May 192012

There’s no discussing technology law without discussing how it implicates privacy.  But privacy is such a broad concept; to discuss it in any meaningful requires a definition with more detail.

I see there being (at least for purposes of the sort of discussion on this site) two main types privacy: privacy from the government, and privacy from other individuals.  And when it comes to regulating the intersection of privacy and technology, these two types of privacy require very different treatment.

It’s not that privacy is unimportant in either sphere.  Knowledge is power, and knowledge of the details of people’s lives gives power over them.  It therefore makes sense for law to regulate when and how that knowledge can be collected and used.  But that regulation does not necessarily mean outright prohibition.  It’s important to balance the reasons for and against information collection for both types of privacy — but that balance will be different for each.

Privacy from the government protects people from government intrusion in their affairs.  This protection is important because information is the fuel the state uses to prosecute.  Of course, sometimes the government does have a legitimate need to seek this information.  Crimes do happen, and with probable cause to believe a particular person is culpable, the state may legitimately seek out informational evidence to prove it.  But how we decide when those needs are legitimate, and how we allow technology to be deployed in furtherance of those needs, is something we need to carefully consider.  Law should ensure that these exceptions are drawn no more expansively than necessary in order not to expose people to undue state scrutiny and prosecution.

Privacy from other individuals prevents those other individuals from leveraging the information they glean in a harmful way.  But regulation of how this information is collected and used requires more nuance than the more absolute prohibition against government access to private data.  For these issues we need to define such things as who is doing what data collection, under what pretense, for what purpose, with what notice, and for what benefit.  We can’t regulate it all with a sledgehammer without inviting more problems.

While we may wish the technologies of today to handle privacy better, we would certainly not want to wish them away entirely.  We would not even be faced with these technologies’ downsides if we didn’t also benefit from their tremendous upsides, and if we don’t regulate carefully we risk destroying the latter while trying to deal with the former.  We have only been able to get the benefits of these technologies because people were free to develop them as their imagination saw fit.  But heavy-handed regulation will prevent innovators from developing the next exciting tools, better tools that might even be able to mitigate some of the privacy problems of the current generation.  We need a regulatory regime that allows this future to develop, for who can innovate with the threat of liability hanging over their head?  Privacy regulation of this type therefore needs a delicate touch, to minimize the harmful effects technology may cause without causing harm to its promise.

  One Response to “On regulating privacy and technology”

Sorry, the comment form is closed at this time.