Information & Privacy

Floridi (1999) Information Ethics: On the philosophical foundations of Computer Ethics, Ethics and Information Technology 1:33-52, DOI: 10.1023/A:1010018611096

On privacy as a case of information ethics:

[p. 52-53:]

Privacy does not play a significant role in standard macroethics because it is the property of a class of objects as patients, not of actions. It becomes a central issue only within a culture that begins to recognise that entities are clusters of information, and that privacy is a fundamental concept referring to the integrity and well-being of an information entity. Privacy is not only an individual’s problem, but may be a group’s problem, a company’s or corporation’s problem, or a whole nation’s problem, since all these entities have their nature fully determined and constituted by the information they are. How does the problem of privacy arise then? Within the infosphere, entities form a web of dependencies and symbiotic relations. The data output of data collection and analysis processes can become the input of other information processes (no hierarchy is implied). Complex relations among data- producers, data-collectors, data-processors and data- consumers constitute an ecosystem in which data may be recycled, collated, matched, restructured and hence used to make strategic decisions about individuals. In this scenario, questions of informational privacy become increasingly urgent the easier it becomes to collect, assemble, transmit and manipulate huge quantities of data. Note that cases in which privacy and confidentiality are broken because the information in question is legally or ethically significant are cases which society may agree to tolerate: e.g. we may all agree that in special circumstances bank accounts may be checked, computer files searched, or tele- phones bugged. The interesting point, for a theoretical foundation of information ethics, is not that information may have some legal consequences. Typically, privacy and confidentiality are treated as problems concerning S’ ownership of some information, the information being somehow embarrassing, shameful, ominous, threatening, unpopular or harmful for S’ life and well-being, yet this is very misleading, for the nature of the information in question is quite irrelevant. It is when the information is as innocuous as one may wish it to be that the question of privacy acquires its clearest value. The husband, who reads the diary of his wife without her permission and finds in it only memories of their love, has still acted wrongly. The source of the wrongness is not the consequences, nor any general maxim concerning personal privacy, but a lack of care and respect for the individual, who is also her information. Yet this is not the familiar position we find defended in CE literature. Rather, a person’s claim to privacy is usually justified on the basis of a logic of ownership and employment: a person possesses her own information (her intimately related facts)[8] and has a right to exercise full control over it, e.g., sell it, disclose it, conceal it, and so forth. There follows that the moral problem is normally thought to consist both in the improper acquisition and use of someone else’s property, and in the instrumental treatment of a human being, who is reduced to numbers and life- less collections of information. Sometimes, it is also argued that privacy has an instrumental value, as a necessary condition for special kinds of social relationships or behaviours, such as intimacy, trust, friendship, sexual preferences, religious or political affiliations or intellectual choices. The suggestion is finally advanced that a person has a right to both exclusive ownership and unique control/use of her private information and that she must be treated differently from a mere packet of information. According to IE, however, this view is at least partly mistaken and fails to explain the problem in full. Instead of trying to stop agents treating human beings as information entities, we should rather ask them to realise that when they treat personal and private information they are treating human beings themselves, and should therefore exercise the same care and show the same ethical respect they would exercise and show when dealing with other people, living bodies or environmental elements. We have seen that a person, a free and responsible agent, is after all a packet of information. She is equivalent to an information microenvironment, a constantly elastic and permeable entity with centres and peripheries but with boundaries that are neither sharply drawn nor rigidly fixed in time. What kind of microinfosphere am I? Who am I? I am my, not anyone’s, self. I am ‘me’, but who or what is this constantly evolving object that constitutes ‘me’, this selfhood of mine? A bundle of information. Me-hood, as opposed to type-self-hood and to the subject-oriented I-hood (the Ego), is the token-person identified as an individual patient from within, is an individual self as viewed by the receiver of the action. We are our information and when an information entity is a human being at the receiving end of an action, we can speak of a me-hood. What kind of moral rights does a me-hood enjoy? Privacy is certainly one of them, for personal information is a constitutive part of a me-hood. Accessing information is not like accessing physical objects. Physical objects may not be affected by their manipulation, but any cognitive manipulation of information is also performative: it modifies the nature of information by automatically cloning it. Intrusion in the me-hood is therefore equivalent to a process of personal alienation: the piece of information that was meant to be and remain private and unique is multiplied and becomes public, it is transformed into a dead piece of my self that has been given to the world, acquires an independent status and is no longer under my control. Privacy is nothing less than the defence of the personal integrity of a packet of information, the individual; and the invasion of an individual’s informational privacy, the unauthorised access, dispersion and misuse of her information is a trespass into her me-hood and a disruption of the information environment that it constitutes. The violation is not a violation of ownership, of personal rights, of instrumental values or of Consequentialist rules, but a violation of the nature of information itself, an offence against the integrity of the me-hood and the efforts made by the individual to construct it as a whole, accurate, autonomous entity independent from, and yet present within, the world. The intrusion is disruptive not just because it breaks the atmosphere of the environment, but because any information about ourselves is an integral part of ourselves, and whoever has access to it possesses a piece of ourselves, and thus undermines our uniqueness and our autonomy from the world. There is information that everyone has about us, but this is only our public side, the worn side of our self, and the price we need to pay to society to be recognised as its members.

[8] T. Forester and P. Morrison, Computer Ethics, 2nd ed. Cambridge Mass.: The MIT Press, p. 102, 1994: “Perhaps the final issue is that concerning information ownership: should information about me be owned by me? Or should I, as a data- base operator, own any information that I have paid to have gathered and stored?”.