The Four Kinds of Privacy: Appendices & Bibliography

Some followup information related to the article The Four Kinds of Privacy.

Appendix One: Privacy & Information Types

The topic of privacy has mainly been framed as a question of protections and costs: What is being protected by privacy, and what is endangered if privacy is violated? However, a few connected ideas can shed additional light on privacy, beginning with the question of private information: What data can be lost due to a breach and how does that impact privacy?

Defensive privacy and human rights privacy are both explicitly about protecting information, while personal privacy and contextual privacy can be breached if information is lost. Despite the differences among these kinds of privacy, the information being protected can have a lot of overlap.

Personal Information is one of the most important things to protect. The loss of social security numbers, credit card numbers, credit reports or stock statements could all result in identity theft or even direct money theft, and so should be protected with defensive privacy.

However, personal information can also relate to human rights privacy. The loss of debt information, criminal records, or similar documents could cause problems if uncovered by an employer or business partner. Similarly, information about sexual orientation, religious beliefs, or political views could lead to discrimination or harassment — though the topic of politics also unveils a whole other type of information that we’ll return to.

Medical Information is a type of personal information that’s becoming increasingly important. Someone might face insurance discrimination if their medical information got out, but it could also be a human rights issue — particularly for revelation of a condition like HIV or the use of medical marijuana. However, there’s simultaneously a clear need for some medical information to be public: we have to know who has Ebola so that we can take precautions when we are treating them. So, the topic isn’t a simple one. Fortunately, in the US the HIPAA and PSQIA regulations cover these issues.

Two other types of personal information are especially dangerous: Identification Information (who you are and Location Information (where you are). These types of information are most directly tied to human rights privacy. A fascist government could use any personal information against an activist or dissident, but uncovering identity or locale would be the worst, as it could result in the death or imprisonment of not only the activist, but also his family or friends. Similarly, this information could help a stalker or other criminal to find — and harm — an intended victim.

New technology items like recording and tracking devices are making it even easier to reveal identity and location information. Fortunately, the American courts are keeping up: the 2012 Supreme Court case United States vs. Jones limited the government’s ability to use a GPS device to track a suspect; while the 2014 Supreme Court case Riley v. California verified that a warrant was required to search cell phones.

Juvenile Information is a variant of personal information that specifically relates to children. Some information should be forgotten because kids make mistakes that should be forgiven. Also, children need to be carefully protected because they can’t make the same judgements about releasing their personal information to the public that adults can. There is a large set of laws related to juvenile information such as the US FERPA and COPPA regulations. As with some of the other sorts of personal information, defensive and human rights privacy breaches could both occur from juvenile information loss.

Business Information is personal information writ large. It could be financial information that would allow for theft from the company or it could be trade secrets that could let another business gain a competitive advantage. Even higher levels of defensive privacy are required to protect this sort of information.

Finally, private Voting Information is crucial to the working of a democracy.

Most obviously, a government (or a political group) could imprison or kill someone for their political views. However, individuals can also be financially punished for their voting decisions, a trend that received national attention in recent elections. Terry Lee of Terry Lee Forensics was one of the most outspoken rights violators, admitting that he fired two employees because they were Obama supporters. It was perfectly legal, as only a few states in the US protect against employer political retaliation, underlining the need for voting privacy.

Voting information can go beyond the ballot box, and so there’s also an argument for keeping political donations private. The previously mentioned example of Brendan Eich (former CEO of Mozilla) demonstrates this, as the revelations of his anti-gay-marriage donations affected him in many ways. He lost his job (defensive privacy and he damaged his ability to work in the future (human rights privacy because his political life and his business life got entangled (contextual privacy).

Appendix Two: Privacy & Harmful Activities

Another topic connected to privacy is the question of what activities are harmful to privacy. Attorney Daniel J. Solove wrote extensively on the topic in “A Taxonomy of Privacy”. Here the question is: “What activities lead to privacy breaches?”

Solove’s taxonomy is sufficiently extensive and well-considered that it’s worth considering on its own. He lists four general categories of privacy-harming activities: information collection, information processing, information dissemination, and invasion. He then subdivides each of these categories, creating an impressive taxonomy of no less than 16 ways that privacy can be breached.

Information Collection addresses how data is acquired, either through “surveillance” (where someone is watched) or “interrogation” (where someone is questioned).

Information Processing talks about what someone does once they’ve acquired that data. It includes “aggregation” (where data is combined), “identification” (where data is connected to an individual), “secondary use” (where data is used for a reason other than was intended), “exclusion” (where data isn’t revealed to the person it was collected from), and “insecurity” (where data is leaked).

Information Dissemination discusses activities that release information. It includes “breach of confidentiality” (where a privacy promise is broken), “disclosure” (where true data is released), “distortion” (where false or misleading data is released), “exposure” (where nudity or other intimate data is released), “increased accessibility” (where the availability of data is amplified), “blackmail” (where the release of data is threatened), and “appropriation” (where an identity is stolen).

Finally, Invasion focuses on attacks upon private affairs rather than activities regarding data. It includes “intrusion” (where personal privacy is violated) and “decisional interference” (where one’s right to make decisions is impacted).

The topic of invasion starts to overlap with personal privacy, but the other three categories of harmful activities can be integrated with the kinds of privacy laid out in this article to create a two-dimensional table showing how the various sorts of privacy are breached.

This table could easily be extended into three dimensions by also examining of the different sorts of data that could be breached.

Appendix Three: Information Processing & Data Mining

The topic of information processing deserves some attention because the internet is proving a virulent breeding ground for new levels of identification and data aggregation. Using simple cookies, thousands of companies are putting together shockingly complete profiles of the browsing and purchasing habits of individuals. Meanwhile, web-based robots connect up numerous disparate bits of information about people and meld them together into cohesive wholes. The result is that information once considered private is now becoming public.

Even human researchers are able to find stunning amounts of information on the internet. My frequent collaborator Shannon Appelcline recently finished a history book called Designers & Dragons and tells me that some of the individuals he wrote about were shocked by the amount of information he’d been able to piece together from various public sources.

Given Europe’s historic interest in human rights privacy, it’s not surprising that they’ve attacked data mining the most directly. Two years ago, they pushed to make cookies opt-in, and today they’re working to get Google to comply with the EU’s privacy laws. The Federal Government in the US isn’t being as proactive, forcing state governments to pick up the slack. California’s SB-1177, signed on September 29, 2014, is an example; it made it illegal to target advertising on sites primarily intended for the use of students in K-12. It’s the strongest such law in the United States.

This doesn’t even touch upon the dangers of cloud computing, where consumers purposefully put information onto the internet, in areas that they think are protected. Recently, celebrities found that it can make their data surprisingly vulnerable, but cloud computing could be even more dangerous if unscrupulous companies aggregate and identify what’s been put online.

Appendix Four: Privacy & Data Removal

The internet has yet created another privacy problem: once information goes onto the internet, it’s never forgotten.

This can be troublesome for semi-public information, and that’s at the heart of the EU’s Right to Be Forgotten. However it’s even more problematic when information is stolen and then released on internet, because as Kyle Chayka said in his article about the celebrity photo theft, the legal field doesn’t have good answers for what to do with stolen information of this sort once it’s been widely released.

Appendix Five: Privacy & Alternative Categories

This examination of four kinds of privacy is just one way to look at the topic — though of course the one favored by this article.

Daniel Solove has also produced his own list of kinds of privacy. In “Conceptualizing Privacy”, he discusses six “different conceptions of privacy”. His list is somewhat different from that found in this article, but may be of interest. It includes:

• the right to be let alone

• limited access to the self

• secrecy

• control of personal information

• personhood

• intimacy

Solove’s articles on harmful activities and on privacy conceptualizations have since become part of Solove’s book, Understanding Privacy.

Bibliography of Related Privacy Articles & Sources

This article is based on an original post I wrote in 2004 in my blog Life With Alacrity, and presentations on the topic of privacy used in my classes and posted at

Bernal, Paul. 2014. “Who Needs Privacy? All of Us …” _Paul Bernal’s Blog_.

Chayka, Kyle. 2014. “The Celebrity Photo-Hacking Scandal Shows Why Old Privacy Laws Need a Serious Update”. _Pacific Standard: The Science of Society_.

Dash, Anil. 2014. “What is Public?” _Medium_.

Hess, Amanda. 2014. “Why Women Aren’t Welcome on the Internet”. _Pacific Standard: The Science of Society_.

Murphy, Kate. 2014. “We Want Privacy, but Can’t Stop Sharing”. _New York Times_

Schneier, Bruce. 2014. “iPhone Encryption and the Return of the Crypto Wars”. _Schneier on Security_.

Sierra, Kathy. 2014. “Why the Trolls Will Always Win”. _Wired_.

Solove, Daniel J. 2006. “A Taxonomy of Privacy”. _University of Pennsylvania Law Review_.

Sullivan, Kevin W. 2014. “Don’t Call it a Scandal: Here’s How Not to Talk about Jennifer Lawrence’s Pictures”. _MTV News_.

Toobin, Jeffrey. 2014. “The Solace of Oblivion”. _The New Yorker_.