Privacy and the Varieties of Informational Wrongdoing
By Jeroen van den Hoven
Department of Philosphy
Erasmus University Rotterdam
PO Box 1738 3000 DR Rotterdam
Netherlands
e-mail: m.j.vandenhoven@fwb.eur.nl
1.
Introduction
The privacy issue lies at the heart of an ongoing debate in nearly all Western democracies between liberalists and
communitarians over the question how to balance individual rights and collective goods. The privacy issue is concerned
more specifically with the question how to balance the claims of those who want to limit the availability
of personal information in order to protect individuals and the claims of those who want to make information about
individuals available in order to benefit the community. This essential tension emerges in many privacy discussions, e.g.
undercover actions by the police on the internet, use of Closed Circuit Television in public places, making medical files
available for health insurance purposes or epidemiological research, linking and matching of databases to detect fraud in
social security, solliciting information about on-line behavior of internet users from access providers in criminal justice
cases.
Communitarians typically argue that the community benefits significantly from having knowledge about its members
available. According to communitarians modern Western democracies are in a deplorable condition and our
unquenchable thirst for privacy serves as its epitome. Who could object to having his or her data accessed if honorable
community causes are served? Communitarians also point out that modern societies exhibit high degrees of mobility,
complexity and anonymity. As they are quick to point out, crime, free riding, and the erosion of trust are rampant under
these conditions. Political philosopher Michael Walzer observes that "Liberalism is plagued by free-rider problems, by
people who continue to enjoy the benefits of membership and identity while no longer participating in the activities that
produce these benefits. Communitarianism, by contrast, is the dream of a perfect free-riderlessness"1.
The modern Nation States with their complex public administrations need a steady input of personal information to
function well or to function at all. In post-industrial societies 'participation in producing the benefits' often takes the
form of making information about one-self available. Those who are responsible for managing the public goods
therefore insist on removing constraints on access to personal information and tend to relativize the importance of
privacy of the individual.
2.
Panoptic technologies and the Public Good
Information technology's applications - panoptic technologies as Oscar Gandy and Jeffrey Reiman call them2 - ranging
from active badges, Intelligent Vehicle Highway Systems (IVHS), Closed Circuit Television (CCTV) and data-base
mining techniques, encourage government agencies, public administrators and business firms to pursue the
communitarian dream of perfect free-riderlessness. It is the logic of the public goods problem that contributes to the
initial plausibility of their aspirations.
Many public administration problems can be characterized as free-rider problems: law enforcement, tax collection,
implementation of environmental policy. The general description of a free-rider problem is that it is a situation where a
number of persons contribute to the production and maintenance of a public good, where each person individually has
an incentive to profit from the public good without making the necessary contribution to its production or maintenance.
When too many persons ride free, i.e. benefit without contributing, the means fall below the mimimum required and the
public good can no longer be produced or sustained, so it disappears alltogether. For example, all citizens in a country
have to contribute to the budget for the protection of the environment in order to sustain particular environmental
1
. Michael Walzer, " The communitarian critique of Liberalism". In A.Etzioni (ed.), New Communitarian Thinking.
Charlottesville/London: University of Virginia Press, 1995. See p. 63.
2
. Oscar H. Gandy, The Panoptic Sort: A Political Economy of Personal Information. Boulder, Colo.: Westview Press,
1993. Jeffrey Reiman, "Driving to the Panopticon: A Philosophical Exploration of the Risks to Privacy Posed by the
Information Technology of the Future", in: Critical Moral Liberalism. Lanham, Boulder, New York, London: Rowman
& Littlefield. Pp. 169-188.
programs, but if too many persons profit from a healthier environment without paying their eco-tax, the basis for a
sustained environmental policy will eventually crumble.
The free-rider problem manifests itself in many areas and has the structure of the Prisoners' Dilemma. The Prisoners'
Dilemma is a strategic choice situation, where the optimal result is individually inaccessable, and the only equilibrium is
suboptimal. In the free-rider problem, as in the Prisoners' Dilemma, we need some way of constraining the egoistic
motives, which are individually rational but do not lead to Pareto optimal results. One way for optimal results to ensue
is to see to it that cooperation is in itself so highly valued by the parties involved so as to affect the pay-off matrix in the
right direction. This is sometimes referred to as the 'internal solution' to the dilemma. Philosophers and game theorists
have proposed ways to avoid the worst outcome by following strategies of constrained maximization3. Public administration however, has to deal with free-riders without assuming unrealistic levels of self-constraint in the population.
Therefore government agencies try to discourage free-riders by excluding non-contributors or by tracking them down
and punishing them, that is by affecting the pay-off matrix by external solutions. But as De Jasay observes:
(...) it is not non-exclusion that makes retaliation impossible (for there may be other ways of punishing
the free-rider than by excluding him), but anonymity of the free-rider. Clearly in a small group it is easier
to spot the free rider and sanction him in one of many possible ways once he is identified than in a large
group, where he can hide in the crowd" (cursivation JVDH).4
Free-rider problems can only take on socially unacceptable forms if the provider of the public good does not know who
rides free and can not determine who the free-riders are. An increase in relevant identifying information increases
chances of retaliation, by alleviating the problem of anonymity. Information technology is ideally suited to uncover
identities of free-riders. Mobile cumputing, ID-chip cards and palm-top computers allow street-level burocrats to verify
information on site so as to increase the effectiveness of public administration and law enforcement procedures. Often
millions of dollars of community money can be saved by simple and cheap data-base applications. IT provides the cost
efficient means to affect the pay-off matrix of free-riders and thereby establish results that are superior in terms of social
utility.
In the market sector the logic of the situation is the same in principle. In a society of strangers trust and the means to
establish normative status and moral reputation are of paramount importance. By means of 'credentials' (on-line
searcheable data-bases, front-end verification,) and 'ordeals' (polygraphs, log-in procedures, and biometrical
identification) we try to compensate for our ignorance about those with whom with have encounters and dealings5.
Information Technology is expected to give us techniques of perfect information, by reducing transactions and
information cost dramatically and by reducing the risks of commerce among strangers, so as to approximate levels of
trust associated with smaller, traditional and less volatile communities.
Both in the private as well as in the public sector IT is seen as the ultimate technology to resolve the problem of
anonymity. Information and communication technology therefore presents itself as the technology of the logistics of
exclusion and access-management to public goods and goods involved in private contracts. Whether IT really delivers
the goods is not important for understanding the dynamics of the use of personal data. The fact that it is widely believed
to be effective in this respect is I think sufficient to explain its widespread use for these purposes. The game-theoretical
structure and the calculability of community gains make the arguments in favor of overriding privacy seem clear,
straightforward and convincing.
But the communitarian interpretation of our modern moral predicament goes deeper than just pointing to crime, fraud
and free-riding in a liberal individualistic society. It questions the very viability of the liberal conception of the self on
behalf of which privacy is claimed and which is central to much of modern ethical theory and political philosophy. The
liberal self is - as Michael Sandel calls it - an "un-encumbered self": a self that makes its choices, including choices
about its own goals and identity, in isolation and far removed from a community. But individuation does not precede
association. The liberal conception of the self does not account for the constitutive attachments that precede the
formation of identities. The liberal conception of the self is unrealistically voluntaristic, disengaged, and radically
unsituated, as Charles Taylor and Seyla Benhabib have argued. The liberal self is an autonomous bricoleur of identities
and symbolic personal information, which claims for itself the elbow room to shape itself in a splendid isolation from a
preexisting community pf speech and action, while reducing the risk of being unmasked, exposed and caught in
inconsistencies by others.
3
. D. Gauthier, Morals by Agreement, Oxford: Oxford University Press, 1986.
. A. De Jasay, Social Contract, Free Ride. A Study of the Public Goods. Oxford: Clarendon Press. See p. 149, n.9.
5
. See for the distinction between 'credentials' and 'ordeals' Steven L. Nock, The Costs of Privacy, surveillance and
reputation in America. Aldine de Gruyter, New York, 1993.
4
From a communitarian point of view the idea of a moral right to privacy therefore seems doubly wrong. First of all, the
autonomous subject of the moral right is a figment of Enlightenment Philosophy and it does not exist strictly speaking.
Secondly, the protection it offers is not worth wanting.
In the final section I will provide a characterisation of some of the main features of the liberal self on which defenses of
a moral right to privacy seem to be based. In the first part of the paper (sections 2-6) I shall argue that we can and
should deconstruct the privacy notion and that we must distinguish at least three types of moral wrongdoing on the basis
of personal information that have nothing to do with privacy6, but nevertheless justify dataprotection. I thus suggest a
broad and revisionary conception according to which claims to data-protection or to constraints on access to personal
information can be identified on the basis of the types of moral reasons for such claims.
I think the following types of moral reasons for data-protection can be distinguished: 1) information-based harm, 2)
informational inequality, 3) informational injustice and 4) encroachment on moral autonomy. In many cases where we
want epistemic or cognitive access to ourselves and our data restricted we do not want to be 'left alone' or to be 'private',
but we want to prevent others from wronging us by making use of knowledge about us. We want fair treatment, equality
of opportunity and do not want to be harmed or discriminated against.
Only the fourth type of moral reason can be identified with a privacy violation in a strict sense. It is important to note
that not all cases where data-protection is justified are privacy cases, although in all cases where privacy (in a narrow
sense) is at stake, data-protection is justified. On this broader conception of informational wrongdoing and dataprotection, privacy interests are identified with interests in moral autonomy, i.e. the capacity to shape our own moral
biographies, to reflect on our moral careers, to evaluate and identify with our own moral choices, without the critical
gaze and interference of others. Where moral reasons of this type can be used appropriately we can say that privacy is at
issue. I will deal with this type of moral reason in the final section.
Dataprotection regimes (like that of the European Community) and their application to specific types of situations and
sectors can thus be justified on the basis of the values of preventing harm, achieving equality of opportunity, realising
justice and safeguarding moral autonomy. In practice we may find that some of them apply to the same cases and that
data-protection in these cases is morally over-determined. I think it is still important to be able to analytically
distinguish between these different types of moral reasons for the protection of personal information and to have a finegrained account of moral reasons for dataprotection, because it enables us to weigh competing claims more carefully.
Both liberals and communitarians can acknowledge the validity of the moral reasons to justify data protection
concerned with harm, equality and justice, although they would disagree about the validity of justifications for
restricting access to personal data which are premised on appeals to moral autonomy and the disputed liberal conception
of the self associated with it. In practice we will find both liberals and communitarians agreeing on dataprotection laws,
since -as this account from informational wrongdoing shows- the essentially contested concept of the self need not
always be involved.
3. Information-Based Harm
The first type of moral reason for dataprotection is concerned with the prevention of harm, more specifically harm,
which is done to persons by making use of personal information about them. The fact that personal information is used
to inflict harm or cause serious disadvantages to individuals does not necessarily make such uses violations of a moral
right to privacy. Cyber criminals and malevolent hackers are known to have used computerized databases and the
Internet to get information on their victims in order to prepare and stage their crimes. The most important moral
problem with 'identity theft' for example is the risk of financial and physical damages. One's bank account may get
plundered and one's credit reports may be irreversible tainted so as to exclude one from future financial benefits and
services. Stalkers and rapists have used the Net and on-line databases to track down their victims and they could not
have done what they did without tapping into these resources. In an information society there is a new vulnerability to
information-based harm. The prevention of information-based harm provides government with the strongest possible
justification for limiting the freedom of individual citizens. Policies that encourage rigorous security measures must be
put in place to protect citizens against information-based harm. This seems to be a matter of security and not of privacy.
No other moral principle than John Stuart Mill's Harm Principle is needed to justify limitations of the freedom of
persons who cause, threaten to cause, or are likely to cause, information-based harms to people. Protecting personal
information, instead of leaving it in the open, diminishes the likelihood that people will come to harm, analogous to the
way in which restricting the access to fire arms diminishes the likelihood that people will get shot in the street. We
6
. I have first proposed this in a seminar at the University of Virginia in the summer of 1996. I thank Judi Decew, Jim
Childress, Joe Kupfer for their comments.
know that if we do not establish a legal regime that constrains citizens' access to weapons, the likelihood that innocent
people will get shot increases. In information societies, information is comparable to guns and ammunition.
4. Informational Inequality
The second type of moral reason to justify data-protection is concerned with equality and fairness. Several authors have
pointed out that privacy may be disappearing as a foundational moral value in the West. According to Calvin Gottlieb
the laws safeguarding privacy don't work because "people don't want them to work in far too many situations7". One
reason for this development is that people welcome the benefits (convenience, discounts, knowledge) that information
technology can give them in exchange for the use of their personal data. More and more people are keenly aware of the
benefits a market for personal data can provide. If a consumer buys coffee at the shopping mall, information about that
transaction can be generated and stored. Many consumers realize that every time they come to the counter to buy
something, they can also sell something, namely, information about their purchase or transaction, the so-called
transactional data. Likewise, sharing information about ourselves on the Net with web sites, browsers, autonomous
agents may pay off in terms of more and more adequate information (or discounts and convenience) later. Many privacy
concerns have been and will be resolved in quid pro quo practices and private contracts about the use and secondary use
of personal data. But although a marketmechanism for trading personal data seems to be kicking in on a global scale,
not all individual consumers are aware of this economic opportunity, and if they do, they are not always trading their
data in a transparant and fair market environment. Moreover they do not always know what the implications are of what
they are consenting to when they sign a contract. We simply cannot assume that the conditions of the developing market
for personal data guarantee fair transactions by independent standards. Data protection laws should be put in place in
order to guarantee equality and a fair market for personal data. Dataprotection laws in these types of cases typically
protect individual citizens by requiring openness, transparancy, participation and notification on the part of business
firms and direct marketeers to secure fair contracts.
5. Informational Injustice
A third and important moral reason to justify the protection of personal data is concerned with justice in a sense which
is associated with the work of the political philosopher Michael Walzer.
Michael Walzer has objected to the simplicity of Rawls' conception of primary goods and universal rules of distributive
justice by pointing out that "there is no set of basic goods across all moral and material worlds, or they would have to be
so abstract that they would be of little use in thinking about particular distributions"8. Goods have no natural meaning,
their meaning is the result of socio-cultural construction and interpretation. In order to determine what is a just
distribution of the good we have to determine what it means to those for whom it is a good. In the medical, the political,
the commercial sphere, there are different goods (medical treatment, political office, money) which are allocated by
means of different allocative or distributive practices: medical treatment on the basis of need, political office on the
basis of desert and money on the basis of free exchange. What ought to be prevented, and often is prevented as a matter
of fact, is dominance of particular goods. Walzer calls a good dominant if the individuals that have it, because they have
it, can command a wide range of other goods. A monopoly is a way of controling certain social goods in order to exploit
their dominance. In that case advantages in one sphere can be converted as a matter of course in advantages in other
spheres. This happens when money (commercial sphere) could buy you a vote (political sphere) and would give you
preferential treatment in healthcare (medical), would get you a university degree (educational), etc. We resist the
dominance of money -and other social goods for that matter (land, physical strength)- and think that political
arrangements allowing for it are unjust. No social good x should be distributed to men and women who possess some
other good y merely because they possess y and without regard to the meaning of x.
What is especially offensive to our sense of justice, Walzer argues, is the allocation of goods internal to sphere A on the
basis of the distributive logic or the allocation scheme associated with sphere B, second, the transfer of goods across the
boundaries of separate spheres and thirdly, the dominance and tyranny of some goods over others. In order to prevent
this the 'art of separation' of spheres has to be practiced and 'blocked exchanges' between them have to be put in place. If
the art of separation is effectively practiced and the autonomy of the spheres of justice is guaranteed then 'complex
equality' is established. One's status in terms of the holdings and properties in one sphere are irrelevant -ceteris paribusto the distribution of the goods internal to another sphere.
7
. Calvin Gottlieb, "Privacy: a concept whose time has come and gone". In: Lyon and Zureik (eds.). Computer,
Surveillance and Privacy. Minneapolis: University of Minnesota Press, 1996. See p. 156.
8
. M. Walzer, Spheres of Justice. Oxford: Basil Blackwell, 1983. See p. 8.
Walzer's analysis also applies to information, I claim. The meaning and value of information is local, and allocative
schemes and local practices that distribute access to information should accomodate local meaning and should therefore
be associated with specific spheres. Many people do not object to the use of their personal medical data for medical
purposes, whether these are directly related to their own personal health affairs, to those of their family, perhaps even to
their community or the world population at large, as long as they can be absolutely certain that the only use that is made
of it is to cure people from diseases. They do object, however, to their medical data being used to disadvantage them
socio-economically, to discriminate against them in the workplace, refuse them commercial services, deny them social
benefits, or turn them down for mortgages or political office on the basis of their medical records. They do not mind if
their library search data are used to provide them with better library services, but they do mind if these data are used to
criticize their tastes, and character. They would also object to these informational cross-contaminations when they
would benefit from them, as when the librarian would advise them a book on low-fat meals on the basis of knowledge
of their medical record and cholesterol values, or a doctor poses questions, on the basis of the information that one has
borrowed a book from the public library about AIDS.
We may thus distinguish another form of informational wrongdoing: "informational injustice", that is, disrespect for the
boundaries of what we may refer to, following Michael Walzer, as 'spheres of justice' or 'spheres of access'. I think that
what is often seen as a violation of privacy is oftentimes more adequately construed as the morally inappropriate
transfer of data across the boundaries of what we intuitively think of as separate "spheres of justice" or "spheres of
access."
6. Spheres of Access
This construal of constraints on access to personal information in terms of spheres9 captures an important aspect of what
people find threatening and problematic about information technology: the fact that it facilitates the violation, blurring
or annihilation of boundaries between seperate social realms or provinces of meaning. Several moral philosophers and
sociologists have written about social differentiation using the intuitively plausible but somewhat nondescript notion of
a social "spheres", "domains", or "fields". The massive literature on social differentiation may provides us with useful
insights into how social reality is carved up and how information management is practiced in order to maintain the
integrity and functional unity of what Walzer refers to as spheres of justice. Although there are differences in
vocabularies, sociologists and philosophers from Erving Goffman, Bourdieu and Luhman and Walzer have made very
much the same point about the seperateness, segregation, autonomy and integrity of audiences, fields and systems,
domains and spheres.
According to Pierre Bourdieu in highly differentiated societies the social cosmos is made up of a number of such
relatively 'autonomous social microcosms' or 'fields', such as the artistic field, the religious field, or the economic field,
which all follow specific logics and are irreducible to eachother. A field is a network of objective relations between
agents or institutions (positions), which are defined by their present/potential situation (situs) in the structure of
distribution of species of power (or capital). One's place in this relational space determines one's access to the specific
profits that are at stake in the field. The question of the delineation of the boundaries of the field is a very difficult one,
if only because it is always at stake in the field itself. Boundaries can only be determined by an empirical investigation.
It is only by studying them that you can assess how concretely they are constituted, where they stop, who gets in and
who does not, and whether at all they form a field.
9
. Ferdinand Schoeman (Privacy and Social Freedom, Cambridge, 1992) introduced the notion of a "spheres of access"
or "spheres of life" in the privacy literature. He contends that different domains of life deserve protection from various
kinds of intrusion (p. 157): "We can begin to think about a sphere of life by identifying a sphere as defined by an
associational tie. One important function of privacy is to help maintain both the integrity of intimate spheres as against
more public spheres and the integrity of various public spheres in relation to one another". Geoffrey Brown (The
Information Game. Ethics in a Microchip World, New York, 1989) has proposed along these lines that access to
particular information about person P should be systematically related in the appropriate way to the network of social
relationships in which P stands to others, by virtue of their places in the role structure. An invasion of privacy can be
said to have occurred wherever the flow of information becomes divorced from the social role structure,
what Brown labels a "Short Circuit Effect". According to Brown, privacy is important because it allows one
to manage one's role identity. If someone accepts a particular social role (P acts as a doctor; P gives a lecture,
P borrows a book in the public library), this person thereby assents to the appropriateness of an associated
pattern of information exchange.
Michael Philips, following Walzer, proposes a moral theory on the basis of the distinction between different social
domains and the articulation of domain specific standards:
"Domain-specific standards regulate activities and relationships in specific domains of social life.
Individuating by roles, examples of domains include the family, the educational sytem, the scientific
community, the criminal justice system, the medical system, the economic system, the political system,
and so forth10."
There are also core standards, which regulate a single category of action across all domains. Philips takes the
prohibition against lying as an example. The single category of action involved here is 'information exchange'. But there
is no general standard 'do not lie'. Information exchange is regulated differently in different domains; there is a cluster of
regulations governing information exchanges in various domains.
Seyla Benhabib has made a distinction between two types of communitarian thinking, integrationist and participatory11.
According to the former, only the recovery of a coherent value scheme can solve the problems of individualism,
anomie, egotism, and alienation in modern societies. Participationists see the problems of modernity not in
fragmentation or a loss of belonging and solidarity but in a loss of political agency and efficacy. This loss may be a
consequence, she surmises, of certain contradictions between the various spheres, which diminishes one's possibilities
for agency in one sphere on the basis of one's position in another sphere (as, for example, when the right to vote is made
dependent upon income). Social differentiation is not the problem that participationist communitarianism attempts to
overcome; it is the reduction of contradictions and tensions between spheres and the articulation of nonexclusive
principles of membership among the spheres12.
Data protection, as a set of normative constraints on information exchange, is an instrument of the art of
seperation and the design of blocked exchanges
and it can be regarded as a means of establishing an interesting level of social justice, political agency, and efficacy by
diminishing the tensions among spheres.
7. Encroachment on moral autonomy
Information based Harm, informational inequality, and informational injustice are the three types of moral reasons to
protect personal data acceptable to both liberalists and communitarians. They are framed in moral terms which should
be acceptable to both liberalists and communtarians. One other reason for protecting personal data is is what I think is
the privacy concern in a strict sense.
I think that philosophical theories of privacy which account for its importance in terms of the moral autonomy13, i.e. the
capacity to shape our own moral biographies, to reflect on our moral careers, to evaluate and identify with our own
moral choices, without the critical gaze and interference of others and a pressure to conform to the 'normal' or socially
desired identities, provides us with a bridging concept between the privacy notion and a liberalist conception of the self.
Such a construal of privacy's importance, or core value, will limit the range of application of the privacy concept, but
may invigorate its value, if the underlying conception of the self should be vindicated. Privacy, conceived along these
lines, would only provide protection to the individual in his quality of a moral person engaged in self-definition and
self-improvement against the normative pressures which public opinions and moral judgements exert on the person to
conform to a socially desired identity. Information about Bill, whether fully accurate or not, facilitates the formation of
judgements about Bill. Judgements about Bill, when he learns about them, suspects that they are made, fears that they
are made, may bring about a change in his view of himself, may induce him to behave differently than he would have
done without. There are several mechanisms of what Von Wright referred to as 'normative pressure'14 operative here.
To modern contingent individuals, who have cast aside the ideas of historical and religious necessity, living in a highly
volatile socio-economic environment, and a great diversity of audiences and settings before which they their
10
. Michael Philips, Between Universalism and Skepticism, Ethics as Social Artifact. Oxford: Oxford University Press,
1994. See p. 95 ff.
11
. Seyla Benhabib, Situating the Self. New York: Routledge, 1992. See pp. 77 ff.
12
. Benhabib 1992, 77-78.
13
. Joe Kupfer has made a similar proposal in his "Privacy, Autonomy and Self-concept", American Philosophical
Quarterly, 24 no. 1 (1987) 81-89. Privacy, according to Kupfer enables " (...) self-knowledge, self-criticism, and selfevaluation. This sort of control over self-concept and self is a second-order autonomy".
14
. Judith DeCew has also identified the prevention of 'pressure to conform' as one of the important rationales of
privacy protection. See her In Pursuit of Privacy. Cornell University Press, 1997.
appearance, the fixation of one's moral identity by means of the judgements of others is felt as a obstacle to 'experiments
in living' as Mill called them. The modern liberal individual wants to be able to determine himself morally or to undo
his previous determinations, on the basis of more profuse experiences in life, or additional factual information15.
Dataprotection laws can provide the leeway to do just that.
This conception of the person as being morally autonomous, as being the author and experimentator of his or her own
moral career, provides a justification for protecting his personal data. Data-protection laws thus provides protection
against the fixation of one's moral identity by others than one's self and have the symbolic utility16 of conveying to
citizens that they are morally autonomous.
A further explanation for the importance of respect for moral autonomy may be provided along the following lines.
Factual knowledge of another person or another person is always knowledge by description. The person himself however, does not only know the facts of his biography, but is the only person who is acquainted with the associated
thoughts, desires and aspirations. However detailed and elaborate our files and profiles on Bill may be, we are never
able to refer to the data-subject as he himself is able to do. We may only approximate his knowledge and selfunderstanding. Bernard Williams has pointed out that respecting a person involves 'identification' in a very special
sense, which I refer to as 'moral identification', which has a static and a dynamic dimension:
" (...) in professional relations and the world of work, a man operates, and his activities come up for
criticism, under a variety of professional or technical titles, such as 'miner or 'agricultural labourer' or
'junior executive'. The technical or professional attitude is that which regards the man solely under that
title, the human approach that which regards him as a man who has that title (among others), willingly,
unwillingly, through lack of alternatives, with pride, etc. (...) each man is owed an effort at identification:
that he should not be regarded as the surface to which a certain label can be applied, but one should try to
see the world (including the label) from his point of view"17.
Moral identification thus presupposes knowledge of the point of view of the data-subject and a concern with what it is
for a person to live that life. Persons have aspirations, higher order evaluations and attitudes and they see the things they
do in a certain light. Representation of this aspect of persons seems exactly what is missing when personal data are piled
up in our data-bases and persons are represented in administrative procedures18. The identifications made on the basis of
our data fall short of respecting the individual person, because they will never match the identity as it is experienced by
the data-subject. It fails because it does not conceive of the other on his own terms. Respect for privacy of persons can
thus be seen to have a distinctly epistemic dimension. It represents an acknowledgement that it is impossible to really
know other persons as they know and experince themselves. Even if we could get it right about moral persons at any
given point in time, by exhibit of extraordinary emphathy and attention, then it is highly questionable whether the datasubject's experience of himself, as far as the dynamics of the moral person is concerned, can be captured and adequately
represented. The person conceives of himself as trying to improve himself morally. The person can not be identified,
not even in the sense articulated by Bernard Williams, with something limited, definite and unchanging. This point was
by the French Existentialist Gabriel Marcel:
"(...) il faudra dire que la personne ne saurait etre assimilee en aucune maniere a un objet dont nous
pouvons dire qu'il est la, c'est-a-dire qu'il est donne, present devant nous, qu'il fait partie d'une collection
par essence denombrable, ou encore qu'il est un element statistique (...)"19.
15
. Kierkegaard identified 'irony' as the originating concept of the modern individual, it is the "liberty of the subject to
refuse any determination proposed to him or projected onto him. It is absolute freedom: the capacity to say No without
limit and without qualification". See L. Mackey, Points of View, Readings of Kierkegaard. Tallahassee: University
Presses of Florida, 1986. See p. 133.
16
. See for the notion of 'symbolic utility', Robert Nozick, The Nature of Rationality, Princeton: Princeton University
Press, 1993.
17
. Bernard Williams, Problems of the Self. Cambridge: Cambridge University Press, 1973. See p. 236.
18
. See Protection of personal data used for employment purposes, Council of Europe, Recommendation No. R (89) 2,
adopted by the Committee of Ministers on 18 January 1989, article 2: "(...) respect for human dignity relates to the need
to avoid statistical dehumanisation by undermining the identity of employees through data-processing techniques which
allow for profiling of employees or the taking of decisions based on automatic processing which concern them"
(Explanatory Memorandum, para. 25). Quoted by B.W. Napier, "The Future of Information Technology Law",
Cambridge Law Journal, 51, no. 1, 1992, p. 64.
19
. Gabriel Marcel, Homo Viator. Paris: Aubier, Editions Montaigne, 1944. See p. 31. This neatly accomodates the fact
The person always sees itself as becoming, as something that has to be overcome, not as a fixed reality, but as
something in the making, something that has to be improved upon:
"Elle se saisit bien moins comme etre que comme volonte de depasser ce que tout ensemble elle est et elle
n'est pas, un actualite dans laquelle elle se sent a vrai dire engagee ou implique, mais qui ne la satisfait
pas: qui n'est pas a la mesure de l'aspiration avec laquelle elle s'identifie"20.
As Marcel puts it, the individual's motto is not sum (I am) but sursum (higher). The human person has a tendency not to
be satified, but he or she is always aspiring to improve him or herself. Always on his or her way, Homo Viator21.
It is clear that this construal of privacy implies a disengaged, unsituated and 'punctual' self. At the end of his ver
perceptive paper on Privacy and Intelligent Vehicle Highway Systems22 Jeffrey Reiman observes that there is a
profound link between liberalism, privacy and conceptions of the self: "The liberal vision is guided by the ideal of the
autonomous individual, the one who acts on principles that she has accepted after critical review, rather than simply
absorbing them unquestioned from outside. Moreover, the liberal stresses the importance of people making sense of
their own lives (...) and has an implicit trust in the transformational and ameliorative possibilities of private inner life".
Communitarians have always felt themselves comfortably supported by Aristotle in their critique of this liberalist
conception of the individual and its relation to the community. He has been traditionally been interpreted as exalting the
community and public realm over the private and the individual. Judith Swanson persuasively argues however, that
privacy plays an important role in Aristotle's political philosphy23. The rationale of privacy for Aristotle is to enable one
to turn away in order to achieve moral excellence. In sofar as private activity requires pulling away from the drag of
common opinion the public should foster privacy, that is not sites but activities that cultivate virtue without
accomodating or conforming to common opinion24.
Protecting privacy here is proposed as a way of acknowledging our systematic inability to identify the datasubject as
being the same as the moral self with which the datasubject identifies itself. Justifying dataprotection by an appeal to
privacy is to ask for a 'moral time out'. that is not a time out from the moral point of view , but a time out from
prevailing social morality. It can be granted only if and insofar it is used to moral reflection and self-improvement.
Communitarian should decide what the best way is tu pursue their dream of perfect free-riderlessness, by granting
privacy or by refusing it.
that in French criminal law statistical evidence relating to persons is not allowed in court. I thank Daniele Bourcier for
pointing this out to me.
20
. Op. cit., p. 32
21
. This is only part of Marcel's diagnosis of the modern subject. His work is in part a way of remedying it's
deficiencies.
22
. Jeffrey Reiman, "Driving to the Panopticon". In Critical Moral Liberalism. Lanham: Rowman & Littlefield, 1997.
See p. 182-183.
23
. Judith A. Swanson, The Public and the Private in Aristotle's Political Philosophy. Ithaca/London: Cornell
University Press, 1992.
24
. Swanson notes: "(...) in Aristotle's view, every huamn being has a right to privacy insofar as everyone -from
children to the slavish to the philosophical-should be granted (...) opportunities to cultivate the most virtue of which they
are capable. But this right may sometimes require denying some persons (for example, children, law breakers) freedom to
make choices, or it may circumscribe their choices; and it does not grant the eligible merely the freedom tochoose, but
also the resources and thus the encouragement or direction to choose virtuously". Op. cit., p. 7, n. 17.