Privacy is a state each of us enjoys to the degrees others respect it.
And they respect what economists call signals. We send those signals through our behavior (hand signals, facial expressions) and technologies. Both are expressions of agency: the ability to act with effect in the world.
So, for example, we signal a need not to reveal our private parts by wearing clothes. We signal a need not to have our private spaces invaded by buttoning our clothes, closing doors, setting locks on those doors, and pulling closed curtains or shades. We signal a need not to be known by name to everybody by not wearing name tags as we walk about the world. (That we are naturally anonymous is a civic grace, but a whole ‘nuther thread.)
All of this has been well understood in the physical world for as long as we’ve had civilization—and perhaps longer. It varies by culture, but remained remarkably non-controversial—until we added the digital world to the physical one.
The digital world, like the physical one, came without privacy. We had to invent privacy in the physical world with technologies (clothing, shelter, doors, locks) and norms such as respect for the simple need for personal dignity.
We have not yet done the same in the digital world. We did, however, invent administrative identities for people, because administrative systems need to know who they’re interested in and dealing with.
These systems are not our own. They belong to administrative entities: companies, government agencies, churches, civic groups, whatever. Nearly 100% of conversation about both identity and privacy take place inside the administrative context. All questions come down to “How can this system with ways of identifying us give us privacy?” Even Privacy By Design (PbD) is about administrative systems. It is not something you and I have. Not in the way we have clothes.
And that’s what we need: the digital equivalents of clothing and ways of signaling what’s okay and what’s not okay. Norms should follow, and then laws and regulations restricting violations of those norms.
Unfortunately, we got the laws (e.g. the EU’s GDPR and California’s AB 375) before we got the tech and the norms.
But I’m encouraged about getting both, for two reasons. One is the work going on here among VRM-ish developers. The other is that @GregAEngineer gave a talk this morning on exactly this topic, at the IEEE #InDITA conference in Bangalore.
Oh, and lest we think privacy matters only to those in the fully privileged world, watch Privacy on the Line, a video just shared here.