Data Privacy: A Deontological Perspective

The information age has brought forth conveniences that were unimaginable less than a century ago. It is unprecedented for society to have access to seemingly unlimited information that is accessible from almost anywhere in the world. The internet has networked millions of databases and personal computers around the world into a fully integrated information platform. The emergence of this platform along with contemporary data management techniques has transformed the way that companies do business, making consumer data a hot commodity. The contemporary trend of gathering, managing, and interpreting data has provoked much debate regarding the ethical boundaries of the collection and dissemination of personal information in regards to privacy.


Because of its key role in collecting, analyzing and interpreting data, many of the problems, and opportunities, of big data are also those of market research. The use of personal data for marketing purposes “has become a defining social feature of the internet. “ This technology has created unprecedented opportunities for marketers to culminate and interpret information to generate more timely and relevant insights. It is a major challenge to leverage this wealth of information within an ethical framework.

Information privacy can be defined as “the desire of individuals to control or have some influence over data about themselves." Considering the vastness of the internet as well as the obligation to provide personal information to companies to use their services and order their products, maintaining any control over our personal information is becoming increasingly more difficult. Once the information is out there, it can be impossible to get it back and individuals have little or no control over how that information is used and disseminated.

The purpose of this article is to explore this issue from a deontological perspective to consider the rights that individuals have in regards to information privacy, as well as the source of this right and the corresponding duties that individuals and companies must pledge to uphold this right. I will argue that information privacy should be a legal right only to the extent that society values privacy and upholds a mutual duty to contribute to the academic process of discovering weaknesses in current information privacy protection and suggesting better alternatives for the establishment of more relevant laws and regulations.

Big Data and Market Research

Big data is a term used to capture the process of “storing, securing, and analyzing” the massive incoming data being gathered by large organizations. Organizations can cultivate a wealth of insight through the management and analysis of collected data. Because of modern web services such as web 2.0 technologies, consumers are more willing to share personal information. Firms collect information about customers through their websites to capture their needs and strategically use the information for customized promotions. New technologies allow organizations to use this abundance of personal information to refine target demographics, predict market trends, and cater to consumer needs like never before.

Information Privacy

Information privacy refers to the concept of controlling how one’s personal information is acquired and used. Conflict between appropriate use of personal information and individuals’ right to information privacy is one of the most serious ethical issues of the information age. Paul Pavlou discusses four distinct dimensions of privacy: Privacy of person, behavior privacy, communication privacy, and data privacy. For the sake of the issue at hand, communication privacy and data privacy can both be classified as information privacy. This information is used for a variety of reasons. Data such as email addresses, phone numbers, credit card numbers, physical addresses, etc. are generally used for advertisement and commerce purposes. Part of the information privacy concern is related to protecting this form of information from being used in ways other than those disclosed such as selling it to third parties. There are also frequent cases of security breaches which are more common for small e-commerce retailers with limited security features to protect customer information.

Information such as age, ethnicity, geographical location, etc. is generally used for evaluating consumer trends within specific demographics. Communication privacy and data privacy can be culminated and intelligently processed to analyze consumer behavior. For example, companies monitor consumer shopping behavior to make ads more relevant. Social media communication also provides behavioral information directly from the source and allows companies to monitor current trends. Another privacy concern is regarding the plethora of sensors that surround us in our technological devices that can be used to spy on unsuspecting users. This is an issue that could perhaps be beyond the scope of regulations and be more of an issue of security software to protect users from such threats.

Privacy Self-Management

Privacy self-management has its origins in the Fair Information Practices, which appeared in a 1973 report by the U.S. Department of Health, Education, and Welfare to address concerns about the increasing digitization of data. The principles included: Transparency of record systems of personal data, the right to notice about such record systems, the right to prevent personal data from being used for new purposes without consent, the right to correct or amend one’s records, and responsibilities on the holders of data to prevent its misuse. The Fair Information Practices failed to specify what data may be collected or how it may be used. Instead, most forms of data collection, use, and disclosure are permissible under the Fair Information Practices if individuals have the ability to self-manage their privacy – that is, if they are notified and provide consent.

The guidelines established by the Fair Information Practices only offer a framework to enable people to manage their own privacy. This means that it is the responsibility of the individual to thoroughly read disclosures that they sign online and protect and manage their own information. Privacy self-management envisions an informed and rational person who makes appropriate decisions about whether to consent to various forms of collection, use, and disclosures of personal data, but empirical evidence and social science literature demonstrate that people’s actual ability to make such informed and rational decisions does not even come close to the vision contemplated by privacy self-management. This illustrates a severe problem with the idea of data self-management.

Very few people actually read the disclosures that they sign online and with the plethora of software used today, it would be near impossible to have time to read them all. Even if one did, they are often filled with legal terminology that the average person does not understand. Many people even lack the technical knowledge to modify their privacy settings on websites. The lack of ability for the average technology user to understand and manage their own technology calls for a need for more concrete regulations in regards to how organizations can collect, use, and disseminate data.

A Deontological Perspective of Information Privacy

For the purpose of understanding the ethicality of information privacy, it is necessary to contemplate the issue within an ethical framework. Deontology, or rights and duties, focuses on doing things that are right in themselves, rather than right because of their consequences, establishing the moral act as “the act which recognizes the rights of others and the duties that those rights impose on the actor." This ethical approach is appropriate for the assessment of information privacy because for one to claim a right to privacy of information there must be corresponding duties. Joseph Gilbert asserts that “a right is worthless if no one has a corresponding duty."

To determine the duties that must be imposed to protect information privacy, one must first consider the source of any right that individuals have to this privacy. Gilbert establishes four basic sources through which rights can be derived: human rights, legal rights, position rights, and contract rights. It could be difficult to establish information privacy as a human right, and even if one did manage to devise a compelling argument to convince us that it is, it would do little to aid in the protection of this right. To protect a human right would require legislation and regulation which would make it a legal right, but as previously discussed our current legislation has limitations. Information privacy could be viewed as a contract right, but only in specific cases where contracts exist to establish such rights. Finally, the last source of rights, being those obtained through position, is not applicable to information privacy. This reasoning would suggest that any rights that we have to the privacy of our information would need to be established as legal rights to determine appropriate duties that facilitate the protection of such rights.

As previously discussed, the guidelines established by the Fair Information Practices only offer a framework to enable people to manage their own privacy, but this is insufficient. Due to our need for more relevant legislation and regulations, we must establish duties that would bring forth relevant protection according to the needs expressed by the people. Information privacy is a complex issue, and so to impose laws too hastily could result in more laws that do not effectively accomplish their purpose. This is why it must be a duty of the people to come to a consensus regarding what rights we should have to information privacy and work to establish a more appropriate framework for protecting these rights. The initial duties are imposed on academia to establish the duties that must be upheld by government as well as individuals to facilitate the rights agreed upon through consensus.

Conclusion

I have argued that information privacy should be a legal right only to the extent that society values privacy and upholds a mutual duty to contribute to the academic process of discovering weaknesses in current information privacy protection and suggesting better alternatives for the establishment of more relevant laws and regulations. Information privacy is a complex issue that requires constant vigilance to protect, for technology is rapidly changing along with means for acquiring personal data. This means that there is a progressive academic duty to revise information privacy material to maintain relevance in contemporary issues. There is also a duty on the individual level to contribute to the democratic process of establishing laws and regulations that correspond to society’s value of privacy and academia’s progress in establishing the best means of delivering this privacy.

Resources

Nunan, D., & Di Domenico, M. (2013). Market research and the ethics of big data. International Journal Of Market Research, 55(4), 2-13.

Solove, D. J. (2013). Privacy self-management and the consent dilemma. Harvard Law Review, 126(7), 1880-1903.

Bélanger, F., & Crossler, R. E. (2011). Privacy in the digital age: A review of information privacy research in information systems. MIS Quarterly, 35(4), 1017-A36.

Pavlou, P. A. (2011). State of the information privacy literature: Where are we now and where should we go?. MIS Quarterly, 35(4), 977-988.

Smith, H., Dinev, T., & Xu, H. (2011). Information privacy research: An interdisciplinary review. MIS Quarterly, 35(4), 980-A27.

Gilbert, J. (2012). Ethics for managers: Philosophical foundations and business realities. New York, NY: Routledge.