to be essentially privacy regulators, though some have come close to being privacy advocates.
Privacy advocates largely consider themselves to be progressives. When the privacy movement and its advocates press for increased NEB privacy, I consider them to be on the side of the angels. But, because my quaint notion that there are two distinct types of privacy is not shared by all, when advocates press for strengthening ROID privacy, it feels to me a bit like trying to recreate the lawlessness and turmoil of Wild West. I indicated earlier that I thought the pendulum had swung a bit too far towards individual rights, and away from collective rights, and ROID privacy is part of that overswing.
So that brings me back to my original hypothesis about having too little NEB privacy and too much ROID privacy. But in the paragraph where I introduced this odd notion of two distinct types of privacy, I did hint that this sorting into two bins might be an over-simplification, and that there was doubtless an indistinct grey zone between them. Of course, this must be so. There are other forms of harm that are not physical, but I nonetheless opted to define the ROID privacy bin as limited to a connection to risk of physical harm. Furthermore, one needs to ask questions like, “How great a risk (probability)?”, and “How much harm?”. It is clearly not possible in an article of this length to parse out what parts of the grey zone should see improved or weakened privacy. But the stimulus for reflecting on this came in the first instance from some folks’ dubious privacy claims related to the Covid pandemic we are living through. So, reflecting upon communicable diseases only, I can say at least that I’m confident that a person’s Covid and vaccination status is a ROID type of privacy issue, and their athlete’s foot status is a NEB privacy issue.
Photo: iStock