Let’s Talk Privacy & Technology Episode 4: Prof. Woodrow Hartzog’s Privacy Design Agenda

As part of my fellowship with Santa Clara Law’s leading privacy law program, I’m curating the Let’s Talk Privacy & Technology video series. Each episode features a privacy expert, practitioner, academic, or innovator. We discuss the intersection of privacy and technology, covering topics ranging from privacy engineering, privacy enhancing technologies (PETs), and data ownership, to data ethics, privacy tech, cybersecurity, and more. I publish episode notes in this blog, including this post dedicated to episode 4. [Episode 1 is available here; episode 2, here; and episode 3, here.]

Episode Description

This episode, we brought on Professor Woodrow Hartzog, author of Privacy’s Blueprint: The Battle to Control the Design of New Technologies, to talk about his book and his privacy takes on today’s new technologies.

Episode Takeaways

• On the privacy field’s maturity: When Prof. Hartzog was first entering privacy under the tutelage of Prof. Solove back in 2003, privacy law practice wasn’t an established field yet. In contrast to today, the privacy law field is exploding and we need more privacy practitioners to manage increasing privacy issues.
• Shoutout to Prof. Daniel Solove: Prof. Hartzog and I were both inspired by and benefited from Prof. Solove and his leading work in privacy. Prof. Solove pushed the boundaries of privacy in his works, Understanding Privacy, A Taxonomy of Privacy, Nothing to Hide: The False Tradeoff Between Privacy and Security.
• On privacy’s complexity: Some folks think of privacy as control over their data; others, as secrecy; others, as contextual integrity. Prof. Hartzog has since then conceptualized privacy as obscurity in his work with Evan Selinger and and as trust in his work with Neil Richards.
• On the creation and use of data as a moral act: Prof. Hartzog believes that the creation and use of data has moral implications because of their potential effects on people’s well-being. His observation highlights the need not just for privacy design and engineering, but also for data ethics in the development of new technologies.
• On what Prof. Hartzog finds most interesting about privacy: Prof. Hartzog finds fascinating the introduction of simple technological solutions to complex social problems, and he challenges the notion that such simplistic tools are the answer to such big problems.
• On banning facial recognition: When asked during a book tour for a radical solution, Prof. Hartzog came up with the proposal to ban facial recognition. Why? Because notwithstanding its benefits, he couldn’t conceive of a future where we as a society would come out ahead, given the capacity for abuse and weak regulation. Since his proposal, San Francisco and Portland have come out to ban facial recognition in some form.
• On Prof. Hartzog’s design agenda for privacy law and on pushing back against technologies that shouldn’t exist: Prof. Hartzog criticizes the procedural nature of most privacy and data protection regulation. Instead, he advocates for a design agenda in privacy law. He believes that technologies that are destructive in their very design should not be allowed to exist. He sees a future where privacy law goes beyond FIPPs and compliance, and tackles design and trust-based relationships.
• On his advice to privacy tech founders: Prof. Hartzog pushes founders to think about how their startups are going to scale and to think beyond business models that rely on amassing and monetizing personal data.
• On his advice to students wanting to break into privacy: First, get a clear sense of why you want to work in the privacy field. Second, talk to as many privacy practitioners as possible.

“I’ll never forget when my son when he was three years old asked, “Dad, what’s privacy?”

And I welled up with pride. I was ready for this moment. I get to explain my life’s work to my son.

I said, “Son, privacy is a very complicated concept with many different nuanced interpretations.”

He turned his head to the side.

“Many people conceive of privacy as perhaps freedom from surveillance, or …”

He turned his head again.

I thought about it for a second.

I said, “Son, privacy is when you close the door when you go to the bathroom.”

And that resonated right. He got that one. Privacy as secrecy — many of us come to privacy with a similar idea.

But many people — Daniel Solove’s works in particular — were starting to push the boundaries of that.

Privacy is actually a lot of different things: it can be thought of as control over personal information, or secrecy, or intimacy, or contextual integrity. It occurred to me that privacy was much more expansive and important than many people had originally thought. So I spent a lot of my career thinking about privacy as obscurity (as I’ve written a lot about with Evan Selinger) and privacy as trust (in my work with Neil Richards).” — Prof. Hartzog

Episode Theme: Privacy Design Agenda in Privacy Law

Throughout the episode, we talked about Prof. Hartzog’s privacy design agenda, and the existing gaps in modern privacy laws. Modern privacy laws can be summarized into the following three rules: (1) do not lie (misrepresentation/deception); (2) do no harm; and (3) FIPPs harder. Instead of these narrow conceptions, Prof. Hartzog advocates for a design agenda in privacy laws. GDPR’s Article 25 is an example of this.

Let’s Talk Privacy & Technology Episode 4: Prof. Woodrow Hartzog’s Privacy Design Agenda

Episode Links

• This episode is available on Santa Clara Law’s YouTube page.
• Prof. Hartzog is on Twitter and LinkedIn.
• For upcoming episodes, check out the Let’s Talk Privacy and Technology series page on the Santa Clara Law website.