Global Privacy Issues
Summary and Keywords
Despite cultural differences, privacy tends to be rather universally viewed as important in protecting some realms of life that are seen as off limits to society more generally. Yet privacy has also been the cause of significant global issues over the years. In the late 1960s and early 1970s, government agencies and private sector organizations increasingly adopted computers to maintain records, precipitating a concern with the rights of the individuals who were subjects of that data and with the responsibilities of the organizations processing the information. During the 1980s, international and regional bodies recognized that domestic laws could affect the flow of personal information into and out of a country, bringing scholarly and policy attention to the issue of transborder data flows. Somewhat paralleling the principally business dominated debate and analyses over transborder data flows was a broader discussion about privacy issues resulting from global communication and information systems, particularly the internet, during the 1990s. The focus in policy and scholarship was less on variations in national laws and more on two features of networked communication systems: first, the technical infrastructure supporting the flow of information; and second, the globalization of communication systems and information flows. Later on, the privacy landscape and discourse changed dramatically throughout the world after the terrorist attacks in the US on September 11, 2001. Concerns about privacy and civil liberties were trumped by concerns about security and identifying possible terrorists.
Keywords: privacy, global privacy, computerized record-keeping, transborder data flows, privacy laws, privacy issues, global communication and information systems, terrorism, networked communication systems
The value of privacy has long been recognized across cultures and historical time periods and indeed is one that some argue is physiologically embedded in human beings as well as in animals (Westin 1984). Over the same time and again across cultures, questions of appropriate intrusions on privacy have been debated and most often framed as concerns about the relationship between the public and private realms, the state and society, and the individual and society. National statutes and constitutions, as well as international agreements, frequently express a country’s understanding of the role and importance of privacy in these relationships. In modern times national and international debates and research about privacy have primarily focused on the privacy of personally identifiable information. The timing of such concerns coincided with the large-scale use of computers for processing personal information, which for advanced industrial countries was generally the mid-1960s.
Intellectual and Social Dimensions
As a value privacy’s importance extends back to earliest times with some recognition of privacy concepts noted in the Bible, classical Greek writings, the sayings of Mohammed, and Jewish law (Konvitz 1966; Moore 1984; Hixson 1987; Rosen 2000). As will be discussed below, philosophers, social scientists and legal analysts note that privacy is an enormously difficult concept to define. Nevertheless there is agreement that privacy is an important value and that its meaning and importance vary by culture as recognized by anthropologists and social psychologists (Mead 1949; Altman 1977; Margulis 1977; Moore 1984), as well as more recently by researchers doing cross-cultural studies of privacy in the context of health care provision (Monshi and Zieglmayer 2004). Scholars also agree that privacy is a “relative, contextual concept” (Gutwirth 2002:29).
Despite cultural differences, privacy tends to be rather universally viewed as important in protecting some realms of life that are seen as off limits to society more generally. The home, for example, is often viewed as a sanctuary to which people can retreat for solitude and intimacy beyond the unwanted gaze of others. In this sense privacy is regarded as a boundary delineating what is public or semi-public from what is private. Aristotle, for example, noted such a boundary in delineating the oikos, the private sphere associated with the household and family, and the polis, the public sphere associated with the body politic and work of government (Aristotle 1962). In Enlightenment liberal thinking, the public–private distinction was retained with emphasis on the tension between the individual and the larger social and political entity of which the individual was a part. Thomas McCollough points out: “Both Hobbes and Locke began in their political theorizing with the atomistic unit of the self-interested individual; the problem was how essentially separate individuals, with private and conflicting interests, could coexist in tolerable harmony” (McCollough 1991:66). In the Second Treatise on Government (1690), Locke (1952) argued that the government is a mechanism for public protection of certain private ends, including life, liberty, and property. In On Liberty (1859), John Stuart Mill posited that the private sphere of the individual was important not only in individual development but also in realizing the preferred public sphere: “In proportion to the development of his individuality, each person becomes more valuable to himself, and is therefore capable of being more valuable to others. […] When there is more life in the units there is more in the mass which is composed of them” (Mill 1939:998). This public–private distinction, as Jean Bethke Elshtain pointed out, operates both as a symbolic form and as a political and moral exigency and has profound implications for certain social groups, including women (Elshtain 1981). Where this boundary is placed and the circumstances under which it may be legitimately breached vary much according to culture and historical time period. Such a boundary is now viewed as increasingly problematic as technological changes make it more difficult to define spaces in such a simplistic way (Nissenbaum 1998) but for much of history such a boundary was recognized by many countries and cultures (McCloskey 1971).
Conceived as a boundary between public and private realms, privacy has been of most interest to liberal political philosophers and to the Western, particularly the Anglo-American, legal community. The most often quoted and most often referenced writing in this tradition is Samuel Warren and Louis Brandeis’s 1890 Harvard Law Review article in which they defined the “right to privacy” as the “right to be let alone” (Warren and Brandeis 1890:193). They focused on a technological change, instantaneous photographs and newspaper publishing, which made it possible to invade “the sacred precincts of private and domestic life” (Warren and Brandeis 1890:195). Their notion of privacy was defined very much in terms of the individual and the need for a personal space. As they eloquently stated, “The intensity and complexity of life, attendant upon advancing civilization, have rendered necessary some retreat from the world, and man, under the refining influence of culture, has become more sensitive to publicity, so that solitude and privacy have become more essential to the individual” (Warren and Brandeis 1890:196). Warren and Brandeis anchored the right to privacy in the common law, specifically the protection for intellectual and artistic property which they viewed as arising from the principle of an “inviolate personality” (Warren and Brandeis 1890:205).
The Warren and Brandeis article precipitated legal discussions about whether the common law did in fact protect privacy and what aspects of the common law were most relevant. In examining tort law development in the US, William Prosser found that by 1960 most courts recognized privacy rights as being protected from four kinds of invasions: intrusion, public disclosure of private facts, placing someone in a false light in the public eye, and appropriation of an individual’s name or likeness (Prosser 1960). The Warren and Brandeis article also generated legal and philosophical discussion about whether the right to privacy was protected by common law or was a more fundamental human right. Edward Bloustein took issue with Prosser and argued that privacy involved the protection of “human dignity” (Bloustein 1964/1984:181) with social value attached to privacy as there was a “community concern for the preservation of the individual’s dignity” (1964/1984:191). Arnold Simmel similarly viewed privacy as protecting “the sacredness of the person” (Simmel 1968:482) and an invasion of privacy as “an offense against the rights of the personality – against individuality, dignity, and freedom” (Simmel 1968:485). This latter thinking was important in moving thinking about privacy from the confines of common law and situating it more firmly as a fundamental right, and a right that entailed broader social importance.
Although the common law view of a right to privacy continued to be dominant in Anglo-American law, the human dignity view was adopted in constitutional protections in several European countries, such as France and West Germany, and in the international movement for human rights (Flaherty 1989:9). For example, Article 12 of the 1948 United Nations Declaration of Human Rights stated: “No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks” (www.un.org/Overview/rights.html, accessed Nov. 8, 2009). The same year the Organization of American States in its Declaration of the Rights and Duties of Man avowed that “Every person has the right to the protection of the law against abusive attacks upon his honor, his reputation, and his private and family life” (www1.umn.edu/humanrts/oasinstr/zoas2dec.htm, accessed Nov. 8, 2009). In 1966, the International Covenant on Civil and Political Rights embraced a similar concept of privacy in Article 17: “No one shall be subjected to arbitrary or unlawful interference with his privacy, family, home or correspondence, nor to unlawful attacks on his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks” (www.hrweb.org/legal/cpr.html). The European Convention for the Protection of Human Rights and Fundamental Freedoms in 1970 noted the importance of such a right in this language in Article 8: “Everyone has the right to respect for his private and family life, his home and his correspondence.” It then, however, went on to recognize the need for some legitimate limitations on this right:
There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others. (http://conventions.coe.int/treaty/EN/Treaties/html/005.htm, accessed Nov. 8, 2009)
This list of interests that arguably compete with the right to privacy is quite extensive and the need to balance such competing rights and interests presents a challenge at a variety of historical moments.
Questions about the relationship among human rights, human dignity, and political regime type have been of interest to both political philosophers and international studies scholars. Howard and Donnelly, for example, conceive of conceptions of human dignity as reflecting an understanding of the moral worth of the person while human rights are social practices that encompass entitlements to make claims against the state. They argue that human rights actually require a liberal regime (Howard and Donnelly 1986:802). Of most interest to this discussion is their typology reflecting the valuation of privacy in different regime types. Liberal regimes place high value on privacy; minimal regimes place very high values on privacy; traditional and communist regimes both place very low values on privacy; and corporatist and developmental regimes place low value on privacy (Howard and Donnelly 1986:814).
The modification in the 1970 human rights convention, conceding the need for some limitations on the right to privacy, reflects the struggles that philosophers and legal scholars continued to have in defining privacy and in identifying the realm of privacy that was legitimately protected given the competing needs of societies, governments, and other individuals. Alan Westin began his seminal book Privacy and Freedom stating that “Few values so fundamental to society as privacy have been left so undefined in social theory or have been the subject of such vague and confused writing by social scientists” (Westin 1967:7). A large component of writing about privacy focused on the functions privacy served and the needs of individuals for solitude, intimacy, anonymity, autonomy, emotional release, self-evaluation, and relationships of love, friendship, and trust (Westin 1967 and Fried 1968). There was also renewed attention at this time to more clearly delineating the appropriate boundaries between private and public. A collection of essays by the American Society for Political and Legal Philosophy well represents this discourse. The editors framed their discussion in terms of modern polities growing “more congested, complicated, and powerful vis-à-vis their citizens” (Pennock and Chapman 1971:vii) thus increasing disputes about the boundaries between the private and the public. A number of writers began by acknowledging that privacy had some social importance or was derived from a social context. Carl Friedrich, for example, argued that privacy served several functions in a democratic society and that the destruction of privacy was often regarded as the core of totalitarianism (Friedrich 1971:107–19). But most of the scholarship during the 1970s underscored privacy’s importance to the individual and its role as a boundary between public and private (Rachels 1975; Scanlon 1975; Thompson 1975).
Sociologists offered a perspective on privacy that was more rooted in its importance to society. Robert Merton argued that “Privacy is not just a personal predilection; it is an important functional requirement for the effective operation of social structure” (Merton 1957:375). Social psychologists, such as Altman (1977) and Margulis (1977; 2003), underscored privacy as a social process and argued that its understanding involved appreciation of a range of social interactions including people, the societal context, the physical environment, and the time period. While much of the twentieth century thinking about privacy focused on its value for the individual, in the twenty-first century scholars are placing more importance on its broader importance as a public, social, and collective value (Regan 1995; 2002), as a key component of “contextual integrity” (Nissenbaum 2004), as “inter-subjectively constituted through social interaction” (Steeves in press) and as a resource for the making of identity and social meaning (Phillips in press).
In addition to the recognition of privacy as a social value as well as an individual value, philosophical and social science thinking about privacy in the latter twentieth and early twenty-first centuries has been informed by the writings of Michel Foucault (1977), a “foundational thinker” in the interdisciplinary area of “surveillance studies” (Wood 2003:235). Foucault elaborated on Jeremy Bentham’s concept of the Panopticon, adopting it as the central image to understand the impact of modern surveillance techniques with their concomitant technology of power and social control. Foucault emphasized the design of the Panopticon which assured that one may always be seen without knowing when, creating “a state of conscious and permanent visibility that assures the automatic functioning of power” (Foucault 1977:201). Power was then automated, disindividualized, and made efficient. Most importantly the panoptic arrangement is generalizable and easily transferred to other social settings, resulting in “the disciplinary society” (Foucault 1977:209). Other sociologists, such as Anthony Giddens (1985) and David Lyon (1994), disagreed that this type of disciplinary power expresses the nature of state administrative power and social power more generally. Nonetheless Foucault’s concepts of social control and of classification have served to underscore the power – rather than the privacy – and the implications of surveillance and to inform theoretical critiques of, and empirical research on, surveillance and privacy (Gandy 1993; Green 1999; Norris and Armstrong 1999). Oscar Gandy, for example, refers to organizational monitoring of individuals as the “panoptic sort” – “a kind of high-tech cybernetic triage through which individuals and groups of people are being sorted according to their presumed economic or political value” (Gandy 1993:1–2). The result of the panoptic sort’s “identification, classification and assessment” (Gandy 1993:24) is discrimination of certain groups.
The 1960s: Computerization and Privacy – National Perspectives on a Global Trend
In the late 1960s and early 1970s, government agencies and private sector organizations increasingly adopted computers to collect, retain, exchange, and manipulate personally identifiable information (Miller 1971; Westin and Baker 1972; Rule 1973). In all countries this innovation in record-keeping precipitated a concern with the rights of the individuals who were subjects of that data and with the responsibilities of the organizations processing the information. Two models emerged during this time: some countries adopted a data protection approach and others a civil liberties approach (Flaherty 1989; Bennett 1992; Regan 1995). The data protection approach viewed the problem as one of accountability and responsibility on the part of the organizations collecting and using personally identifiable information. The solution then was framed in terms of placing procedural requirements for and oversight mechanisms of these organizations. The civil liberties approach viewed the problem as one of possible violation of rights of individuals in the context of their disclosure of information to organizations and the organizations’ subsequent uses and elaborations on that information. The solution in this model was framed in terms of giving individuals legal rights by which they could find out what personally identifiable information was being collected and the uses and exchanges of such information and grievance mechanisms by which they could challenge organizational practices and information quality.
At the core of both of these approaches was the framework of “fair information principles”; the two approaches differed mainly in whether these principles would be enforced by government oversight or by individual redress of grievances. The principles were first developed in the US by the Department of Heath, Education, and Welfare’s (HEW) Advisory Committee on Automated Personal Data Systems. Its report, Records, Computers, and the Rights of Citizens, recommended the enactment of a Code of Fair Information Practices. Other countries adopted similar fair information principles in their national legislation and the Organization of Economic Cooperation and Development (OECD) incorporated the core of these principles in its 1980 guidelines on the protection of privacy (see Table 1 for summary of both sets of fair information principles).
Several political scientists and legal scholars evaluated these two approaches both in terms of understanding why countries were more likely to adopt one approach instead of the other and in terms of evaluating which approach was likely to be more effective. David Flaherty conducted a detailed comparative study of the adoption and implementation of privacy and data protection laws in five countries – the Federal Republic of Germany, Sweden, France, Canada, and the US. His in-depth study of each country’s politics and legal issues was based both on interviews with key participants and on government reports and documents. His analysis concluded with an emphasis of the critical role that an independent data protection agency plays in ensuring the effective implementation of laws designed to protect personally identifiable information. As he stated “it is not simply enough to pass a data protection law” (Flaherty 1989:381). Priscilla Regan examined how issues of policy implementation affected the formulation and adoption of personal information policies in the US and Britain. She concluded that in this case, when implementation questions were raised during policy formulation, programmatic goals were sacrificed to questions about how the policy would be executed, and the interests of the bureaucracy weakened the personal information policy adopted (Regan 1984). Colin Bennett analyzed the policy processes resulting in privacy or data protection legislation in Sweden, the US, West Germany, and Britain in order to determine whether policy convergence or divergence was a result of technological determinism, emulation, elite networking, harmonization, or penetration. He concluded that pressures for convergence of policy in this area were likely to increase as the technology itself became more transnational, as insecurities about their effects intensified, and as international regimes promoted harmonization among laws (Bennett 1992:251).
Table 1 Fair information principles
1973 HEW Code of Fair Information Practices
There must be no personal record-keeping system whose very existence is secret.
There must be a way for an individual to find out what information about him or her is in a record and how it is used.
There must be a way for an individual to prevent information about him or her that was obtained for one purpose from being used or made available for other purposes without his or her consent.
There must be a way for an individual to correct or amend a record of identifiable information about him or her.
All organizations creating, maintaining, using, or disseminating records of identifiable personal data must assure the reliability of the data for their intended use and must take precautions to prevent misuse of the data.
1980 OECD Guidelines on the Protection of Privacy
Collection Limitation Principle. There should be limits to the collection of personal data and any such data should be obtained by lawful and fair means and, where appropriate, with the knowledge or consent of the data subject.
Data Quality Principle. Personal data should be relevant to the purposes for which they are to be used, and, to the extent necessary for those purposes, should be accurate, complete and kept up-to-date.
Purpose Specification Principle. The purposes for which personal data are collected should be specified not later than at the time of data collection and the subsequent use limited to the fulfillment of those purposes or such others as are not incompatible with those purposes and as are specified on each occasion of change of purpose.
Use Limitation Principle. Personal data should not be disclosed, made available or otherwise used for purposes other than those specified in accordance with Paragraph 9 except: a) with the consent of the data subject; or b) by the authority of law.
Security Safeguards Principle. Personal data should be protected by reasonable security safeguards against such risks as loss or unauthorized access, destruction, use, modification or disclosure of data.
Openness Principle. There should be a general policy of openness about developments, practices and policies with respect to personal data. Means should be readily available of establishing the existence and nature of personal data, and the main purposes of their use, as well as the identity and usual residence of the data controller.
Individual Participation Principle. An individual should have the right: (a) to obtain from a data controller, or otherwise, confirmation of whether or not the data controller has data relating to him; (b) to have communicated to him, data relating to him within a reasonable time; at a charge, if any, that is not excessive; in a reasonable manner; and in a form that is readily intelligible to him; (c) to be given reasons if a request made under subparagraphs (a) and (b) is denied, and to be able to challenge such denial; and (d) to challenge data relating to him and, if the challenge is successful to have the data erased, rectified, completed or amended.
Accountability Principle. A data controller should be accountable for complying with measures which give effect to the principles stated above.
Source: US Department of Health Education and Welfare, Secretary’s Advisory Committee on Automated Personal Data Systems (1973), Records, Computers and the Rights of Citizens (Washington, DC: Government Printing Office) and OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data
Analyses of privacy and data protection laws in a number of countries also generated more refinement of the approaches that countries were taking to address the issues of information privacy. Bennett (1992:153–61) identified five models:
• voluntary control – organizations responsible for self-regulation of their practices to keep them consistent with fair information practices;
• subject control – data subjects responsible for raising questions about information practices using their rights of access and correction;
• licensing – databases must be licensed by the government and those managing those databases must be maintained in accordance with the license;
• data commissioner – ombudsman office to assist individuals and serve as a forum to address concerns;
• registration – all computerized databases containing personally identifiable information are registered with the government.
These models have served as a way of characterizing a country’s policies and have been used particularly by scholars who seek to understand whether effectiveness of privacy protection varies based on the model adopted. Although research indicates that there are strengths and weaknesses of various models, the research also concludes that country specific characteristics – particularly culture, expectations, trust in government, and role of government – also influence their effectiveness (Flaherty 1989; Bennett 1992; Gellman 2003). By the late 1980s most advanced industrial countries had adopted laws conforming roughly to one of these models (see Table 2). National laws vary in a number of significant ways: some regulate only computerized records while others regulate paper and computerized records; some regulate the public and private sectors similarly while others regulate them differently; some protect only citizens of that country while others protect residents; and some protect “natural persons” while others protect “legal persons,” including corporations.
The 1980s: National Laws and Trade Issues
The global economic and communication systems are fundamentally global information systems. These systems collect, store, exchange, and manipulate vast quantities of information, including personally identifiable information. With the variation in national laws, international and regional bodies recognized that domestic laws could affect the flow of personal information into and out of a country. This brought scholarly and policy attention to the issue of transborder data flows and questions about whether privacy and data protection laws constituted non-tariff trade barriers. The implications of national data protection laws on transborder data flows provoked heated debate in a number of regional and international forums, where discussion was framed primarily in terms of free flow of information, championed largely by the US, versus trade restrictions. This debate sparked a number of articles in business, law, and political science journals (Eger 1978; Bigelow 1979; McGuire 1979; Buss 1984; Wigand 1985; Regan 1993).
Table 2 National privacy laws
Title of Law
Personal Data Protection Act
Privacy Amendment (Private Sector) Act
Data Protection Act
Consolidated Version of the Belgian Law of December 8, 1992 on Privacy Protection in Relation to the Processing of Personal Data as Modified by the Law of December 11, 1998 implementing Directive 95/46/EC
The Privacy Act
Personal Information Protection and Electronics Documents Act
Act on the Protection of Personal Data
Act on the Protection of Personal Data in Information Systems
Act of 4 April 2000 on the Protection of Personal Data and on Amendment to Some Related Acts
Danish Private Registers Act (Consolidated)
The Danish Public Authorities Registers Act (Consolidated)
Act on Processing of Personal Data, Act No. 249
Personal Data Protection Act
Act on the Amendment of the Personal Data Act (986)
Act on Data Processing, Data Files and Individual Liberties
Federal Data Protection Act
Federal Data Protection Act (Amended)
Federal Data Protection Act
Law No. 2472 on the Protection of Individuals with Regard to the Processing of Personal Data
Act LXIII of 1992 on the Protection of Personal Data and the Publicity of Data of Public Interests
Act Concerning the Registration and Handling of Personal Data
Data Protection Act
Data Protection (Amendment) Act
Protection of Privacy Law
Processing of Personal Data Act
Law for the Protection of Computer Processed Data Held by Administrative Organs
Personal Data Protection Law
Data Protection Act
Ordinance on the Data Protection Act
Law on Legal Protection of Personal Data
Organising the Identification of Physical and Legal Persons by Number
Regulating the Use of Nominal Data in Data Processing
Protection of Persons with Regard to the Processing of Personal Data
Data Protection Act
Data Protection Act
Personal Data Protection Act
Privacy Amendment Act
Privacy Amendment Act
Act Relating to Personal Data Registers
Personal Data Act
Protection of Personal Data
Act on the Protection of Personal Data
Law No. 677/2001 for the Protection of Persons Concerning the Processing of Personal Data and Free Circulation of Such Data
Information Computerization and Protection of Information
Participation in International Information Exchange
Act No. 428 of 3 July 2002 on Personal Data Protection
Personal Data Protection Act
Law 15/99 on the Protection of Data of a Personal Character
Personal Data Protection Act
The Federal Law on Data Protection
Computer-Processed Personal Data Protection Law
Official Information Act
Data Protection Act
Source: National Omnibus Laws, www.privacyexchange.org/legal/nat/omni/nol.html
During the 1980s and 1990s the focus of policy attention concerning transborder data flows was the European Union (EU) and the development of its “Directive on the Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of Such Data” (hereafter referred to as the Data Protection Directive). The Directive was part of the EU’s development of one European market and the harmonization of policies affecting that market. The EU’s proposed Directive generated debate between the EU and the US on three key issues: the degree of individual control over uses of personal information which was couched largely in terms of individuals’ “opting-in” or “opting-out” of information practices; the level of national protection countries needed to ensure prior to transfers of personal information; and the nature of the national enforcement authority or regime that was consistent with the requirements of the EU Directive. Analyses of the EU Data Protection Directive, compatibility of national laws with the Directive, and the national and international policy deliberations on this issue can be found in a number of law review, business, and political science articles and books (Branscomb 1994; Schwartz 1995; Cate 1997; Swire and Litan 1998; Regan 1999; Reidenberg 1999; 2000).
Although the debate over the EU Data Protection Directive was framed largely in terms of differences between the EU and the US, there were also differences among European countries that impacted the development and meaning of the Directive. Germany and France advocated stronger protections that were consistent with their national laws. Some European countries favored weaker protections, again consistent with national laws, and others had not yet passed legislation. Although the members of the EU did not share a common perspective on the specifics, they did share a common perspective on the need for free trade purposes of harmonizing regulations governing transborder data flows (Schwartz and Reidenberg 1996; Shaffer 2000).
Ultimately the US and the EU agreed on “Safe Harbor Privacy Principles” to establish a framework for the exchanges of personally identifiable information. This agreement became the consensus policy position once American businesses realized that it was unlikely either that the EU would issue a general ruling that US law was adequate to meet the requirements of the Data Protection Directive or that individual contractual arrangements between American companies and the EU would be easily negotiated. The US Department of Commerce and the EU’s Internal Market Directorate General developed the Safe Harbor agreement after a rather torturous two-year process that was finalized in 2000 (Farrell 2003; Regan 2003). Research, especially by political scientists, continues into analysis of the ways in which national laws articulate with those of other countries and with international agreements (Bennett and Raab 2006).
The 1990s: The Networked World
Somewhat paralleling the principally business dominated debate and analyses over transborder data flows was a broader discussion about privacy issues resulting from global communication and information systems, particularly the internet. The focus in policy and scholarship was less on variations in national laws and more on two features of networked communication systems: first, the technical infrastructure supporting the flow of information, an analysis in which computer scientists joined with legal and policy experts to examine how privacy might be invaded in such a networked environment and whether technology might at least be part of the solution; and second, the globalization of communication systems and information flows, an analysis in which political scientists and communication scholars explored the causes and implications of the globalization trend, including how that trend was affecting cultural and social views of privacy. Each of these will be discussed below.
In terms of the technical infrastructure, there are a number of ways in which personally identifiable information can be automatically captured as one surfs the internet – and this capture occurs regardless of national, geographic boundaries. First, each site that someone visits obtains the internet protocol (IP) address of the computer being used. Although the IP address itself does not yield personally identifiable information, it does allow tracking of the internet movements from that computer. Second, “cookies” can be placed on a user’s hard drive so that a website can determine a user’s prior activities at that website on a return visit. Although users can monitor and/or delete cookies, some sites require users to accept cookies. Third, “web bugs,” graphics embedded in a web page or email, can monitor who is reading the page or message (Lyon and Zureik 1996; Agre and Rotenberg 1997; Regan 2002).
As organizations in both the public and the private sectors increasingly conducted transactions and provided services online, new privacy issues emerged in a number of sectors. For example in electronic government, officials and legislatures provided new rules, procedures, and protections for the submission of personally identifiable information over the internet and for access to such information by other organizations. Similarly moves to electronic health records and websites offering health advice have provoked privacy and access concerns, as has electronic banking. These policy and management issues have again generated policy discussions and actions at the national level but also at the international level as the internet does not recognize geographic boundaries (Johnson and Post 1996; Reidenberg 1996; Swire 1998).
Because of the emphasis on the internet, technology specialists became more vocal players in both national and international debates. As policy makers realized that there were limitations to laws and organizational policies, attention shifted to the technology and the possibilities of inserting privacy protections into the architecture itself. Although proposals for encryption (Chaum 1992) had been discussed for some time as an information privacy protection, the emphasis now turned to the possibility of writing privacy protections into the technical codes and standards for the computer and information systems that formed the networks (Lessig 1999). Organizations such as the World Wide Web Consortium (W3C) and Institute of Electrical and Electronics Engineers (IEEE) served as forums for discussions of policy problems and solutions. W3C established a working group that developed principles for a Platform for Privacy Preferences (P3P) in 1998; P3P enabled websites to express their privacy practices in a standard format that could then be retrieved automatically and interpreted. The goal was both to convenience web users and also to enable users to integrate their ideal privacy standards into their web practices. Privacy protections were viewed as a key component in establishing trustworthy networked information systems and various groups, including the Computer Science and Telecommunications Board of the US National Research Council and the Rathenau Institute of the Royal Netherlands Academy of Sciences, held meetings of international technical and policy specialists and published various reports with policy and technical proposals (National Research Council 1999; 2001; Gutwirth 2002).
In terms of the implications and causes of globalization of communication systems and information flows, research and analysis is quite broad ranging but includes attention to privacy as one of the social values whose meaning and protection were affected by globalization. Much of the research focuses on the potential of global communication systems to foster the development of a global public sphere (Mitzen 2005) or global civil society (Comor 2001) and the emergence of a “globally oriented citizen” (Parekh 2003:12). In this view networked communication systems provide the capacities to form transnational networks which have the potential to circumscribe state-based systems. The potential for this, rather than its inevitability, is underscored as more than system integration is required in order for the potential to be realized; indeed, “transnational intersections of culture, meaning, and identity are required” (Comor 2001:390) and “local relationships tend to prescribe the context through which global influences are adopted and understood” (Comor 2001:398). Global communication systems could modify the local context by influencing changes in lifestyle and culture, which would then affect conceptual systems that may lead to more globalized intersections of culture, meaning, and identity (Comor 2001). Other analysts of global communication systems and the possible emergence of a global public sphere, including Habermas, emphasize the role of legal rules in “converting normative ideals to social facts” (Mitzen 2005:404) including legal rules protecting “the preconditions for communicative action such as the rights to privacy” (Mitzen 2005:404).
Geoffrey Herrera sees the evolution of a global digital information network as involving “a three-way political struggle between centralized political authorities (states), centralized economic entities (firms) and individuals as both consumers and citizens” (Herrera 2002:93). Privacy protections for personally identifiable information are important in different ways to each of these three sets of actors and therefore implicated in the struggle. Viewed as a struggle of such proportions, the question becomes who can most influence the outcome of the struggle – raising questions of American cultural imperialism. David Rothkopf, for example, suggests that “Americans should promote their vision for the world, because failing to do so or taking a ‘live and let live’ stance is ceding the process to the not-always-beneficial actions of others. Using the tools of the Internet Age to do so is perhaps the most peaceful and powerful means of advancing American interests” (Rothkopf 1997:49).
The privacy landscape and discourse changed dramatically throughout the world after the terrorist attacks in the US on September 11, 2001. Concerns about privacy and civil liberties were trumped by concerns about security and identifying possible terrorists. Pew Research and Gallup public opinion polls in the US conducted soon after 9/11 indicated support for sacrificing civil liberties, more extensive surveillance of communications, and a national ID card (Bartlett 2001; Gallup 2001). Congress, with virtually no opposition, passed the USA PATRIOT Act of 2001 (Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism) 45 days after the attacks. Other countries passed similar measures. The Canadian Bill C-36 contained measures to enhance the government’s ability to prevent and detect terrorist activity. The Council of Europe’s Cyber Crime Convention was ratified not only by the 41 member states, but also by the US, Japan, and South Africa. The hasty passage and draconian character of these initiatives provoked concerns, not only among human rights activists who saw these measures as clashing with civil liberties and privacy protections, but also in more conservative circles who viewed the measures as giving unchecked investigative power to law enforcement and intelligence officials (van Est and van Harten 2002).
One international area of controversy involved airline passenger data. Due to the fact that the 9/11 terrorists used airplanes as their weapons, much subsequent attention has focused on identifying and apprehending potential terrorists before they get on an airplane. To that end the US initiated plans for a new passenger screening system to replace the existing system operating on airlines’ reservations systems. CAPPS II (Computer-Assisted Passenger Prescreening System), proposed soon after 9/11, would access more diverse data and perform more sophisticated analyses. It would begin with the airlines transmitting Passenger Name Record (PNR) data including name, phone number, itinerary, and method of payment to CAPPS II, which would then request identity authentication from commercial data providers who would then send CAPPS II an identity authentication score, and finally CAPPS II would use government databases, including classified and intelligence data, to conduct a risk assessment score which would be transmitted to the check-in counter (Government Accountability Office 2004). Testing of CAPPS II has been delayed due to difficulties in obtaining passenger data from the airlines who voiced privacy concerns and opposition to the system from other countries, especially those of the European Union. Following lengthy negotiations, European Union officials on May 28, 2004 reached an agreement with the Bureau of Customs and Border Protection (CBP) in the Department of Homeland Security (DHS) for air carriers to provide CBP with electronic access to PNR (Commission of European Communities 2004).
Another proposal for an integrated system designed to track the movements and activities of individuals is the US-VISIT (United States Visitor and Immigrant Status Indicator Technology) which was proposed as a dynamic interoperable system to collect and retain biographic, travel, and biometric data (i.e., photograph and fingerprints) pertaining to visitors (United States Department of Homeland Security 2003). Both CAPPS II and US-VISIT were subject to technical and budgetary difficulties in their development and pilot-testing and were analyzed by researchers as examples not only of international data systems raising questions of national sovereignty and civil liberties but also of the public management and accountability of advanced technology initiatives.
Somewhat independently of the effects of 9/11 some international relations and communication scholars were already questioning whether the development of the global digital information network itself was diminishing or strengthening state capacity and autonomy (Herrera 2002). This line of research examined whether the data processing and related surveillance capabilities were leading to enhanced state power and threats to personal privacy. Another line of research that pre-dated 9/11 concerns about surveillance focused on the internationalization of law enforcement and the development of international organizations and arrangements (Marx 1997; Deflem 2000). Both of these lines of research supported the importance of understanding the underlying historical, institutional, and technological contexts in which post–9/11 surveillance occurred.
Future Research Directions
Although the topics discussed above serve to organize the research on global information privacy in time periods, each of these is also a topic of continuing research. Philosophical questions about the meaning of privacy and the various ways in which privacy is likely to be defined and constructed in different cultures will continue to be of interest to philosophers and a variety of social scientists (Kerr et al. in press). Such questions elicit not only theoretical analysis but also empirical study through methods such as public opinion surveys, focus groups and in-depth interviews (Zureik 2009). Many privacy issues appear both within countries and internationally as a result of advances in computer and information technologies, and there is no question that such technological advances will continue and be of interest to technologists and social scientists. One area in particular that is likely to be of research interest is location or mobile privacy which is taking on significant importance with the spread of wireless technologies, global positioning satellites, and RFID (radio frequency identification) systems (Bennett and Regan 2003). Variations and conflicts among national laws, other countries’ laws, and international agreements in the area of information privacy will continue to present policy challenges in terms of policy formulation and policy implementation. Finally the surveillance issues that emerged as a global concern after 9/11 are not expected to abate and will continue to be analyzed from a variety of relevant perspectives and disciplines.
Agre, P., and Rotenberg, M. (eds.) (1997) Technology and Privacy: The New Landscape. Cambridge: MIT Press.Find this resource:
Altman, I. (1977) Privacy Regulation: Culturally Universal or Culturally Specific? Journal of Social Issues 33 (3), 66–84.Find this resource:
Aristotle (1962) The Politics, translated and with an introduction by T.A. Sinclair. Middlesex: Penguin Books.Find this resource:
Bartlett, M. (2001) Americans Still Guard Telephone, E-Mail Privacy. Newsbytes (Sept. 19). At www.snapshield.com/www_problems/United_States/americans_still.htm, accessed July 2009.Find this resource:
Bennett, C.J. (1992) Regulating Privacy: Data Protection and Public Policy in Europe and the United States. Ithaca: Cornell University Press.Find this resource:
Bennett, C.J., and Lyon, D. (2008) Playing the Identity Card: Surveillance, Security and Identification in Global Perspective. London: Routledge.Find this resource:
Bennett, C.J., and Raab, C.D. (2006) The Governance of Privacy: Policy Instruments in Global Perspective. Cambridge: MIT Press.Find this resource:
Bennett, C.J., and Regan, P.M. (2003) Editorial: Surveillance and Mobilities. Surveillance & Society 1 (4), 449–55.Find this resource:
Bigelow, R. (1979) Transborder Data Flow Barriers. Jurimetrics Journal 20 (1), 8–17.Find this resource:
Bloustein, E. (1964/1984) Privacy as an Aspect of Human Dignity – An Answer to Dean Prosser. In F.D. Schoeman (ed.) Philosophical Dimensions of Privacy: An Anthology. Cambridge: Cambridge University Press, pp. 156–202.Find this resource:
Branscomb, A.W. (1994) Who Owns Information? From Privacy to Public Access. New York: Basic Books.Find this resource:
Buss, M.D.J. (1984) Legislative Threat to Transborder Data Flow. Harvard Business Review (May–June), 111–8.Find this resource:
Cate, F.H. (1997) Privacy in the Information Age. Washington, DC: Brookings Institution Press.Find this resource:
Chaum, D. (1992) Achieving Electronic Privacy. Scientific American (Aug.), 96–101.Find this resource:
Commission of European Communities (2004) Proposal for a Council Decision on the Conclusion of an Agreement between the Europe Community and the United States of America on the Processing and Transfer of PNR Data by Air Carriers to the U.S. Department of Homeland Security Bureau of Customs and Border Protection (May 28). At http://ec.europa.eu/justice_home/fsj/privacy/docs/adequacy/pnr/2004-05-28-agreement_en.pdf, accessed July 2009.
Comor, E. (2001) The Role of Communication in Global Civil Society: Forces, Processes, Prospects. International Studies Quarterly 45 (3), 389–408.Find this resource:
Deflem, M. (2000) Bureaucratization and Social Control: Historical Foundations of International Police Cooperation. Law & Society Review 34 (3), 739–78.Find this resource:
Eger, J.M. (1978) Emerging Restrictions on Transnational Data Flows: Privacy Protections or Non-Tariff Trade Barriers? Law and Policy in International Business 10 (4), 1065.Find this resource:
Elshtain, J.B. (1981) Public Man, Private Woman: Women in Social and Political Thought. Princeton: Princeton University Press.Find this resource:
Farrell, H. (2003) Constructing the International Foundations of E-Commerce: The EU–U.S. Safe Harbor Arrangement. International Organization 57 (2), 277–306.Find this resource:
Flaherty, D.H. (1989) Protecting Privacy in Surveillance Societies. Chapel Hill: University of North Carolina Press.Find this resource:
Foucault, M. (1977) Discipline and Punish: The Birth of the Prison. New York: Vintage Books.Find this resource:
Fried, C. (1968) Privacy. Yale Law Journal 77 (3), 475–93.Find this resource:
Friedrich, C.J. (1971) Secrecy versus Privacy: The Democratic Dilemma. In R.J. Pennock and J.W. Chapman (eds.) Privacy. New York: Atherton Press, pp. 105–19.Find this resource:
Gallup Organisation (2001) Impact of the Attacks on America (Oct. 3). At www.gallup.com/poll/4951/Impact-Attacks-America.aspx, accessed July 2010.
Gandy, O. (1993) The Panoptic Sort: A Political Economy of Personal Information. Boulder: Westview Press.Find this resource:
Giddens, A. (1985) The Nation-State and Violence. Cambridge: Polity Press.Find this resource:
Government Accountability Office (2004) Aviation Security: Computer-Assisted Passenger Prescreening System Faces Significant Implementation Challenges (GAO-04-385) (Feb.) At www.gao.gov/cgi-bin/getrpt?GAO-04-385, accessed June 2009.
Green, S. (1999) A Plague on the Panopticon: Surveillance and Power in the Global Information Economy. Information, Communication and Society 2 (1), 26–44.Find this resource:
Gutwirth, S. (2002) Privacy and the Information Age. Lanham: Rowman and Littlefield.Find this resource:
Herrera, G.L. (2002) The Politics of Bandwidth: International Political Implications of a Global Digital Information Network. Review of International Studies 28 (1), 93–122.Find this resource:
Hixson, R.F. (1987) Privacy in a Public Society: Human Rights in Conflict. New York: Oxford University Press.Find this resource:
Howard, R.E., and Donnelly, J. (1986) Human Dignity, Human Rights and Political Regimes. American Political Science Review 80 (3), 801–17.Find this resource:
Johnson, D., and Post, D. (1996) Law and Borders: The Rise of Law in Cyberspace. Stanford Law Review 48, 1367–91.Find this resource:
Kerr, I., Steeves, V., and Lucock, C. (eds.) (in press) Privacy, Identity and Anonymity in a Network World: Lessons from the ID Trail. New York: Oxford University Press.Find this resource:
Konvitz, M. (1966) Privacy and the Law: A Philosophical Prelude. Law and Contemporary Problems 31, 272–80.Find this resource:
Lessig, L. (1999) Code: And Other Laws of Cyberspace. New York: Basic Books.Find this resource:
Locke, J. (1952) The Second Treatise of Government, edited by Thomas P. Peardon. New York: The Bobbs-Merrill Company.Find this resource:
Lyon, D. (1994) The Electronic Eye: The Rise of Surveillance Society. Minneapolis: University of Minnesota Press.Find this resource:
Lyon, D., and Zureik E. (eds.) (1996) Surveillance, Computers and Privacy. Minneapolis: University of Minnesota Press.Find this resource:
Margulis, S.T. (1977) Conceptions of Privacy: Current Status and Next Steps. Journal of Social Issues 33 (3), 5–21.Find this resource:
Margulis, S.T. (2003) On the Status and Contributions of Westin’s and Altman’s Theories of Privacy. Journal of Social Issues 59 (2), 411–29.Find this resource:
Marx, G.T. (1997) Social Control Across Borders. In W.F. McDonald (ed.) Crime and Law Enforcement in the Global Village. Cincinnati: Anderson Publishing, pp. 23–39.Find this resource:
McCloskey, H.J. (1971) The Political Ideal of Privacy. The Philosophical Quarterly 21 (85), 303–14.Find this resource:
McCollough, T.E. (1991) The Moral Imagination and Public Life: Raising the Ethical Question. Chatham: Chatham House Publishers.Find this resource:
McGuire, R.P. (1979) The Information Age: An Introduction to Transborder Data Flow. Jurimetrics Journal 20 (1), 1.Find this resource:
Mead, M. (1949) Coming of Age in Samoa. New York: New American Library.Find this resource:
Merton, R. (1957) Social Theory and Social Structure. New York: Free Press of Glencoe.Find this resource:
Mill, J.S. (1939) On Liberty (1859). In E.A. Burtt (ed.) The English Philosophers from Bacon to Mill. New York: Modern Library, pp. 949–1041.Find this resource:
Miller, A.R. (1971) The Assault on Privacy: Computers, Data Banks, and Dossiers. Ann Arbor: University of Michigan Press.Find this resource:
Mitzen, J. (2005) Reading Habermas in Anarchy: Multilateral Diplomacy and Global Public Spheres. The American Political Science Review 99 (3), 401–17.Find this resource:
Monshi, B., and Zieglmayer, V. (2004) The Problem of Privacy in Transcultural Research: Reflections on an Ethnographic Study in Sri Lanka. Ethics & Behavior 14 (4), 305–12.Find this resource:
Moore, B., Jr (1984) Privacy: Studies in Social and Cultural History. New York: M.E. Sharpe.Find this resource:
National Research Council (1999) Trust in Cyberspace. Washington, DC: National Academy Press.Find this resource:
National Research Council (2001) The Internet’s Coming of Age. Washington, DC: National Academy Press.Find this resource:
Nissenbaum, H. (1998) Protecting Privacy in an Information Age: The Problem of Privacy in Public. Law and Philosophy 17 (5/6), 559–96.Find this resource:
Nissenbaum, H. (2004) Technology, Values, and the Justice System: Privacy and Contextual Integrity. Washington Law Review 79, 119–57.Find this resource:
Norris, C., and Armstrong, G. (1999) The Maximum Surveillance Society: The Rise of CCTV. Oxford: Berg.Find this resource:
Parekh, B. (2003) Cosmopolitanism and Global Citizenship. Review of International Studies 29 (1), 3–17.Find this resource:
Pennock, J.R., and Chapman, J.W. (eds.) (1971) Privacy. New York: Atherton Press.Find this resource:
Phillips, D.J. (in press) Ubiquitous Computing, Spatiality, and the Construction of Identity: Directions for Policy Response. In I. Kerr, V. Steeves, and C. Lucock (eds.) Privacy, Identity and Anonymity in a Network World: Lessons from the ID Trail. New York: Oxford University Press.Find this resource:
Prosser, W.L. (1960) Privacy. California Law Review 48 (3), 383–423.Find this resource:
Rachels, J. (1975) Why Privacy Is Important. Philosophy and Public Affairs 4 (4), 323–33.Find this resource:
Regan, P.M. (1984) Personal Information Policies in the United States and Britain: The Dilemma of Implementation Considerations. Journal of Public Policy 4 (1), 19–38.Find this resource:
Regan, P.M. (1993) The Globalization of Privacy: Implications of Recent Changes in Europe. American Journal of Economics and Sociology 52 (3), 257–74.Find this resource:
Regan, P.M. (1995) Legislating Privacy: Technology, Social Values and Public Policy. Chapel Hill: University of North Carolina Press.Find this resource:
Regan, P.M. (1999) American Business and the European Data Protection Directive: Lobbying Strategies and Tactics. In C. Bennett and R. Grant (eds.) Visions of Privacy: Policy Choices for the Digital Age. Toronto: University of Toronto Press, pp. 199–216.Find this resource:
Regan, P.M. (2002) Privacy as a Common Good in the Digital World. Information, Communication and Society 5 (3), 382–405.Find this resource:
Regan, P.M. (2003) Safe Harbors or Free Frontiers? Privacy and Transborder Data Flows. Journal of Social Issues 59 (2), 263–82.Find this resource:
Reidenberg, J.R. (1996) Governing Networks and Rule-Making in Cyberspace. Emory Law Journal 45, 911–29.Find this resource:
Reidenberg, J.R. (1999) The Globalization of Privacy Solutions: The Movement Towards Obligatory Standards for Fair Information Practices. In C. Bennett and R. Grant (eds.) Visions of Privacy: Policy Choices for the Digital Age. Toronto: University of Toronto Press, pp. 217–28.Find this resource:
Reidenberg, J.R. (2000) Resolving Conflicting International Privacy Rules in Cyberspace. Stanford Law Review 80 (3), 471–96.Find this resource:
Rosen, J. (2000) The Unwanted Gaze. New York: Random House.Find this resource:
Rothkopf, D. (1997) In Praise of Cultural Imperialism? Foreign Policy 107 (summer), 38–53.Find this resource:
Rule, J.B. (1973) Private Lives and Public Surveillance: Social Control in the Computer Age. London: Allen Lane.Find this resource:
Scanlon, T. (1975) Thomson on Privacy. Philosophy and Public Affairs 4 (4), 315–22.Find this resource:
Schwartz, P.M. (1995) European Data Protection Law and Restrictions on International Data Flows. Iowa Law Review 80 (3), 471–96.Find this resource:
Schwartz, P.M., and Reidenberg, J.R. (1996) Data Privacy Law. Charlottesville: Michie.Find this resource:
Shaffer, G. (2000) Globalization and Social Protection: The Impact of EU and International Rules in the Ratcheting Up of U.S. Privacy Standards. Yale Journal of International Law 25 (1), 1–88.Find this resource:
Simmel, A. (1968) Privacy. In D.L. Sills (ed.) International Encyclopedia of the Social Sciences, vol. 12. New York: Macmillan, pp. 480–7.Find this resource:
Steeves, V. (in press) Reclaiming the Social Value of Privacy. In I. Kerr, V. Steeves, and C. Lucock (eds.) Privacy, Identity and Anonymity in a Network World: Lessons from the ID Trail. New York: Oxford University Press.Find this resource:
Swire, P.M. (1998) Of Elephants, Mice, and Privacy: International Choice of Law and the Internet. The International Lawyer 32, 1123–39.Find this resource:
Swire, P.M., and Litan, R.E. (1998) None of Your Business: World Data Flows, Electronic Commerce, and the European Privacy Directive. Washington, DC: Brookings Institution Press.Find this resource:
Thompson, J.J. (1975) The Right to Privacy. Philosophy and Public Affairs 4 (4), 295–314.Find this resource:
Topal, Ç. (2005) Global Citizens and Local Powers: Surveillance in Turkey. Social Text 23 (2), 85–94.Find this resource:
United States Department of Homeland Security (2003) US-VISIT Program, Increment 1: Privacy Impact Assessment, Executive Summary (Dec. 18). At www.dhs.gov, accessed June 2009.
van Est, R., and van Harten, D. (2002) Debating Privacy and ICT. Papers of the Rathenau International Conference on the Use of Personal Data in Criminal Investigations and Commerce (Amsterdam, Jan. 17). At www.rathenau.nl/files/DIV-DebatingPrivacy-mrt2002.doc, accessed June 2009.Find this resource:
Warren, S.D., and Brandeis, L.D. (1890) The Right to Privacy. Harvard Law Review 4 (Dec.), 193–220.Find this resource:
Westin, A.F. (1967) Privacy and Freedom. New York: Atheneum.Find this resource:
Westin, A.F. (1984) The Origins of Modern Claims to Privacy. In F.D. Schoeman (ed.) Philosophical Dimensions of Privacy: An Anthology. Cambridge: Cambridge University Press, pp. 56–74.Find this resource:
Westin, A.R., and Baker, M.A. (1972) Databanks in a Free Society: Computers, Record-Keeping, and Privacy. New York: Quadrangle Books.Find this resource:
Wigand, R.T. (1985) Transborder Data Flow: Its Impact on Business and Government. Information Management Review (autumn), 55–65.Find this resource:
Wood, D.M. (2003) Editorial: Foucault and Panopticism Revisited. Surveillance and Society 1 (3), 234–9.Find this resource:
Zureik, Elia (ed.) (2009) Privacy, Surveillance and the Globalization of Personal Information: International Comparisons. Kingston: McGill-Queen’s University Press.Find this resource:
Links to Digital Materials
The New Transparency: Surveillance and Social Sorting. At www.surveillanceproject.org/projects/the-new-transparency/about, accessed June 2009. This project is located at Queen’s University, Kingston Ontario under the direction of David Lyon and funded by the Social Sciences and Humanities Research Council of Canada. The project involves over 30 scholars in over a dozen countries. Given growing computer-dependence and reliance on personal data collection and processing by a variety of institutions, and heightened public concern about security, surveillance is now experienced as an everyday reality. The history, key characteristics, and consequences of The New Transparency will be examined by asking three vitally important questions:
• What factors contribute to the general expansion of surveillance as a technology of governance in late modern societies?
• What are the underlying principles, technological infrastructures, and institutional frameworks that support surveillance practice?
• What are the social consequences of such surveillance both for institutions and for ordinary people?
Privacy International. At www.privacyinternational.org/, accessed June 2009. Privacy International is a UK-based non-profit organization formed in 1990, as a “watchdog” on surveillance and privacy invasions by governments and businesses. The website provides reports and analyses on a range of privacy issues in countries around the world, as well as activities of and reports from international and regional organizations.
The European Commission’s Data Protection Home Page. At http://ec.europa.eu/justice_home/fsj/privacy/index_en.htm, accessed June 2009. This website contains current and historical policy documents, reports, laws, and consultancies related to the EU Data Protection. It also contains information on international activities and those in several countries.
Electronic Privacy Information Center and Center for Democracy and Technology. At http://epic.org/ and www.cdt.org/, accessed June 2009. Both are US-based public interest research centers. Their websites contain reports on a range of current privacy issues, policy activities, and reports primarily for the US but with excellent resources and links to other countries and international organizations.
The author wishes to acknowledge the research assistance of Gerald Fitzgerald.