|
|
[Home] [Help] [Databases] [WorldLII] [Feedback] |
|
Melbourne University Law Review |
DAVID LINDSAY[∗]
[Recent years have seen significant developments in the protection of privacy at general law in common law jurisdictions, including the United Kingdom and New Zealand. Although the general law protection of privacy in Australia is uncertain, there has been a proliferation of information privacy laws at both federal and state levels. This article contends that the future development of privacy law in Australia should be based upon a rigorous analysis of the complex concept of privacy. As a first step in this analysis, the article reviews the main approaches that have been taken to the concept of privacy, distinguishing deontological from consequentialist approaches. The article claims that these two approaches are related, in general terms, to the two main Western legal approaches to privacy protection: the European ‘rights-based’ and the American ‘market-based’ approaches. Drawing upon Foucauldian analysis, the article claims that privacy law can be understood within the context of ongoing social processes of normalisation and rationalisation. As such, our understanding of privacy law can be assisted by relating it to an important Western political tradition — including thinkers such as Weber, Heidegger, Foucault and Habermas — that is ambivalent about market-based and bureaucratic rationalisation. Assuming this to be the case, both ‘rights-based’ and ‘market-based’ approaches can be seen as reinforcing social rationalisation. Within an overwhelmingly consequentialist society such as Australia, however, a ‘rights-based’ approach to privacy law may be preferred as a way of resisting global pressures for social rationalisation, and as a form of protection for pluralistic social identities.]
CONTENTS
Australian privacy law has reached a point where it would be desirable for future developments to be based on a deeper analysis of the concept of privacy and its role within Australian society. Unless this analysis is undertaken, it is unlikely that the future development of privacy law in Australia will be satisfactory or principled. It is imperative for the analysis to be undertaken because Australian privacy law is assuming increasing social and economic significance while, at the same time, undergoing fundamental transformation.
The challenges facing the protection of privacy at general law in Australia were foreshadowed by Gleeson CJ in Australian Broadcasting Corporation v Lenah Game Meats Pty Ltd, who maintained that ‘[t]he law should be more astute than in the past to identify and protect interests of a kind which fall within the concept of privacy.’[1]
Since these comments, there have been significant developments in the protection of privacy at general law in New Zealand and in the United Kingdom, both expressly influenced by rights-based jurisprudence. In Campbell v MGN Ltd,[2] the House of Lords continued and confirmed the preference of English courts to protect privacy by extending the action for breach of confidence, while incorporating arts 8 (the right to privacy) and 10 (the right to freedom of expression) of the European Convention for the Protection of Human Rights and Fundamental Freedoms[3] within the parameters of the established action for breach of confidence. In Hosking v Runting,[4] on the other hand, the majority of the New Zealand Court of Appeal definitively recognised a tort of public disclosure of private facts. In doing so, Gault P and Blanchard J specifically stated that:
The emergence internationally of concern for the protection of human rights and of individual consumers provides examples reflecting the shift in emphasis from the traditional approach to tort liability (liability for reprehensible conduct) to the protection of identified rights.[5]
If the question of the protection of privacy under the general law comes before the Australian High Court, the relative merits of the approaches adopted by courts in the United Kingdom and in New Zealand should be assessed.[6] In doing so, the eventual shape of the law may be influenced by the traditional Australian reticence towards ‘rights’.
The emergence of a higher level of protection of privacy at general law should not be viewed in isolation from legislative developments conferring greater protection on privacy. In fact, the most significant legal development in the protection of privacy under Australian law has been the proliferation of information privacy, or ‘data protection’, laws.[7] Despite these developments, the conceptual underpinnings of Australia’s information privacy laws have not been clearly enunciated.
The practical consequences of this failure cannot be underestimated. Under European Union (‘EU’) data protection law, a Working Party has been established to assess the ‘adequacy’ of the level of protection given by non-EU countries to personal data which may be transmitted by EU citizens.[8] In January 2001, the Working Party published an Opinion which expressed concerns regarding the ‘adequacy’ of the Australian federal private sector regime.[9] A greater appreciation of the extent to which European data protection law is based on a concept of privacy that draws upon Continental human rights traditions is essential to understanding the tensions between the EU and the Australian government on this issue. Defending policy differences with the EU will be difficult as long as the conceptual foundations of Australian information privacy laws are poorly understood and articulated.
This article contends that the uncertain development of the protection of privacy at general law, and the difficulties confronting Australian information privacy laws, can be traced to a common source: an inadequate analysis and articulation of an Australian approach to the concept of privacy.
In further exploring the role of the concept of privacy under Australian law, the article makes a number of claims. First, the central connection between the concept of privacy and modern Western political and legal traditions is explained. In particular, privacy is related to two linked processes that are at the heart of modern Western practices of social ordering. Privacy is, first of all, central to the creation of forms of subjectivity marked by strong individual identities. In other words, the creation of individual subjects, conventionally defined in opposition to others, depends upon particular forms of withholding and disclosure of aspects of the self.[10] In addition, the concept of privacy is related to a major strand of modern Western political and legal thought, one that is characterised by fundamental disquiet with the perceived excesses of political and administrative rationality.
Secondly, this article contends that there is a fundamental divergence between the two main approaches to privacy within the Western legal tradition, which can be conveniently labelled the ‘European approach’ and the ‘American approach’. It is important to understand that there are entrenched and growing differences in the underlying assumptions and essential orientations of contemporary European and American legal traditions. The approach taken to the protection of privacy within the Australian legal system must necessarily refer to these two approaches, which should now be seen as rivals, despite their common historical roots in the Enlightenment.
Thirdly, this article links the divergence in approaches to privacy to an unresolved tension within the Western tradition: whether the legal protection of values, such as privacy, is subservient to instrumental goals, such as economic rationality or efficiency, or whether it should be directed at promoting the non-instrumental values of human dignity and individual autonomy. In other words, should privacy law protect individuals as ‘empirical consumers’ or as ‘ideal citizens’? The suggested answer is that the approach adopted by the law should depend upon whether a consequentialist or deontological approach is taken to the concept of privacy.
This article has six main parts. The first part discusses conceptual difficulties with the concept of privacy and proposes a new Foucault-influenced approach, in which ‘privacy’ should be understood in the context of ubiquitous
micro-struggles over identity within totalising social practices. The second part examines the main conceptual justifications for privacy laws, distinguishing deontological from consequentialist accounts, and attempts to relate the traditional justifications to the new understanding of privacy. The third part describes the historical origins of the most important ‘new’ form of privacy law: information privacy or data protection laws. It explains the different social and political sources of American information privacy laws on the one hand, and European data protection laws on the other. The fourth part deals with the traditional justifications for information privacy laws, again distinguishing deontological from consequentialist accounts, and further explains how these justifications relate to arguments for privacy protection more generally. The fifth part explains the increasing divergence between American and European approaches to data protection, and relates the differences to the distinction between consequentialist and deontological accounts of information privacy. The sixth part summarises the issues at stake in the conflict between European and American approaches to information privacy, and explains the choices facing Australian privacy law. The conclusion suggests a preferred approach to shaping privacy laws in Australia, drawing upon the proposed new understanding of the concept of privacy.
The concept of privacy occupies an especially difficult position in Western legal and political discourse. It is an ‘elusive’ concept that is difficult to define in any satisfactory manner.[11] As long ago as 1873, Sir James Fitzjames Stephen concluded that ‘[t]o define the province of privacy distinctly is impossible’.[12] Since then, a daunting literature has developed, which appears to have approached privacy from every possible theoretical and political position.[13] In fact, the most notable feature of this literature has been an almost complete absence of agreement concerning both the definition of privacy and the values said to be promoted by the legal protection of privacy.[14]
For a concept that has become central to contemporary political concerns, it is surprising that philosophical and legal analysis of privacy as a distinct concept did not commence in earnest, at least in the English-speaking world, until the late 1960s.[15] The formidable, predominantly American, literature which then emerged[16] can be directly ascribed to three developments. First, in the United States the 1950s and 1960s saw a considerable increase in surveillance technologies and practices, including electronic surveillance of individuals by government agencies such as the Federal Bureau of Investigation.[17] The legal reaction to the increased use of surveillance culminated in the 1967 Supreme Court decision in Katz v United States,[18] which held that the Fourth Amendment protection against unreasonable searches and seizures extended to protect telecommunications from interception without a warrant. Secondly, there were underlying concerns arising from the proposed use of computerised systems by governments for collecting and processing personal information, which gave rise to modern information privacy law.[19] Thirdly, there was the recognition in the seminal Supreme Court decision of Griswold v Connecticut of a new form of constitutional protection of privacy as an unenumerated right under United States law.[20] The Court’s decision in Griswold gave rise to a controversial jurisprudence concerning a sphere of individual decision-making immune from state proscription.[21]
The troubled history of the concept of privacy in Western philosophical and legal traditions poses two important related questions that must be addressed before progress can be made in examining the concept. First, why has defining the concept of privacy proven to be intractable or, at least, why has analysis of the concept been much more difficult than comparable analyses of other complex social and political concepts, including liberty and freedom of expression? Secondly, why have particular Western legal systems accorded legal recognition to privacy at particular points in history, albeit that the precise forms of legal protection have been less than coherent?
There are a number of possible explanations for the dissension and confusion surrounding the concept of privacy. To begin with, there are well-known difficulties associated with defining all complex social and political concepts. Many attempts at defining privacy have been unsophisticated. For example, most definitions proposed by theorists have attempted to distinguish privacy from related concepts, such as secrecy or autonomy, by stating necessary and sufficient conditions that set privacy apart.[22] In other words, there have been attempts to attribute an essential meaning to the concept. In the 20th century, however, essentialism was rejected as a useful means of defining words or concepts.[23]
A further difficulty with defining key social and political terms is the extent to which concepts such as privacy are thoroughly value-laden, leading to suggestions that it is impossible for there ever to be agreement on the meaning of the term. It is sometimes asserted that privacy is an ‘essentially contested concept’, meaning that it is so complex and value-laden that disputes regarding its definition cannot be resolved rationally.[24] However, as Andrew Mason has convincingly argued, acknowledging that more than one interpretation of a contested concept may be reasonably held does not necessarily rule out adopting a particular version of the concept as superior to others.[25]
There is no doubt that, like other concepts such as liberty and democracy, the value placed on privacy is culturally and historically relative.[26] However, the problem with privacy is that it has been difficult even to attribute generally accepted culturally and historically specific meanings to the concept. This can only be explained by investigating the relationship between privacy and social developments since the 17th century, looking in particular at the emergence of the modern state and market economy, and the development of modern individualism. In other words, we need to understand the relationship between the Enlightenment political tradition, from Thomas Hobbes to Immanuel Kant, in which privacy played no explicit role, and contemporary political debates, in which privacy is centrally important.[27]
The Enlightenment political tradition was essentially concerned with defining the limits of legitimate, as opposed to arbitrary, authority. The main problem posed by the Enlightenment tradition was the problem of sovereignty: given that political authority was not absolute, how could its exercise be justified? The general response was that an exercise of power was legitimate if it was in accordance with law. The establishment of the limits of lawful authority therefore went hand-in-hand with the definition of legal rights of individuals as against the state. In other words, the relationship between the individual and the state was characteristically expressed in legal or juridical terms.
An important area in which the legal limits of state power were defined in the 18th century concerned the state’s powers to enter premises and seize property. In the famous 1765 English decision of Entick v Carrington,[28] which is commonly regarded as an early decision on ‘privacy’, Lord Camden CJ ruled against the use of ‘general warrants’ to search premises and seize papers.[29] Similarly, as Daniel Solove points out, at the time of the Revolutionary War in the United States, ‘the central privacy issue was freedom from government intrusion. The Founders detested the use of general warrants and writs of assistance.’[30]
At the time, legal restraints on the intrusion of public authorities into private homes were conceived as part of a general struggle for individual liberties against repressive state power, and not in terms of protecting privacy. However, focusing only on this historically specific struggle for liberty gives a seriously incomplete picture. Although the attention of Enlightenment theorists was directed at defining the legal limits of public authority, as Michel Foucault has pointed out, the growth of the modern state was accompanied by innovative techniques of social control concentrated on ordering individuals and their behaviour.[31]
In his work of the 1970s, Foucault suggested that the Enlightenment focus on legitimate authority and the rights of individuals was based on an inadequate understanding of power and of the way in which power is exercised. In his view, conceiving power solely in terms of a struggle between state repression and individual liberties ignores more insidious techniques through which power is exercised in everyday life. As Foucault explained:
In defining the effects of power as repression, one adopts a purely juridical conception of such power, one identifies power with a law that says no — power is taken, above all, as carrying the force of a prohibition. Now, I believe that this is a wholly negative, narrow, skeletal conception of power, one that has been curiously widespread. If power were never anything but repressive, if it never did anything but to say no, do you really think one would be brought to obey it? What makes power hold good, what makes it accepted, is simply the fact that it doesn’t only weigh on us as a force that says no; it also traverses and produces things, it induces pleasure, forms knowledge, produces discourse.[32]
Foucault’s analysis of power may assist in explaining some of the difficulties encountered with the concept of privacy. First, the concept was not explicitly addressed by Enlightenment political thinkers because their attention was elsewhere. Foucault, in fact, suggested that the focus on the formulation of legal rights and liberties can be seen as essential to the acceptable operation of techniques of social control at the micropolitical level, claiming that ‘power is tolerable only on condition that it mask a substantial part of itself.’[33]
Secondly, the concept of privacy is difficult to pin down because it is concerned with techniques of power that are dispersed within society, and which take a diversity of forms. In a process Foucault referred to as ‘swarming’, techniques of social control were first developed in institutions such as prisons, schools and factories, then became generalised in a variety of contexts.[34] Given the diversity of social practices that give rise to privacy concerns, it is not surprising that different theorists have emphasised different aspects of privacy, highlighting particular concerns in particular contexts. If power relations are everywhere, then privacy, which must be seen in the context of such relations, is an understandably diffuse concept, capable of multiple meanings.
Thirdly, privacy is a complex concept because it is concerned not only with impersonal processes of social ordering, but with the creation of particular kinds of individual subjects. Foucault explained the relationship as follows:
The individual is no doubt the fictitious atom of an ‘ideological’ representation of society; but he is also a reality fabricated by this specific technology of power that I have called ‘discipline’ ... In fact, power produces; it produces reality; it produces domains of objects and rituals of truth. The individual and the knowledge that may be gained of him belong to this production.[35]
It is standard practice for privacy to be related to the formation of personal identity. As Paul Freund, for example, put it:
For the individual in his personal relations privacy offers a shelter for the loosening of inhibitions, for self-discovery and self-awareness, self-direction, innovation, groping, nourishment for a feeling of uniqueness and a release from the oppression of commonness.[36]
Nevertheless, the extent to which the concept of privacy is related to power-based struggles over identity, or over particular forms of subjectivity,
has yet to be fully explored. For the moment, it can be observed that insofar as modern forms of identity are complex and multifaceted, then so too is the concept of privacy.
Why is it that even though the concept of privacy was ignored during the political discourse accompanying the formation of the modern state, it was later taken up by theorists who spoke of a ‘right to privacy’, and subsequently expressly recognised in some Western legal systems? In other words, why has the concept of privacy, at particular points in history, been incorporated into legal systems? The answer to this question is necessarily complex.
The concept of privacy began to receive explicit recognition in the
Anglo-American world in the second half of the 19th century. Legal concern with privacy in the United States commenced with an 1890 article by Samuel Warren and Louis Brandeis, which was concerned with public disclosure of private matters.[37] One way to view these concerns, of which the Warren and Brandeis article is a prominent example, is as a response to the progressive intensification and democratisation of techniques of social ordering, including practices of normalisation and surveillance. Intensification and democratisation became possible, in part, either because of new technologies, including communications technologies, or because of new ways of using established technologies.
Warren and Brandeis were specifically concerned with practices made possible by hand-held cameras and by sensational journalism. These practices can be seen as forms of objectification of individual identity. Reporting the activities of private individuals by the press, for example, can be seen as part of the reinforcement and formation of social norms. Concern with these practices prompted Warren and Brandeis to call for legal limits on the surveillance and normalisation that were practised not by the state, but by private parties, especially the press. The authors famously distinguished the relationship between their argument and traditional limits on search and seizure by asking: ‘Shall the courts ... close the front entrance to constituted authority, and open wide the back door to idle or prurient curiosity?’[38]
Laws protecting privacy, then, can be seen as a response to crises in the deployment of technologies and associated techniques of social control. In other words, there are times when the proliferation of such techniques becomes so intense that they result in social and political responses. The conventional response, modelled on traditional political analysis of the response to the growth of the modern state, has been to establish legal limits on technologies of social control such as surveillance, documentation and normalisation. As restraints were sought to be placed on diffuse and diverse social practices — not on centralised, repressive state power — they were not sought in the name of ‘liberty’, but of ‘privacy’.
Nevertheless, the arguments for the protection of privacy were quite naturally assimilated into conventional rationales for political rights, meaning debates concerning the concept of privacy were grafted onto existing political discourse concerning the relationship between individual and state. The process is similar, in fact, to that identified by William Galston, who suggests an analogy between the treatment of sexual relations under the United States constitutional ‘right to privacy’ and the traditional legal immunity conferred on matters of religious conscience.[39]
Foucault rejected the Enlightenment concept that individuals could be liberated by an appeal to formal, legal rights. His criticism was that this is an inadequate way of framing political questions for two related reasons. First, an appeal to rights is also an appeal to a particular form of universalist, transcendental reason which purportedly grounds legitimate limits on power.[40] Secondly, he argued that an appeal to abstract rights obscures the actual operation of power, while reinforcing the anachronistic concept of power as something held by the sovereign.[41] In other words, Foucault saw the formal juristic mode of analysis and micro-technologies of social ordering as inextricably linked, but with the disciplinary and regulative force of the micro-technologies overwhelming legal limits on sovereign power.[42]
Foucault’s objections to an analysis based on universal rights do not, however, exclude the view that legal rights are an integral part of strategies of domination and resistance. As Colin Gordon has explained:
The deployment and application of law is, for Foucault, like everything else, not good or evil in itself, capable of acting in the framework of liberalism as an instrument for economizing and moderating the interventions of governmental power, necessary as an indispensable restraint on power in some contexts, uses, and guises; it is to be resisted as an encroaching menace in others.[43]
It is therefore possible to see the legal recognition of privacy as part of broader historical struggles for individual identity within totalising forms of political rationality. At times, the struggle is reflected in the recognition of legal limits on particular practices of social control. The timing of the establishment of legal limits may be related to responses to technologies and techniques that challenge conventional understandings of individual subjectivity. Thus, in late 19th century America, intensified press scrutiny challenged conventional notions of those aspects of an individual’s life that were ‘private’, and those that were ‘public’. Similarly, the techniques of social control used by mid-20th century totalitarianism were a major challenge to the self-understanding of subjects as free individuals. One response to this challenge was the emergence of international and European human rights instruments, which expressly incorporated rights to privacy.[44]
A comparable development can be seen in the emergence of information privacy laws in response to the widespread use of computers in the automated processing of personal information for the purposes of administration. It is possible to see similar crises emerging in the related deployment of new technologies — such as identity-related technologies (including radio frequency-based identity devices (‘RFID’) and biometrics), location-based services and ‘ambient intelligence technologies’ — as well as in the political response to terrorism.[45] It may be that the current challenges will also result in future forms of legal intervention. At the same time, the inherent vulnerability of legal forms of protection of privacy, in the face of processes of social ordering in the name of public welfare and security, needs to be acknowledged. In the current climate, the protection of privacy remains a continual process of negotiating limits, including legal limits, on a broad front: that of individual identities.
What does this analysis mean for the way in which we understand the legal protection of privacy?
First, legal protections given to privacy should not be regarded as protecting a transcendental, universal human essence. Rather, privacy laws can be usefully analysed as part of ongoing, historically-specific struggles over identity and forms of subjectivity, in the midst of totalising forms of social ordering. Sometimes privacy laws may entrench particular forms of subjectivity; sometimes they can be seen as part of complex struggles over diverse forms of subjectivity.
Secondly, following from this, privacy laws are an essential part of a social process of continual questioning of what it is to be human subjects. In other words, privacy is related both to a particular form of individuality that is integrated within overall patterns of social control and to forms of subjectivity that resist integration. As Foucault famously expressed this concept:
Maybe the target nowadays is not to discover what we are, but to refuse what we are. ... We have to promote new forms of subjectivity through the refusal of this kind of individuality which has been imposed on us for several centuries.[46]
For these reasons — because privacy is a focal point for political struggles over identity and because the struggles take place, in part, through privacy laws — the legal protection of privacy is a litmus test for the orientation of contemporary legal systems. In this sense, privacy can be seen as a regulatory principle between notions of the self as both determining and determined, as both autonomous and irredeemably dependent on the collective. To the extent that they are inherently associated with the paradoxical nature of modern individuality, privacy laws are also paradoxical: they simultaneously protect the ability of individuals to be self-defining, while also entrenching a particular, universalising notion of the self as a self-defining individual.
Privacy therefore belongs at the very centre of social and political struggles in contemporary, pluralistic societies. Moreover, the centrality of struggles over privacy allows us to understand the persistent tendency for privacy to colonise other rights, or to expand into a more general right of individual autonomy. This is seen clearly, for example, in the famous dissenting judgment of Brandeis J in Olmstead v United States, where his Honour referred to privacy as the ‘right to be let alone — the most comprehensive of rights and the right most valued by civilized men.’[47] A similar tendency is observed in decisions interpreting the privacy provisions in human rights treaties and conventions. In interpreting art 17 of the International Covenant on Civil and Political Rights, for example, the United Nations Human Rights Committee has stated that privacy includes a ‘sphere of a person’s life in which he or she can freely express his or her identity, be it by entering into relationships with others or alone.’[48]
This tendency for privacy to be construed as a general right to autonomy, thereby threatening to swallow other human rights, is explicable by the extent to which complex struggles over individual identity have, since the late 19th century, come to replace struggles for political liberty against repressive state power. Far from being an obscure or peripheral concept, the elusive nature of privacy results from the extent to which privacy is inextricably bound to complex debates over political and administrative rationality, human reason, individuality and forms of subjectivity — debates that have become central to modern Western political and philosophical traditions since, at least, the work of Friedrich Nietzsche. Given that power in modern Western societies is polyvalent and dispersed, not centralised and monolithic, the concept of privacy is likewise polymorphous and diffuse. The legal protection of individual privacy therefore promises not liberation from oppression, but merely ongoing struggles over identity.
It is important to distinguish the problems with defining the concept of privacy from the justifications for the protection of privacy.
Identifying the values underpinning the protection of privacy necessarily presupposes contested views concerning human nature and the nature of society. The process of analysis cannot be aimed at uncovering universal values underlying privacy any more than it can be aimed at deriving a universal definition of the concept of privacy. All that we can hope for is to draw on existing analyses of the concept of privacy and its social role in order to see where that leads.
To begin with, it is necessary to explain the basic distinctions drawn in the privacy literature. The first essential distinction that has been made by privacy theorists is between reductionist and coherentist accounts of privacy.[49] Reductionists argue that privacy is neither a single coherent concept nor a distinctive concept. According to reductionist views, therefore, privacy is reducible to other, more fundamental, concepts. Coherentists, on the other hand, maintain that the concept of privacy is intelligible because it is both coherent and distinctive.
Within coherentist accounts of privacy, a further basic distinction must be made between deontological and consequentialist accounts. Consequentialist approaches, commonly associated with some form of utilitarianism, assess the value of actions by first determining what is ‘good’, then defining ‘the right’ as that which promotes ‘the good’.[50] Deontological approaches, on the other hand, consider ‘right’ outcomes to be independent of whether or not the actions promote ‘good’ outcomes.
Although the distinction between deontological and consequentialist approaches is of fundamental importance in evaluating claims for the legal protection of privacy, it has often been poorly made by privacy theorists. It is therefore worth reiterating the basic features of each approach. For theorists who adopt a deontological position, the value of privacy is determined by the extent to which it is consistent with fundamental moral duties, not by the extent to which legal protection of privacy promotes desirable results, such as maximising social welfare. More specifically, the contrast between the two approaches can be seen as a choice between policies which have the objectives of maximising social welfare (usually conceived as the aggregate of summed utilities), and policies based on the protection of fundamental rights. As the unconstrained pursuit of welfare may infringe rights, there is an inherent tension between rights-based and utility-based approaches. In other words, rights-based approaches appear, at the very least, to entail the imposition of constraints on purely welfare-maximising policies.
In this part of the article, reductionist, deontological and consequentialist accounts of the value of privacy are explained and assessed. The implications of deontological and consequentialist accounts of privacy are then considered, and some conclusions drawn.
The most influential reductionist account of privacy was advanced by the American philosopher Judith Jarvis Thomson.[51] Thomson examined a number of factual situations that would conventionally be regarded as invasions of privacy, such as examining someone’s personal picture or eavesdropping on a conversation. In each case, Thomson concluded that there was an invasion of some other protected interest, such as property rights, rights to the integrity and physical safety of the person, or established rights of confidentiality.[52] For the purposes of simplification, Thomson recommended abandoning the search for a coherent concept of privacy in favour of focusing on less contentious rights, especially property rights and rights over the person.
Thomson’s argument rests on two propositions: first, that the various claims to privacy rights have nothing in common, such that the concept is incoherent; and secondly, that claims to privacy rights are not distinctive, but are reducible to claims to more fundamental rights, principally property rights and rights over the person.[53] Taking the second proposition first, Thomson’s argument is clearly based on an over-expansive view of what is encompassed by property rights and rights over the person. For example, Thomson suggests that property rights include the right that one’s possessions not be looked at, and that rights over the person include rights not to be looked at or to be overheard. In other words, claims to property rights or rights over one’s person may be exhausted without exhausting all claims to privacy rights. Moreover, claims to privacy rights may be less extensive than claims to property rights or rights over the person.[54] For instance, picking up and taking a pen may infringe a property right, but hardly seems to implicate any claims the owner might have to privacy.
Even if it were conceded that privacy rights are derivative, it does not necessarily follow that claims to privacy rights are incoherent. Determining whether there is something coherent about claims to privacy, however, ultimately depends upon the view adopted as to the social value of privacy.[55] In any case, it is sufficient to note that reductionist accounts, including the arguments advanced by Thomson, completely fail to capture the sense in which the concept of privacy is conventionally used in everyday language, quite apart from the technical, philosophical and legal literature. In other words, reductionists like Thomson are asking us to strain our understanding of the term ‘privacy’ beyond the limits of credibility.
If we accept the argument advanced above — that privacy is related to rationalising and normalising social practices — then the concept can hardly be confined to property rights and rights over the person, unless the concepts of property and the person are stretched beyond accepted meanings. By suggesting that privacy rights are reducible to property rights or rights over the person, Thomson ignores the most distinctive features of the social, political and legal discourses concerning privacy.
Deontological approaches to privacy emphasise the value placed on the autonomy and dignity of human beings and are, therefore, closely aligned with rights-based approaches.[56]
Those who adopt a deontological approach to the value of privacy invariably hold particular conceptions of what it is to be a ‘moral person’, in the sense in which that term is used in positions derived from Kantian ethics; that is, a person with desirable moral qualities, such as autonomy, rationality and the ability to enter meaningful relations with others. The best examples of deontological approaches to privacy may be found in the work of Charles Fried, Stanley Benn and Jeffrey Reiman, which will be discussed below.
Fried maintained that the concept of privacy is ultimately referable to a ‘principle of morality’, which consists of ‘the equal liberty of each person to define and pursue his values free from undesired impingements by others’.[57] An important corollary of this principle is that each person should be entitled to the respect of others to pursue his or her values unhindered, which Fried contended is an essential part of being a person. Fried argued that respect for others is necessarily associated with relationships of love, friendship and trust. The ability to enter into these relationships, in turn, depends upon the ability of a person to control private information and, so, to selectively reveal that information to intimate others.
According to Fried, then, privacy is valued because it is a necessary precondition for the formation of intimate relations, and essential to our concept of what it means to be a person.[58] Fried was explicit about the Kantian origins of his account:
The view of morality upon which my conception of privacy rests is one which recognizes basic rights in persons, rights to which all are entitled equally, by virtue of their status as persons. ... In this sense, the view is Kantian; it requires recognition of persons as ends, and forbids the overriding of their most fundamental interests for the purpose of maximizing the happiness or welfare of all.[59]
Benn proposed a deontological account of the value of privacy, while acknowledging the possibility that privacy might also have desirable consequences.[60] The deontological framework for Benn’s analysis was set by his central focus on establishing a justification for immunity from uninvited observation, even where there is no discernable harm to the subject. Thus, Benn contended that covert observation of a person is inconsistent with the respect due to each person as a moral being, mainly because covert observation changes the conditions of an activity without the permission of the subject. In outlining his understanding of the relationship between privacy and the fundamental ethical principle of respect for persons, Benn maintained that
a general principle of privacy might be grounded on the ... general principle of respect for persons. By a person I understand a subject with a consciousness of himself as agent, one who is capable of having projects, and assessing his achievements in relation to them. To conceive someone as a person is to see him as actually or potentially a chooser, as one attempting to steer his own course through the world ...[61]
Reiman has also linked privacy to concepts of personhood.[62] In doing so, he was critical of both Fried and Benn. Against Fried, Reiman argued that the ability to selectively withhold information forms too narrow a basis for intimate personal relations, which Reiman suggested are properly based on broader notions of interpersonal caring.[63] Reiman also maintained that individuals have a fundamental interest in privacy separate from the extent to which they are involved with intimate relationships, otherwise those incapable of forming such relationships could not claim a right to privacy.
Reiman considered Benn’s view — that privacy is justified by the moral principle of respect for persons as autonomous agents — to be more satisfactory. Nevertheless, Reiman was not persuaded by Benn’s argument that, although covert observation is inconsistent with the moral duty of respect for persons, casual observation — for example in a public place — is not inconsistent. Benn had argued that it is not every undesired observation that amounts to a breach of privacy, but only undesired observations of aspects of an individual that are relevant to the person’s identity. According to Benn, the content of privacy, being closely related to personal identity, is culture-dependent.[64] Reiman argued, however, that Benn merely assumed that one is entitled to have aspects of oneself that are related to personal identity exempt from unwanted observation, but failed to show how this follows from the moral principle of respect for persons as autonomous agents.
Thus, while Reiman agreed that the value of privacy is related to the principle of respect for morally autonomous individuals, he disagreed about the reason for this. For Reiman, privacy is essential to the social construction of personal identity because it enables an individual to experience moral ownership of his or her existence.[65] By this, Reiman meant that the ability to control whether or not one’s existence becomes part of another’s experience allows individuals to form a sense of themselves as separate moral persons. A sense of moral ownership of the self is related to the principle of respect for persons as autonomous agents because it is a precondition of moral autonomy.
Regardless of the differences in emphasis in the above accounts of the value of privacy, all deontological justifications share common features. First, in all of these accounts, privacy is related to the Kantian ethical principle of respect due to others as morally autonomous beings. Privacy, however, is not regarded as identical to moral autonomy, but as important for protecting or promoting autonomy. Secondly, privacy is connected to what it means to be a moral person, meaning a person possessing attributes such as autonomy and rationality. But the precise relationship between privacy and moral personhood varies in the different accounts. According to Fried, the ability to form intimate relations is a necessary attribute of personhood, and privacy is a precondition for intimate relationships. For Benn, respect for privacy is essential to moral personhood insofar as intrusions without consent alter the conditions in which a person can be rationally self-determining (which, on this view, requires information about whether or not one is being observed). Reiman, on the other hand, regards privacy as necessary in order for a person to develop a sense of moral ownership of his or her own experiences, which he regards as a precondition for moral autonomy. Thirdly, privacy is generally not seen as an ultimate value, but has value insofar as it is consistent with, or a condition for, a fundamental deontological rule, such as respect for persons.
Deontological accounts of the value of privacy present an extremely strong case for the protection of privacy in that, on this approach, an invasion of privacy is generally impermissible, even if it would produce ‘good’ consequences. These views dominated the American privacy literature that emerged from the late 1960s. The argument is essentially that privacy is necessary for individuals to be self-determining and that respect for the privacy of others is essential for human dignity. In this sense, the right to privacy is derivative of the right to respect for persons as morally autonomous beings.
Deontological approaches are, however, plagued by a well-known methodological weakness — they are based on culturally and historically contingent notions of personhood, including specific views of the individual subject, autonomy and reason. In particular, there are difficulties in reconciling the view that individuals are radically self-determining with an understanding that individuals are socially constructed. This is related to an underlying tension between the view that privacy is a precondition for moral autonomy, on the one hand, and the view that privacy is necessarily entailed in the principle of respect for human dignity, on the other. The tension arises because violating the principle of respect for others assumes that personal identity is influenced by social norms, whereas moral autonomy assumes independence from social influences.[66] One consequence of this would seem to be that insofar as a person is a morally autonomous individual, the need for the person to be treated with respect diminishes.[67]
As explained in Part II of this article, these difficulties can be addressed by abandoning the formalistic, universalising analysis of privacy favoured by neo-Kantian theorists in favour of a more specific understanding of how claims for the protection of privacy have arisen in the context of struggles over individual identity and power relations exercised through rationalising and normalising practices. Within these processes, deontological justifications for the legal protection of privacy can be seen both as a form of resistance to rationalisation and normalisation, and as a form of entrenching a particular view of the self as atomistic, individualistic and self-determining. This does not mean, however, that deontological justifications of a right to privacy should be ignored; merely that the universalistic pretensions they draw on are overly ambitious.
Consequentialist accounts justify privacy insofar as it produces desirable outcomes. Rigorous versions of consequentialism are forms of utilitarianism, whereby outcomes are determined by an aggregation, or maximisation, of individual utilities.
Utilitarian-influenced approaches are well-suited to evaluating which of a number of competing interests should prevail by reference to overall results. For example, a strict consequentialist could have no objection to an invasion of privacy that was necessary to produce a desirable outcome, such as the preservation of life or an increase in economic welfare. However, pure forms of consequentialism have considerable difficulties in dealing with arguments that rights should be respected regardless of the consequences.[68] As a simple example, a consequentialist might consider acceptable the publication of intimate details of an intercepted telephone conversation or, indeed, the placement of surveillance cameras inside a person’s home, if the invasion of privacy results in an increase in overall welfare.
Various strategies have attempted to reconcile consequentialism with rights-based approaches. These strategies commonly involve attempts at improving utilitarianism, often through some form of indirect utilitarianism. Indirect utilitarianism, such as R M Hare’s ‘rule utilitarianism’,[69] splits ethical principles into practical rules that apply to actual conduct and critical principles that are used to evaluate the practical rules.[70] According to such views, utility is best promoted by adopting practical principles, which may include respect for rights, which are then evaluated against the principle of utility. In this sense, then, rights may have a utilitarian justification.
The most prominent example of a utilitarian justification of a basic right is John Stuart Mill’s Principle of Liberty.[71] Leaving aside the considerable ambiguities in Mill’s formulation, the Principle of Liberty postulates a sphere of ‘self-regarding’ action that is immune from the interference of others, even if such interference would ordinarily be regarded as increasing overall welfare. Mill adopted this position because of the particular views he developed of happiness as the determinant of welfare. Drawing on the perfectionist tradition of moral thought, from Aristotle to von Humboldt, Mill regarded happiness not merely as the sum of pleasures over pain, but as the ability of the individual to be self-determining and self-improving. Mill’s Principle of Liberty is concerned with marking out an inviolable sphere of liberty, or sphere of autonomous decision-making; it is not concerned with privacy. Nevertheless, it is comparatively easy to construct a Mill-like indirect utilitarian justification for privacy. On this view, a sphere of privacy would be regarded as a necessary condition for the promotion of self-determining, autonomous individuals. In truth, a Millian justification for the value of privacy is therefore difficult to distinguish from deontological justifications.
However, those who have favoured explicitly consequentialist views of privacy have generally not been indirect utilitarians. H J McCloskey, for example, simply regarded the protection of privacy as justified to the extent that it promotes what are, for him, the more fundamental goods of human happiness, justice and liberty.[72] This led him to conclude, in general terms, that if concerns about privacy come into conflict with more fundamental concerns regarding liberty of action, invasions of privacy should be accepted, and social attitudes adjusted accordingly.
The discipline of modern welfare economics, based on the standard of Pareto optimality, is a much more rigorous form of analysis than other consequentialist accounts of privacy. Responding to the difficulties of comparing interpersonal utilities, Pareto developed a criterion that is indifferent to interpersonal comparisons.[73] Under this standard, if a change in resource allocation would increase the welfare of at least one individual, and not decrease the welfare of any other individual, the change is desirable and is known as Pareto superior. If it is impossible to make any such improvements in resource allocation the situation is known as Pareto optimal.[74] Some of the weaknesses of this approach are, however, evident from Richard Posner’s treatment of privacy.[75]
Posner restricted his focus to the economics of personal information, which he held has value only insofar as it results in an increase in welfare. He argued that an individual should be able to prevent the unauthorised disclosure of personal information if this would undermine incentives for the production of that information.[76] Unlike commercial information, such as trade secrets, personal information is generally not costly to produce. As such, making it freely available is unlikely to undermine incentives. On the other hand, Posner contended that non-disclosure of personal information often entails social costs. Such costs include the costs that may be imposed by the individual being able to mislead those with whom he or she deals.[77] Moreover, Posner argued that where others (such as a magazine publisher) value personal information more highly than the data subject, if transaction costs are high relative to the value of the information, rights to the information should be assigned away from the data subject.[78] Where the social costs of not protecting personal information outweigh the social benefits of disclosure, however, Posner maintained that the law should prevent unauthorised disclosure.[79]
In this respect, Posner argued that if private communications were not protected by the law, social costs would generally outweigh any benefits of disclosure. These social costs would include the steps taken to prevent eavesdropping, which would impede effective communications, and presumably the uneconomic efforts of potential eavesdroppers to circumvent attempts at protecting private communications. On the other hand, if a communication lacks social value, such as a private discussion between criminals, Posner concluded that surveillance is justified.
Although this form of analysis provides clear criteria for assessing alternative policy formulations, it is beset by well-rehearsed difficulties facing much consequentialist thinking, especially forms of analysis derived from utilitarianism. A fundamental difficulty is that impersonal social goals always outweigh the interests and values of particular individuals.[80] This criticism has a number of dimensions.[81] First, traditional welfarism requires the interest of the individual to be sacrificed where this would be necessary to maximise overall welfare. Secondly, a focus on maximising the sum of utilities means that distributional concerns are excluded from the analysis. Thirdly, welfarism conflates analysis of what may be rationally maximising for an individual with what is rationally maximising for society. In other words, although it may be rational for an individual to suffer a short-term loss of utility in return for a long-term increase in utility, this does not necessarily mean that it is rational for the utility of one person to be sacrificed for a greater increase in the utility of others.[82]
Like deontological justifications, consequentialist accounts are plagued by universalistic, ahistorical views of what it is to be a human subject. In the case of consequentialism, however, these views determine the goal to which behaviour is directed rather than what amounts to a right action. Most welfare economics, for example, is characterised by the proposition that, under certain conditions, social welfare is maximised by individuals pursuing their self-interest, narrowly defined to exclude considerations relating to the interests of others or to procedural fairness. As Amartya Sen has pointed out, these assumptions are arbitrary and are based on an exceedingly narrow view of rational behaviour.[83] Moreover, as Sen further explained, conventional welfare economics conflates the goal of individual behaviour with the desired outcome, both of which are defined as ‘utility maximisation’.[84]
This is inadequate in a number of respects. First, it is inaccurate to regard rational behaviour as entirely self-interested, as a rational individual may clearly take other considerations into account in formulating choices, such as the interests of others or fairness of procedures. In other words, a rational individual may well make choices that do not result in the maximisation of his or her utility. Secondly, and perhaps more importantly, this unduly narrow approach undermines the ability of a rational individual to make a reasoned assessment of goals and values.
Adopting this perspective helps to explain how the low value placed on individual control of personal information in Posner’s analysis results from a form of definitional legerdemain which is characteristic of much economically-influenced analysis. First, Posner ignores individual preferences for preventing disclosure of personal information by defining utility purely in terms of monetary value, thereby denying that personal information has value for the individual. Secondly, Posner does not consider individual preferences that place some value on a social order in which individual control of personal information is respected. Thirdly, Posner excludes essentially deontological considerations relating to the value of a society which accords respect to individual
decision-making. Fourthly, Posner’s analysis fails to account for the extent to which some control of personal information may be relevant to the ability of individuals to make future decisions, or to be rationally self-determining.
If privacy is understood within the context of overall social processes of rationalisation and normalisation, and as integral to struggles over self-definition, the difficulties consequentialist accounts face in taking privacy seriously are comprehensible. In particular, by valuing a purely instrumental concept of reason, welfarism can be seen as privileging impersonal social objectives over human values, such as the ability of individual subjects to define themselves and respect for human dignity. Strict welfarist analysis is therefore completely implicated in processes of rationalisation and normalisation, suggesting that it is especially ill-suited as a means for analysing the value of privacy. It is only if the models of the individual subject and of human reason underlying welfarism are enriched in ways suggested by Mill and Sen — by including values such as the ability of the individual to determine his or her own ends — that consequentialism is ever likely to be sympathetic to privacy. The implication of such a broad approach would be to constrain the untrammelled pursuit of welfarist objectives by the protection of individual rights, however formulated. However, broadening the approach in this way would seem to introduce the universalistic pretensions that plague deontological approaches to privacy.
The generally unsympathetic treatment of privacy by the Australian legal system, including the failure to recognise a right to privacy, is linked to the overwhelmingly consequentialist orientation of Anglo-Australian society, as well as the traditional hostility of Australian common law to recognition of natural rights. In an influential 1985 article, Hugh Collins argued that the dominant features of Australian legal and political ideology conformed closely to Jeremy Bentham’s political philosophy, especially its commitment to utilitarianism, legalism and positivism.[85] Collins commented that:
Customary observations on Australia’s political habits reflect the distinguishing characteristics of the Benthamite ideology. Thus, from Bryce onwards, observers have remarked on the attachment to interests rather than ideas in Australian politics. ... The utilitarian psychology in Australia legitimizes the pursuit of interest, while the dominance of the ideology negates the possibility of a genuine battle of ideas.[86]
If some recent academic commentary on privacy is any indication, little has changed since this statement was written. For example, in a reversal of deontological justifications for protecting privacy, Carolyn Doyle and Mirko Bagaric argue that unconstrained access by others to one’s personal information enhances individual autonomy. In support of this surprising conclusion, they claim that:
If the whole world knows my address, (natural) hair color, ethnicity, political persuasion and income why will that frustrate my desire to become a professional tennis player, travel overseas, have a family, drink lots of beer most Saturday nights and write the occasional paper? In fact, it is just as likely that the opposite is true. The more that people know about me, the more likely it is that my plans will be realised.[87]
These views would seem not only to embody, in a form of extreme consequentialism, an impoverished understanding of what might be entailed in self-definition, but also a disturbingly monolithic approach to defining desirable social objectives. In short, a society that is obsessed with maximising material welfare is unlikely to be sympathetic to the values underpinning the protection of privacy.
Privacy laws have developed in distinct historical stages. In the earliest stages, some immunity from interference was guaranteed by laws protecting property rights and rights over the person.[88] This was generally sufficient, given the accepted social understandings and levels of technological development at the time. The development of privacy laws has always been related to both changing social and cultural understandings of the value of privacy and to technological developments.[89] This part of the article concentrates on the most recent stage in
the evolution of privacy laws — the emergence of information privacy (or data protection) laws — and considers the relationship of such laws to the general concept of privacy.
From the 19th century, government and business administration has been increasingly reliant upon information management systems, initially paper-based, and then later involving automated punch card systems.[90] In the late 19th and early 20th centuries, there were considerable advances in the development of techniques for more efficient processing of paper-based information, such as Hollerith’s tabulating device for processing punched cards with census information.[91] Paper-based techniques for information management were, however, completely revolutionised by the stored-program computer, which began to come into use from the late 1950s. The use of the computer for information management drew upon previous conceptions of ‘information processing’ as a form of mass production.[92]
The post-World War II period saw the emergence of the welfare state, and a corresponding increase in the need for efficient information collection and processing for social planning purposes. The computer was seen as a means of improving rational information management techniques, eventually leading to proposals for the introduction of large national databanks of personal information.[93] In the United States, government agencies, responding to the need to deal with large amounts of information, were instrumental in the early commercialisation of the then unproven machine. As Paul Ceruzzi has pointed out, ‘[t]he first customers for commercial computers were military or government agencies, who hoped these machines could manage the information that was paralyzing their operations’.[94] Thereafter, United States government agencies and private sector organisations that held large amounts of personal information progressively converted their paper files into electronic databases.
A 1965 report of the Social Science Research Council proposed the establishment of a single repository of government statistical information.[95] Although the proposal was rejected, abiding concerns about the misuse of automated data systems led to the appointment of an Advisory Committee on Automated Personal Data Systems in 1972.[96] The Advisory Committee developed a code of practice, which it termed ‘fair information practices’, to apply to the collection, storage, use and dissemination of personal information.[97] The Committee’s proposals were embodied in the Privacy Act of 1974, 5 USC § 552(a) (1988) (‘Privacy Act of 1974’), which applied the fair information practices to federal government agencies; established penalties for improper disclosure; gave individuals a right of access to their files; and provided an opportunity to correct errors. The code of fair information practices recommended by the Committee and contained in the Privacy Act of 1974 have been influential in the development of information privacy laws throughout the world.[98]
At the same time that concerns relating to the computerisation of personal information led to the development of fair information practices in the United States, similar concerns resulted in the development of the European concept of ‘data protection’ (Datenschutz).[99] The European legal response was also motivated by proposals to merge separate government databanks into a single repository. For example, in the late 1960s, the Swedish government proposed to merge census, registration and taxation information into a single databank, and in the early 1970s there were similar plans in a number of German states.[100] These proposals led directly to the introduction of the first information privacy laws, notably the data protection law of the German state of Hesse in 1970[101] and the 1973 Swedish Datalag.[102]
Unlike the United States’ response, the first European laws were not expressly linked to the protection of individual privacy, but were concerned with ensuring that the new techniques of data processing conformed to overall social objectives, including data security and the accuracy of computerised records.[103] The first data protection laws therefore used highly technical terminology, such as ‘data bank’ and ‘data file’. Moreover, as it was envisaged that records would be retained in a relatively small number of large databanks, some of the laws imposed requirements for registration and licensing of databanks.[104]
As Viktor Mayer-Schönberger has explained, as it became clear that data processing would not be confined to a limited number of centralised databanks, the technocentric approach of the initial data protection laws became unsustainable.[105] Instead of regulating such technology, European data protection laws turned towards reinforcing individual rights. Whereas the first data protection laws had provided rights of access and correction, these were seen as necessary mainly to ensure the accuracy of information held in databanks. However, data protection laws passed in the last half of the 1970s, such as the French,[106] Austrian[107] and Norwegian[108] laws, were based on recognising individual rights over personal information, including rights to refuse processing of data for certain purposes (such as direct marketing) and limited rights to prevent dissemination of data. Moreover, a right to information privacy was expressly recognised as a constitutional right in Austria,[109] Spain[110] and Portugal.[111] The second wave of European data protection laws therefore reflected attempts to combine a focus on the process of data management with concerns for protecting individual rights to privacy.
Just as earlier technologies and institutions challenged concepts of individual identity within the context of the integration of individuals into overall social processes of rationalisation and normalisation, the development of computerised processing of personal information in the 1960s and 1970s represented a new, more intense stage in the instrumentalist organisation of society. It seems hardly coincidental that this historical period was characterised by the emergence of the ‘politics of identity’. Further, it is not surprising that the computerisation of personal records met with social resistance, including calls for the legal regulation of data processing.
By the late 1970s, experience with automated processing of personal data resulted in similarities in the European and American approaches to the problem of regulating data protection.[112] There were, however, important differences in the social and political background to the development of information privacy policies in the United States on the one hand, and in Europe on the other.
The European approach to data protection must be seen in the context of the 20th century struggle against totalitarianism. The European experience of mid-20th century totalitarianism resulted in a deep suspicion of any attempts by centralised authorities to increase their capacity for surveillance of individuals. Moreover, the activities of the secret police in the totalitarian regimes of Eastern Europe and the Soviet Union, which focused on monitoring individuals and collecting personal information in extensive (and often inaccurate) filing systems, provided a continuing example of the repressive use of information management techniques.[113] European data protection law is part of the broader European project of building institutions and practices, including the EU itself, which are intended to ensure that the horrors of European totalitarianism are not revisited.[114]
The American approach to information privacy developed from a different social and political tradition. The American polity can be said to be based upon two quite distinct values: the ‘liberal’ commitment to limited government and the ‘republican’ emphasis on participation in democratic decision-making.[115] Paul Schwartz, for example, has explained the translation of these values into constitutional norms in the following terms:
The United States Constitution establishes a framework for a debate among citizens about the nation’s institutional relationships and fundamental values. One way this document does so is by providing critical controls on the State; its provisions carefully establish the government’s structure and limit its behavior. The Constitution also contains provisions that indicate concern for individual self-determination. Its Bill of Rights and Civil War Amendments contain the most important language in this regard.[116]
The tension between these two fundamental values is evident in the evolution of information privacy policies in the United States. The first stage of policy development, resulting in the application of fair information practices to personal information held by the public sector pursuant to the Privacy Act of 1974, can be seen, in part, as an expression of the liberal suspicion of centralised government and a corresponding preference for imposing limits on state power. At the same time, by introducing individual rights of access and correction, the Privacy Act of 1974 could be seen as supporting the right of an individual to participate in decisions relating to the management of personal information. The first stage in the development of information privacy law in the United States can therefore be regarded as a response to the threat of automated data processing which drew upon elements of both the liberal and the republican traditions.
The emergence of national information privacy laws in the late 1970s raised the possibility that inconsistent standards would act as a barrier to the increasingly important transfer of data across national borders. This was, nevertheless, also a time marked by considerable policy convergence in the European and American responses to data processing. Colin Bennett has suggested that the factors which led to this policy convergence included the common features of data processing technology and the appearance of an elite group of international policy experts who informally shared approaches and experiences.[117] Bennett explains the process of national policy development in the following terms:
For the pioneers, the United States and Sweden, the convergence resulted from independent and indigenous analyses that traveled along the same learning curve and arrived at the same conclusion. For West Germany, and other countries such as Canada, France, Norway, Denmark and Austria that legislated in the late 1970s, the convergence followed from the mutual process of lesson drawing within an international policy community. For Britain, and other laggards such as the Netherlands, Japan, and Australia, the convergence has resulted from the pressure to conform to international standards for mainly commercial reasons.[118]
International concerns regarding the adverse consequences of possibly inconsistent national standards led to the drafting of two important international instruments: the Council of Europe’s Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data[119] and the Organisation for Economic Co-operation and Development Guidelines Governing the Protection of Privacy and Transborder Flows of Personal Data (‘OECD Guidelines’).[120] These instruments reflected a consensus that had emerged in relation to general principles applicable to the collection, storage, use and disclosure of personal information. The general principles, known as ‘fair information practices’ (the American terminology) or ‘data protection principles’ (the European terminology), and termed ‘First Principles’ by Joel Reidenberg,[121] represent an attempt to balance the competing values of information privacy and the free flow of information.
International consensus on the data protection principles represented a considerable achievement, which has resulted in the principles forming the template for all subsequent national information privacy laws. Nevertheless, even at a time of convergence in international policy-making, there were underlying tensions between the fundamental approaches of the United States on the one hand, and Europe on the other. Justice Michael Kirby, who chaired the international Expert Group that was responsible for developing the OECD Guidelines, explained the tensions within the group in the following terms:
Within the Expert Group there were brilliant antagonists. The chief US delegate, Mr William Fishman, expressed with great clarity the American commitment to the free flow of data and of ideas. The head of the French delegation, Mr Louis Joinet, led those in the Expert Group who were alarmed by the dangers to individual privacy of completely unrestrained collections of personal data, vastly expanded in quantity and kind by the new technology. Each protagonist spoke with sincere conviction and gathered supporters. The contemporary state of technology meant that US business interests stood to gain from the growth of informatics and the spread of transborder data flows. The French and European business interests, on the other hand, coincided generally with restrictions insistent upon privacy protection. Not for the first time, philosophy and law followed trade.[122]
In retrospect, given the different policy motivations behind the American and European approaches, and the fundamentally different orientations of the two social systems, it is not surprising that the consensus resulting in common data protection principles was short lived. The subsequent history of information privacy law is therefore largely one of diverging American and European approaches, which has effectively framed the policy choices facing other jurisdictions considering privacy law reform, including Australia. Before discussing these choices, however, it is necessary to analyse the particular justifications for information privacy laws in greater detail.
As explained in Part II of this article, the introduction of computer and data processing in the 1960s was one of the main reasons for the emergence, at that time, of American legal and philosophical literature dealing with the concept of privacy. This was reflected in the number of privacy theorists who defined privacy relatively narrowly in terms of control of personal information. The practical requirements for the operation of modern governments and markets, however, mean that it is impossible for individuals to assert complete control over their personal information. The objective of information privacy policies must therefore be conceived in terms of balancing individual control over personal information with the instrumental objectives of rational administration and efficient markets.
Assessing justifications for information privacy laws depends upon understanding the extent to which considerations relating to information privacy differ from considerations relating to other forms of privacy. Data processing presents different policy challenges because it is so ubiquitous. To the extent that the functioning of modern societies depends upon the circulation of personal information, purely individualistic forms of legal protection are an inadequate means for dealing with privacy issues arising from data processing.[123] As Bennett has argued:
What is needed is a more holistic perspective that sees data protection as a process that involves a wide network of actors (data users, data subjects, and regulators) all engaged in the co-production of data protection. The successful implementation of data protection requires a shift in organizational culture and citizen behavior. Data protection is a learning exercise that involves a mutual process of education and mediation from the bottom up as much as it involves regulatory command from the top down.[124]
The legal and social mechanisms for dealing with data processing are therefore necessarily different from the mechanisms for dealing with other forms of privacy intrusion.
The legal and social mechanisms for dealing with data processing, which require a degree of comprehensiveness approaching the activity of data processing itself, have built on the ‘fair information practices’ or ‘data protection principles’, which establish broad guidelines or standards for the regulation of processes or practices, rather than on hard-edged rules for determining whether an intrusion is actionable. The precise nature of the principles adopted, however, should conform to the particular orientation of the legal and social system in question.
Like general arguments for the legal protection of privacy, the rationales conventionally given for information privacy laws may be divided into deontological and consequentialist justifications. It is important to be clear about how the justifications for information privacy laws differ from justifications for privacy laws more generally.
As with deontological accounts of the value of privacy more generally, deontological justifications for information privacy laws have been concerned with the potential for data processing to undermine the respect due to individuals as self-determining, autonomous moral agents.
How, then, do deontological objections to data processing differ from deontological accounts of privacy more generally? To begin with, the benefits of data
processing are largely the result of the efficiency with which computer technologies enable the collection of relatively small, discrete amounts of personal information and their aggregation into larger, more comprehensive ‘dossiers’ concerning an individual. Initial responses to the use of the computer in data processing were characterised by Orwellian fears that the compiled information would be misused to increase state control at the expense of the individual. Schwartz expressed these concerns in the following terms:
In today’s information society, extensive collections of data relating to identifiable persons are typically organized in extensive computer data banks. This kind of data processing creates a potential for suppressing a capacity for free choice: the more that is known about an individual, the easier it is to force his obedience. Through the use of their data banks, the state and private organizations can transform themselves into omnipotent parents and the rest of society into helpless children.[125]
The fears were essentially that the increased information available from data processing could provide the means for the development of totalitarian practices, whereby non-conforming individuals would be somehow marginalised, disciplined or ‘disappeared’. The experience of 20th century European totalitarianism provided the context for suspicions of the activities of central governments upon which such fears have arisen. Fears that governments have an in-built propensity to use surveillance technologies against individuals, and particularly against non-conformists, have become almost the standard reaction to any increase in the ability of governments to extend surveillance capabilities. This has been seen recently in the reactions to plans for increased surveillance capabilities following the terrorist attacks of 11 September 2001.[126]
While surveillance capabilities are always open to abuse, the main deontological objections to data processing have not been premised on the possible misuse of information by the state. The concerns have instead been related to data processing as a form of ongoing surveillance or monitoring of individuals, and to how this may foster social conformity. The main objections have centred on the extent to which data processing may result in the collection of detailed information about an individual without the consent (or knowledge) of the individual concerned. This, it is argued, has a propensity to undermine individual autonomy because it alters the conditions upon which individuals make decisions.
The ever-present threat of surveillance through the collection and processing of personal data, which Roger Clarke terms ‘dataveillance’,[127] thereby inhibits individual decision-making and creates the conditions for a form of self-censorship. David Flaherty, for example, has pointed out that:
The existence of dossiers containing personal information collected over a long period of time can have a limiting effect on behavior; knowing that participation in an ordinary political activity may lead to surveillance can have a chilling effect on the conduct of a particular individual.[128]
This form of objection to data processing is directly related to Benn’s analysis of covert observation, referred to in Part III(B) of this article. For example, in explaining how data processing can inhibit decision-making, Jerry Kang refers to Benn’s objections that covert observation ‘brings one to a new consciousness of oneself, as something seen through another’s eyes.’[129]
Apart from concerns that data processing compromises autonomous
decision-making, data processing has been said to undermine human dignity. Since becoming widespread, data processing has been one of the main instruments for increasing bureaucratic rationalisation. The collection and processing of large amounts of personal data has become essential for planning in the public and private sectors. Although necessary to the functioning of modern societies, data processing is a deeply impersonal form of social practice, which entails treating individual data subjects in instrumental terms — as means rather than ends. Moreover, by subsuming the individual data subject into an impersonal bureaucratic process, data processing can be seen as having a normalising effect.[130]
In this sense, then, deontological objections to data processing have some common ground with fears of the potential misuse of increased information in totalitarian practices but are, in fact, quite different. Totalitarian fears are based on the prospect that surveillance will be used by authoritarian regimes to control individual behaviour, especially the behaviour of dissidents. Data processing, however, is not consciously targeted at controlling behaviour or creating social conformity.[131]
Therefore, we can see that deontological objections to data processing, like deontological justifications of privacy more generally, build on essentially Kantian concepts of autonomy and dignity. They differ from general deontological justifications of privacy, however, mainly in the way in which they are directed against impersonal social processes of rationalisation and normalisation, which are seen as undermining individual autonomy, and not at particular invasions of privacy by the state or other individuals. In this sense, as further explored below, deontological objections to data privacy can be linked to the important philosophical and political tradition that is characterised by a fundamental disquiet with the perceived excesses of Western political and administrative rationality and found in thinkers as diverse as Weber, Heidegger, Foucault and Habermas. This is hardly surprising given that, despite the considerable differences between such thinkers, each owes an intellectual debt to Kant.
However the objectives of data protection are specified, data protection laws based on consequentialist considerations must maximise the social benefits of data processing and minimise the costs.[132] This will commonly take the form of a conventional welfarist calculus of costs and benefits, weighing the social benefits of data processing against the interests of individuals about whom the information is collected and processed. In some circumstances, such as where a law is aimed at ensuring the accuracy of information upon which an important decision will be made, the overall social benefit may coincide with the interests of an individual data subject. In other circumstances, however, there may be an apparent conflict between the social benefits of information processing and individual interests. Applying a conventional welfarist analysis to such circumstances will mean that the interest of the individual must be subordinated to overall social welfare.
The social benefits of laws that regulate data processing are easy to explain. Data processing is necessary for the functioning of governments and markets. Government decisions, including decisions relating to individuals and social planning decisions, require access to personal information. Decisions by private firms, including marketing and production decisions, and decisions relating to the provision of credit also require access to personal information. The functions of data processing are compromised to the extent that data are inaccurate, incomplete or of poor quality. Inaccurate, incomplete or poor quality information will result in poor quality business decision-making and poor social planning.
However, the extensive amounts of information that governments and private firms hold about individuals makes it impossible for all of the information to be completely accurate all of the time. Given the costs of information management, tolerance of a certain level of inaccuracy may well be cost-effective for the individual firm or government agency. Decisions made on the basis of poor quality information, however, can have serious consequences for the individual in question, leading, for example, to withdrawal of welfare payments, imposition of fines or failure to obtain credit. Furthermore, if the individual does not have access to the reasons for decisions, it may be difficult to challenge poor decisions made on the basis of poor information. These costs to the individual will also entail flow-on social costs. Information privacy laws therefore have the purely instrumentalist objective of maximising the social benefits of data processing, primarily by ensuring optimal accuracy of the personal information. A common way of expressing this is to say that information privacy laws promote ‘good’ information management practices.
Consequentialist justifications for information privacy laws depend, of course, on the particular conception of the ‘good’ adopted. A welfarist approach will be concerned to optimise the efficiency of data processing. Adopting such an approach, a consequentialist justification of information privacy laws differs from consequentialist justifications of privacy in general, in that legal regulation of information privacy may be considered necessary in order to minimise the social costs of data processing. However, if individual preferences for privacy are not factored in, it will be more difficult to formulate a welfarist justification for other forms of privacy law. Following from this, the overwhelmingly consequentialist orientation of the Australian legal system can be seen in the commencement of a comprehensive Commonwealth public sector information privacy law in 1989,[133] and the recent rash of information privacy laws, which can be readily contrasted with the persistent failure to recognise a general right to privacy by either the courts or the legislature.
Information privacy or data protection laws based on purely consequentialist considerations have a tendency to become narrowly focused on improving technocratic procedures of information management, rather than addressing the privacy implications of data processing. This tendency is the source of much criticism of current information privacy laws. Simon Davies, for example, has argued that:
data-protection acts generally have serious limitations. One of the broadest deficiencies is that they are seldom privacy laws. They are information laws, protecting data before people. Instead of being concerned with the full range of privacy and surveillance issues, they deal only with the way personal data is collected, stored, used and accessed.[134]
Yet an information privacy regime must, in the final analysis, choose between maximising the net social benefits of data processing and protecting individual rights. Particular national regimes can be placed on a spectrum between pure rights-based and consequence-based approaches. Rights-based and consequence-based approaches have different implications for the form of information privacy laws, but also represent different responses to the processes of social rationalisation and normalisation which this article has suggested are central to concerns relating to the concept of privacy.
Max Weber was the first to attempt to systematically investigate technocratic rationality, in the sense of the emergence of purely instrumentalist forms of bureaucratic or market processes, along with the tension between technocratic rationality and the Enlightenment ideal of autonomous individuals.[135] Weber’s concept of rationalisation, which was central to his analysis of Western civilisation, was complex, based on distinctions between purpose-oriented and value-oriented rational action, and formal and substantive rationality.[136]
Purpose-oriented rational action is characterised by an approach in which an action is valued as the best means of achieving an end, rather than being valuable in itself. Value-oriented action, on the other hand, is based on a belief in the absolute value of the behaviour itself, irrespective of the consequences. According to Weber, few actual actions are purely oriented in either of these two ways.[137]
Nevertheless, in his analysis of capitalism, Weber saw economic activity as increasingly characterised by purpose-oriented rational action. It was in his analysis of capitalist economic activity that Weber introduced the distinction between formal and substantive rationality. Formal rationality is closely associated with the market, involving the calculation of costs and benefits directed to economic ends.[138] The concept of substantive rationality, on the other hand, is concerned with determining the value of the system as a whole which, for Weber, depended ultimately upon subjective value judgements.[139] Weber was critical of the dominance of purpose-oriented, formal rationality in Western capitalist societies because of what he saw as the overvaluation of economic ends and the erosion of individual freedom.[140] At the same time, Weber was ambiguous about bureaucratic rationalisation, seeing it as indispensable to the efficient administration of modern social systems, but also as profoundly dehumanising, turning the individual into a cog in an impersonal social machine.[141] Weber’s response to the irreversible rationalisation of life was essentially that, in a society without objective values, human dignity requires that each individual choose the values by which to live, thereby conferring meaning on life.[142]
From this brief review of Weber’s work, it is possible to see how analysis of approaches to data processing can be linked to fundamental tensions within the liberal political tradition. Processes of economic and bureaucratic rationalisation require that continual attention be given to maximising the net benefits of data processing for the overall social good. This, however, assumes that the good is identical to economic efficiency. The liberal attachment to the ideal of individual autonomy, on the other hand, is based on the proposition that individuals should be free to determine their own concept of the good. Insofar as rationalisation is an irreversible feature of modern Western societies, such societies are inevitably caught between these two orientations which, in effect, reflect the fundamental split in the Cartesian subject, between the rational subject and the empirical subject. Information privacy laws are also caught between these two orientations.
Information privacy laws that reflect a welfarist, consequentialist approach do not challenge economic and bureaucratic rationalisation; they reinforce it. At the same time, such an approach reflects a particular view of the subject as an atomistic, self-interested individual. Insofar as rationalisation confers social benefits, however, a consequentialist approach is, to an extent, valuable and unavoidable.
The position of information privacy laws that reflect a rights-based, deontological approach is more complex. On this approach, the ability of the data subject to make fundamental decisions about his or her own life demands that he or she have rights over data processing, even if recognition of such rights undermines the efficiency of data processing. At the same time, traditional deontological approaches embody specific, universalistic views of the moral subject and human reason. To the extent that laws embody a particular tradition of moral universalism, they can be seen as privileging certain forms of subjectivity, and thereby also promoting social normalisation.
The problem of how to deal with rationalising and normalising forces within society — forces which, as we have seen, are often characterised as privacy issues — raises central questions concerning the ethical foundations of legal systems within post-Enlightenment societies. In this regard, choices must be made concerning the extent to which it is possible to attempt to rationally reconstruct the Enlightenment project, however imperfectly, or whether any such attempt necessarily entails the dangers of reinforcing totalising forms of power and undermining social pluralism. In other words, can the universalising tendencies of the Western tradition still be seen as somehow liberating, or are they invariably oppressive?
Adopting a Foucauldian perspective, however, the role of the legal system within fragmented, pluralistic societies, whose functioning depends upon extra-legal forms of rationalising power, is fundamentally partial and ambivalent; sometimes limiting rationalisation, sometimes reinforcing it. On the one hand, if a legal system adopts a purely consequentialist, instrumentalist approach to regulatory practices such as data processing, then it can be seen as better integrating individuals within impersonal social processes, while promoting and obscuring the operation of those processes. On the other hand, the adoption of a rights-based approach, especially in a legal system that is fundamentally consequentialist in orientation, is likely to make the values involved in impersonal social processes more transparent. In short, a rights-based approach to regulating data processing may reinforce the integration of individuals within impersonal social processes as much as a consequentialist approach, but may also promote greater transparency about the social processes themselves, and the possibility of a diversity of social reactions to these processes.
If it is desirable for post-Enlightenment societies to encourage a diversity of views concerning what it means to live in such societies, and a diversity of life choices, then debates concerning the foundations of legal rules regulating rationalising processes must be encouraged. A rights-based approach to regulating data processing should not, therefore, be seen primarily as protecting the freedom of individuals to make their own life choices, but as creating opportunities for debates concerning social processes, especially processes such as data processing that can be characterised as dehumanising or impersonal. The possibilities for such debates are enhanced when individuals have the ability to participate in decisions relating to data processing, or mount legal challenges in relation to specific practices. This improves the understanding of such practices, as well as of the relationship between totalising and rationalising practices and individual identity formation.
Is it possible to map the main conceptual justifications for information privacy laws, outlined above, to legal approaches taken to information privacy laws? This part of the article commences that task by explaining the increasing differences between the American and European approaches to data processing. Following the brief period of convergence in American and European legal responses to the concerns raised by data processing — which resulted in the adoption of the ‘First Principles’ as an international standard in the early 1980s — European and American legal approaches to data processing have diverged. The differences in approach are not mere accidents of history, but reflect profoundly different conceptions of the role of government, and of the law, within the European and American social and legal systems.
In summary, drawing from the liberal strand of the American political tradition, the United States’ approach to information privacy has been predominantly non-interventionist and mainly concerned with protecting individuals from government interference. Flowing from this, United States policy has tended to favour the free flow of information over individual privacy rights. Thus, while the Privacy Act of 1974 applied the fair information practices to the federal public sector, there is no comprehensive information privacy law applying information privacy principles to the private sector. Instead, information privacy laws have been enacted on an ad hoc basis to deal with problems as they have arisen in specific sectors, such as in relation to credit information,[143] financial institutions[144] and video rentals.[145] Data processing in the private sector is therefore largely left to be regulated by the market, or by industry self-regulation, rather than by law.[146]
In Europe, on the other hand, data protection is regarded as a fundamental human right. Legal protection of information privacy is seen as a necessary condition for citizenship, as well as being necessary for the development of a desirable society. Rather than taking individuals as they are, the European approach views social cohesion as premised on laws that guarantee rights. In explaining the contrast with the American approach, Reidenberg has characterised what he refers to as European ‘social protection’ norms in the following way:
Under this governance philosophy, public liberty derives from the community of individuals and law is the fundamental basis to pursue norms of social and citizen protection. This vision of governance generally regards the state as the necessary player to frame the social community in which individuals develop, and information practices must serve individual identity. Citizen autonomy, in this view, effectively depends on a backdrop of legal rights.[147]
Rather than negatively protecting the ability of individuals to order their lives as they think fit, the European approach views rights as constitutive of the ability of individual citizens to participate in society.
The contrast is deep-seated. On the one hand, the American approach takes autonomous individuals as given, and conceives the role of the law as one of setting limits on government in order to secure pre-existing individual autonomy. On the other hand, the European approach regards individual autonomy as being only fully realised in society, and conceives an important role for the law in creating the conditions for autonomous individuals as participating members of a community.[148]
Given the relatively conceptual approach taken to data protection in Europe, it is important for those from different legal cultures to examine the sources of the European approach in greater detail. The European approach can be seen as an essential element in the ambitious project of building a new, transnational law-based polity designed to prevent the disasters of the mid-20th century. In relation to data protection, the general approach is reflected in the requirement for EU member states to enact comprehensive data protection laws pursuant to the 1995 Directive on the Protection of Individuals with regard to the Processing of Personal Data and the Free Movement of Such Data.[149] The Data Protection Directive, which established new benchmarks for the protection of personal data of EU citizens, should be seen as building upon developments in information privacy laws in EU member states.
The single most important national development in this respect was the decision of the German Constitutional Court in the 1983 Census case, which recognised a ‘right to informational self-determination’.[150] The Census case concerned the federal Census Act of 1983,[151] which required the collection of detailed information, including information concerning the use of transportation services and of public utilities, for social planning purposes, and allowed the information to be shared with local government authorities. The Constitutional Court held that, in certain respects, the legislation infringed provisions of the German Basic Law (Grundgesetz), namely art 1(1), which establishes the central constitutional value of human dignity, and art 2(1), which protects personality rights, including the right to free development of the personality.[152]
In recognition of the need for fundamental constitutional values to adapt to technological change, namely the development of data processing, the German Constitutional Court formulated a constitutionally-guaranteed ‘right to informational self-determination’, essentially meaning ‘the authority of the individual to decide fundamentally for himself, when and within what limits personal data may be disclosed’.[153] The decision represented a recognition that the preservation of human dignity and individual autonomy, which are recognised as fundamental constitutional values, required a degree of individual control over data processing.[154] In this respect, the Constitutional Court stated that ‘an individual must be protected against unlimited collection, storage, use and transmission of personal data ... as a consequence of the free development of personality under modern conditions of data processing.’[155]
The decision also recognised that complete loss of control of personal data could inhibit individuals from exercising other fundamental rights, including the rights of assembly and freedom of expression. At the same time, to the extent that the exercise of fundamental rights is premised on the existence of a community, the Constitutional Court held that the ‘right to informational self-determination’ could be limited in the event of an overriding public interest. Thus, the Court acknowledged that it was permissible for census information to be collected for social planning purposes, but only on the condition that adequate safeguards were in place, including safeguards to ensure the anonymity of respondents.[156] The Census Act of 1983 was therefore required to be amended in order to ensure that the necessary safeguards were put in place.
The ‘right to informational self-determination’ is an attempt to apply the fundamental German constitutional concepts of respect for human dignity and individual autonomy to the context of data processing. Given the Kantian understanding of autonomy as self-determination within a law-based community, this entails more than the imposition of negative limits on data processing activities — it also includes the positive ability of individual data subjects to participate in decisions relating to data processing. Moreover, these participation rights were conceived as extending to all stages of data processing, encompassing collection, use, storage and disclosure of personal information.[157] Following the German Constitutional Court’s decision, individual rights to participate in data processing were recognised in a number of national laws of European states, including Germany, Norway, Austria and Finland, in the late 1980s and early 1990s.[158]
Nevertheless, reliance on individual participation rights within the concept of the ‘right to informational self-determination’ was, in practice, found to provide inadequate protection for individuals, mainly because of the power imbalance between data processors and individual data subjects. This meant that individuals would commonly fail to exercise their rights to participate in data processing, or that those rights would be readily bargained away. The result of this experience was the development in the 1990s of European approaches that built upon participation rights, while attempting to provide greater protection for individual data subjects — including greater protection for ‘sensitive’ personal information and sectoral-specific laws, such as those applying to health information.
The historical evolution of national European data protection laws provides the essential background to understanding the 1995 Data Protection Directive. The development of the Data Protection Directive must also be seen within the context of the transformation of the EU from a purely economic union into a political union.[159] As a matter of European law, the Data Protection Directive rests on the necessity of removing differences in order to promote the free flow of personal information to better achieve an Internal Market.[160] As Spiros Simitis explains, however, the transition into a political union, while not compelling the adoption of a data protection directive, effectively meant that any such directive would approach the regulation of data processing from within the framework of fundamental rights and freedoms, thereby establishing a ‘high level’ of protection of personal data.[161]
The rights-based approach to data protection is evident in both the recitals to the Data Protection Directive and in its substantive articles. The importance of this framework in establishing a ‘high level’ of protection is seen most clearly in recital 10, which provides that:
Whereas the object of the national laws on the processing of personal data is to protect fundamental rights and freedoms, notably the right to privacy, which is recognized both in Article 8 of the European Convention for the Protection of Human Rights and Fundamental Freedoms and in the general principles of Community law; whereas, for that reason, the approximation of those laws must not result in any lessening of the protection they afford but must, on the contrary, seek to ensure a high level of protection in the Community.[162]
The historical development of the specifically European approach to data protection may be seen in a number of central features of the Data Protection Directive. First, the Data Protection Directive applies minimum principles to all stages of data processing, generally not distinguishing between collection, storage, use or disclosure.[163] Secondly, a rights-based approach to data protection is found throughout the Data Protection Directive including, for example, articles that provide for rights of access and rectification,[164] and rights to object to the processing of personal data for the purposes of direct marketing.[165] Thirdly, the Data Protection Directive allows, in certain instances, for mandatory standards of protection that cannot be contracted out of by data subjects. For example, under art 8(1), sensitive personal data, including data concerning race, political opinion or religious belief, generally cannot be subject to data processing. Although provision is made for the processing of sensitive data with the consent of the data subject, the ability of member states to prohibit processing of such data even with consent is expressly preserved.[166] Moreover, the requirements for consent under the Data Protection Directive are quite rigorous. Article 2(h) defines the ‘data subject’s consent’ as being ‘any freely given specific and informed indication of his wishes by which the data subject signifies his agreement to personal data relating to him being processed.’[167]
Despite the political compromises that were necessary in the process of formulating the Data Protection Directive, it is clear that it establishes a new, much higher, level of protection of personal information than the broad standards set in the earlier period of convergence of data processing approaches.
Moreover, the Data Protection Directive is consciously designed to promote international convergence at this higher level of protection. Given the transborder nature of data processing, it was considered necessary to establish a mechanism to ensure that the personal data of EU citizens was protected in the event that it was transferred outside the borders of member states. This mechanism, established pursuant to ch IV of the Data Protection Directive, essentially requires member states to prohibit the transfer of personal data to third countries where the third country fails to ensure an ‘adequate’ level of protection for the data.[168] The threat of a ‘data embargo’ has provided the basis for the EU to enter into negotiations with third countries, with a view to ensuring a level of protection consistent with the European rights-based approach.
While EU member states, both individually and collectively, were refining a rights-based approach to data protection, information privacy policy in the United States proceeded in a different direction. Since the Reagan administration, United States economic policy has largely been characterised by a neo-liberal belief in the primacy of the market, and a corresponding commitment to ‘deregulation’ and minimum intervention in market processes. This pro-market orientation has also characterised American information privacy laws which, apart from the introduction of sector-specific laws, have remained frozen since the formulation of the fair information practices in the 1970s.[169]
With the growth in the commercial use of the internet from the mid-1990s, the neo-liberal suspicion of government regulation combined with the liberal First Amendment commitment to the free flow of information, reinforced the American preference for private sector solutions to information privacy. Thus, in response to the requirement under the EU Data Protection Directive that third countries provide ‘adequate’ protection, the United States claimed that industry self-regulation was capable of satisfying the Directive’s standards. The 1997 Clinton–Gore policy statement, entitled A Framework for Global Electronic Commerce, for example, included the following response to the EU Data Protection Directive:
To ensure that differing privacy policies around the world do not impede the flow of data on the Internet, the United States will engage its key trading partners in discussions to build support for industry-developed solutions to privacy problems and for market driven mechanisms to assure customer satisfaction about how private data is handled.[170]
With the commencement of the Data Protection Directive on 25 October 1998, the incompatible approaches to the protection of personal information created tensions between the EU and the United States. The requirement under the Data Protection Directive that third countries provide ‘adequate’ protection to the personal data of EU citizens brought these tensions to a head. The EU saw the ‘adequacy’ requirement as a means for pressing the United States to adopt comprehensive data protection laws.[171]
At the same time, it was inconceivable for either the EU member states or the United States to contemplate the commercial consequences of an interruption in data flows between Europe and the United States. To prevent this from happe