Information privacy is the relationship between the collection and dissemination of
data
In the pursuit of knowledge, data (; ) is a collection of discrete Value_(semiotics), values that convey information, describing quantity, qualitative property, quality, fact, statistics, other basic units of meaning, or simply sequences of sy ...
,
technology
Technology is the application of knowledge to reach practical goals in a specifiable and Reproducibility, reproducible way. The word ''technology'' may also mean the product of such an endeavor. The use of technology is widely prevalent in me ...
, the public
expectation of privacy
Expectation of privacy is a legal test which is crucial in defining the scope of the applicability of the privacy protections of the Fourth Amendment to the United States Constitution. It is related to, but is not the same as, a ''right to privac ...
legal
Law is a set of rules that are created and are law enforcement, enforceable by social or governmental institutions to regulate behavior,Robertson, ''Crimes against humanity'', 90. with its precise definition a matter of longstanding debate. ...
and
political
Politics (from , ) is the set of activities that are associated with making decisions in groups, or other forms of power relations among individuals, such as the distribution of resources or status. The branch of social science that stud ...
issues surrounding them. It is also known as data privacy or data protection.
Data privacy is challenging since attempts to use data while protecting an individual's privacy preferences and personally identifiable information. The fields of
computer security
Computer security, cybersecurity (cyber security), or information technology security (IT security) is the protection of computer systems and networks from attack by malicious actors that may result in unauthorized information disclosure, t ...
,
data security
Data security means protecting digital data, such as those in a database, from destructive forces and from the unwanted actions of unauthorized users, such as a cyberattack or a data breach.
Technologies
Disk encryption
Disk encryption refe ...
, and
information security
Information security, sometimes shortened to InfoSec, is the practice of protecting information by mitigating information risks. It is part of information risk management. It typically involves preventing or reducing the probability of unauthorize ...
all design and use software, hardware, and human resources to address this issue.
Authorities
Laws
Authorities by country
Information types
Various types of
personal information
Personal data, also known as personal information or personally identifiable information (PII), is any information related to an identifiable person.
The abbreviation PII is widely accepted in the United States, but the phrase it abbreviates ha ...
often come under privacy concerns.
Cable television
This describes the ability to control what information one reveals about oneself over cable television, and who can access that information. For example, third parties can track IP TV programs someone has watched at any given time. "The addition of any information in a broadcasting stream is not required for an audience rating survey, additional devices are not requested to be installed in the houses of viewers or listeners, and without the necessity of their cooperations, audience ratings can be automatically performed in real-time."
Educational
In the United Kingdom in 2012, the Education Secretary Michael Gove described the National Pupil Database as a "rich dataset" whose value could be "maximised" by making it more openly accessible, including to private companies. Kelly Fiveash of ''
The Register
''The Register'' is a British technology news website co-founded in 1994 by Mike Magee, John Lettice and Ross Alderson. The online newspaper's masthead sublogo is "''Biting the hand that feeds IT''." Their primary focus is information te ...
'' said that this could mean "a child's school life including exam results, attendance, teacher assessments and even characteristics" could be available, with third-party organizations being responsible for anonymizing any publications themselves, rather than the data being anonymized by the government before being handed over. An example of a data request that Gove indicated had been rejected in the past, but might be possible under an improved version of privacy regulations, was for "analysis on sexual exploitation".
Financial
Information about a person's financial transactions, including the amount of assets, positions held in stocks or funds, outstanding debts, and purchases can be sensitive. If criminals gain access to information such as a person's accounts or credit card numbers, that person could become the victim of fraud or
identity theft
Identity theft occurs when someone uses another person's personal identifying information, like their name, identifying number, or credit card number, without their permission, to commit fraud or other crimes. The term ''identity theft'' was c ...
. Information about a person's purchases can reveal a great deal about that person's history, such as places they have visited, whom they have contact with, products they have used, their activities and habits, or medications they have used. In some cases, corporations may use this information to
target
Target may refer to:
Physical items
* Shooting target, used in marksmanship training and various shooting sports
** Bullseye (target), the goal one for which one aims in many of these sports
** Aiming point, in field artillery, f ...
individuals with
marketing
Marketing is the process of exploring, creating, and delivering value to meet the needs of a target market in terms of goods and services; potentially including selection of a target audience; selection of certain attributes or themes to emph ...
customized towards those individual's personal preferences, which that person may or may not approve.
Internet
The ability to control the information one reveals about oneself over the internet, and who can access that information, has become a growing concern. These concerns include whether
email
Electronic mail (email or e-mail) is a method of exchanging messages ("mail") between people using electronic devices. Email was thus conceived as the electronic ( digital) version of, or counterpart to, mail, at a time when "mail" mean ...
can be stored or read by third parties without consent, or whether third parties can continue to track the websites that someone visited. Another concern is if websites one visited can collect, store, and possibly share personally identifiable information about users.
The advent of various
search engines
A search engine is a software system designed to carry out web searches. They search the World Wide Web in a systematic way for particular information specified in a textual web search query. The search results are generally presented in a ...
and the use of data mining created a capability for data about individuals to be collected and combined from a wide variety of sources very easily. The FTC has provided a set of guidelines that represent widely accepted concepts concerning fair information practices in an electronic marketplace called the Fair Information Practice Principles.
To avoid giving away too much personal information, emails should be encrypted. Browsing of web pages as well as other online activities should be done trace-less via "anonymizers", in case those are not trusted, by open-source distributed anonymizers, so called
mix net
Mix, mixes or mixing may refer to:
Persons & places
* Mix (surname)
** Tom Mix (1880-1940), American film star
* nickname of Mix Diskerud (born Mikkel, 1990), Norwegian-American soccer player
* Mix camp, an informal settlement in Namibia
* Mix ...
s, such as
I2P
The Invisible Internet Project (I2P) is an anonymous network layer (implemented as a mix network) that allows for censorship-resistant, peer-to-peer communication. Anonymous connections are achieved by encrypting the user's traffic (by using ...
Virtual Private Networks
A virtual private network (VPN) extends a private network across a public network and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. The be ...
) are another "anonymizer" that can be used to give someone more protection while online. This includes obfuscating and encrypting web traffic so that other groups cannot see or mine it.
Email isn't the only internet content with privacy concerns. In an age where increasing amounts of information is online, social networking sites pose additional privacy challenges. People may be tagged in photos or have valuable information exposed about themselves either by choice or unexpectedly by others, referred to as
participatory surveillance
Participatory surveillance is community-based monitoring of other individuals. This term can be applied to both digital media studies and ecological field studies. In the realm of media studies, it refers to how users surveil each other using the ...
. Data about location can also be accidentally published, for example, when someone posts a picture with a store as a background. Caution should be exercised when posting information online, social networks vary in what they allow users to make private and what remains publicly accessible. Without strong security settings in place and careful attention to what remains public, a person can be profiled by searching for and collecting disparate pieces of information, worst case leading to cases of
cyberstalking
Cyberstalking is the use of the Internet or other electronic means to stalk or harass an individual, group, or organization. It may include false accusations, defamation, slander and libel. It may also include monitoring, identity theft, thre ...
or reputation damage.
Cookies are used in websites that users may allow the website to retrieve some information from user's internet which it usually does not mention what the data being retrieved is. It is a common method used to monitor and track users' internet activity. In 2018, the General Data Protection Regulation (GDPR) passed regulation that forces websites to visibly disclose to consumers their information privacy practices, referred to as cookie notices. This was issued to give consumers the choice of what information about their behavior they consent to letting websites track, however its effectiveness is controversial. Some websites may engage in deceptive practices such as placing the cookie notices in places on the page that are not visible, or only giving consumers notice that their information is being tracked, but not allowing them to change their privacy settings.Apps like Instagram and Facebook collect user data for a personalised app experience, however they track user activity on other apps which jeopardises user's privacy and data.
Locational
As location tracking capabilities of mobile devices are advancing (
location-based service
A location-based service (LBS) is a general term denoting software services which use geographic data and information to provide services or information to users. LBS can be used in a variety of contexts, such as health, indoor object search, en ...
s), problems related to user privacy arise. Location data is among the most sensitive data currently being collected. A list of potentially sensitive professional and personal information that could be inferred about an individual knowing only their mobility trace was published in 2009 by the Electronic Frontier Foundation. These include the movements of a competitor sales force, attendance of a particular church or an individual's presence in a motel, or at an abortion clinic. A recent MIT study by de Montjoye et al. showed that four spatio-temporal points, approximate places and times, are enough to uniquely identify 95% of 1.5 million people in a mobility database. The study further shows that these constraints hold even when the resolution of the dataset is low. Therefore, even coarse or blurred datasets provide little anonymity.
Medical
People may not wish for their medical records to be revealed to others due to the confidentiality and sensitivity of what the information could reveal about their health. For example, they might be concerned that it might affect their insurance coverage or employment. Or, it may be because they would not wish for others to know about any medical or psychological conditions or treatments that would bring embarrassment upon themselves. Revealing medical data could also reveal other details about one's personal life. There are three major categories of medical privacy: informational (the degree of control over personal information), physical (the degree of physical inaccessibility to others), and psychological (the extent to which the doctor respects patients’ cultural beliefs, inner thoughts, values, feelings, and religious practices and allows them to make personal decisions).
Physicians and psychiatrists in many cultures and countries have standards for
doctor–patient relationship
The doctor–patient relationship is a central part of health care and the practice of medicine. A doctor–patient relationship is formed when a doctor attends to a patient's medical needs and is usually through consent. This relationship is bu ...
s, which include maintaining confidentiality. In some cases, the
physician–patient privilege
Physician–patient privilege is a legal concept, related to medical confidentiality, that protects communications between a patient and their doctor from being used against the patient in court. It is a part of the rules of evidence in many comm ...
is legally protected. These practices are in place to protect the dignity of patients, and to ensure that patients feel free to reveal complete and accurate information required for them to receive the correct treatment.
To view the United States' laws on governing privacy of private health information, see
HIPAA
The Health Insurance Portability and Accountability Act of 1996 (HIPAA or the Kennedy– Kassebaum Act) is a United States Act of Congress enacted by the 104th United States Congress and signed into law by President Bill Clinton on August 21, 1 ...
and the
HITECH Act
The Health Information Technology for Economic and Clinical Health Act, abbreviated the HITECH Act, was enacted under Title XIII of the American Recovery and Reinvestment Act of 2009 (). Under the HITECH Act, the United States Department of Health ...
. The Australian law is th Privacy Act 1988 Australia as well as state-based health records legislation.
Political
Political privacy
The secret ballot, also known as the Australian ballot, is a voting method in which a voter's identity in an election or a referendum is anonymous. This forestalls attempts to influence the voter by intimidation, blackmailing, and potential vot ...
has been a concern since
voting system
An electoral system or voting system is a set of rules that determine how elections and referendums are conducted and how their results are determined. Electoral systems are used in politics to elect governments, while non-political elections m ...
s emerged in ancient times. The secret ballot is the simplest and most widespread measure to ensure that political views are not known to anyone other than the voters themselves—it is nearly universal in modern
democracy
Democracy (From grc, δημοκρατία, dēmokratía, ''dēmos'' 'people' and ''kratos'' 'rule') is a form of government in which people, the people have the authority to deliberate and decide legislation ("direct democracy"), or to choo ...
and considered to be a basic right of
citizenship
Citizenship is a "relationship between an individual and a state to which the individual owes allegiance and in turn is entitled to its protection".
Each state determines the conditions under which it will recognize persons as its citizens, and ...
. In fact, even where other rights of privacy do not exist, this type of privacy very often does. Unfortunately, there are several forms of voting fraud or privacy violations possible with the use of digital voting machines.
Legality
The legal protection of the right to privacy in general – and of data privacy in particular – varies greatly around the world.
Laws and regulations related to Privacy and Data Protection are constantly changing, it is seen as important to keep abreast of any changes in the law and to continually reassess compliance with data privacy and security regulations. Within academia, Institutional Review Boards function to assure that adequate measures are taken to ensure both the privacy and confidentiality of human subjects in research.
Privacy concerns exist wherever personally identifiable information or other
sensitive information
Information sensitivity is the control of access to information or knowledge that might result in loss of an advantage or level of security if disclosed to others.
Loss, misuse, modification, or unauthorized access to sensitive information can ...
is collected, stored, used, and finally destroyed or deleted – in digital form or otherwise. Improper or non-existent disclosure control can be the root cause for privacy issues. Informed consent mechanisms including
dynamic consent
Dynamic consent is an approach to informed consent that enables on-going engagement and communication between individuals and the users and custodians of their data. It is designed to address the many issues that are raised by the use of digital t ...
are important in communicating to data subjects the different uses of their personally identifiable information. Data privacy issues may arise in response to information from a wide range of sources, such as:
* Healthcare records
*
Criminal justice
Criminal justice is the delivery of justice to those who have been accused of committing crimes. The criminal justice system is a series of government agencies and institutions. Goals include the rehabilitation of offenders, preventing other ...
investigations and proceedings
* Financial institutions and transactions
* Biological traits, such as
genetic material
Nucleic acids are biopolymers, macromolecules, essential to all known forms of life. They are composed of nucleotides, which are the monomers made of three components: a 5-carbon sugar, a phosphate group and a nitrogenous base. The two main clas ...
*
Residence
A residence is a place (normally a building) used as a home or dwelling, where people reside.
Residence may more specifically refer to:
* Domicile (law), a legal term for residence
* Habitual residence, a civil law term dealing with the status ...
and geographic records
*
Privacy breach
Privacy law is the body of law that deals with the regulating, storing, and using of personally identifiable information, personal healthcare information, and financial information of individuals, which can be collected by governments, public o ...
*
Location-based service
A location-based service (LBS) is a general term denoting software services which use geographic data and information to provide services or information to users. LBS can be used in a variety of contexts, such as health, indoor object search, en ...
and
geolocation
Geopositioning, also known as geotracking, geolocalization, geolocating, geolocation, or geoposition fixing, is the process of determining or estimating the geographic position of an object.
Geopositioning yields a set of geographic coordinates ...
persistent cookie
HTTP cookies (also called web cookies, Internet cookies, browser cookies, or simply cookies) are small blocks of data created by a web server while a user is browsing a website and placed on the user's computer or other device by the user's ...
s
*
Academic research
Research is " creative and systematic work undertaken to increase the stock of knowledge". It involves the collection, organization and analysis of evidence to increase understanding of a topic, characterized by a particular attentiveness ...
Protection of privacy in information systems
As heterogeneous information systems with differing privacy rules are interconnected and information is shared,
policy appliances Policy appliances are technical control and logging mechanisms to enforce or reconcile policy rules (information use rules) and to ensure accountability in information systems. Policy appliances can be used to enforce policy or other systems const ...
will be required to reconcile, enforce, and monitor an increasing amount of privacy policy rules (and laws). There are two categories of technology to address privacy protection in
commercial
Commercial may refer to:
* a dose of advertising conveyed through media (such as - for example - radio or television)
** Radio advertisement
** Television advertisement
* (adjective for:) commerce, a system of voluntary exchange of products and s ...
IT systems: communication and enforcement.
;Policy communication
*P3P – The Platform for Privacy Preferences. P3P is a standard for communicating privacy practices and comparing them to the preferences of individuals.
;Policy enforcement
*
XACML
XACML stands for "eXtensible Access Control Markup Language". The standard defines a declarative fine-grained, attribute-based access control policy language, an architecture, and a processing model describing how to evaluate access requests a ...
– The Extensible Access Control Markup Language together with its Privacy Profile is a standard for expressing privacy policies in a machine-readable language which a software system can use to enforce the policy in enterprise IT systems.
* EPAL – The Enterprise Privacy Authorization Language is very similar to XACML, but is not yet a standard.
* WS-Privacy - "Web Service Privacy" will be a specification for communicating privacy policy in web services. For example, it may specify how privacy policy information can be embedded in the
SOAP
Soap is a salt of a fatty acid used in a variety of cleansing and lubricating products. In a domestic setting, soaps are surfactants usually used for washing, bathing, and other types of housekeeping. In industrial settings, soaps are use ...
envelope of a web service message.
;Protecting privacy on the internet
On the internet many users give away a lot of information about themselves: unencrypted e-mails can be read by the administrators of an
e-mail server
Within the Internet email system, a message transfer agent (MTA), or mail transfer agent, or mail relay is software that transfers electronic mail messages from one computer to another using SMTP. The terms mail server, mail exchanger, and MX host ...
if the connection is not encrypted (no
HTTPS
Hypertext Transfer Protocol Secure (HTTPS) is an extension of the Hypertext Transfer Protocol (HTTP). It is used for secure communication over a computer network, and is widely used on the Internet. In HTTPS, the communication protocol is enc ...
), and also the
internet service provider
An Internet service provider (ISP) is an organization that provides services for accessing, using, or participating in the Internet. ISPs can be organized in various forms, such as commercial, community-owned, non-profit, or otherwise privat ...
and other parties sniffing the network traffic of that connection are able to know the contents.
The same applies to any kind of traffic generated on the Internet, including
web browsing
Web navigation refers to the process of navigating a Computer network, network of web resource, information resources in the International World Wide Web Conference, World Wide Web, which is organized as hypertext or hypermedia. The user interface ...
,
instant messaging
Instant messaging (IM) technology is a type of online chat allowing real-time text transmission over the Internet or another computer network. Messages are typically transmitted between two or more parties, when each user inputs text and trigge ...
, and others.
In order not to give away too much personal information, e-mails can be encrypted and browsing of webpages as well as other online activities can be done traceless via
anonymizer
An anonymizer or an anonymous proxy is a tool that attempts to make activity on the Internet untraceable. It is a proxy server computer that acts as an intermediary and privacy shield between a client computer and the rest of the Internet. It acce ...
s, or by open source distributed anonymizers, so-called
mix network
Mix networks are routing protocols that create hard-to-trace communications by using a chain of proxy servers known as ''mixes'' which take in messages from multiple senders, shuffle them, and send them back out in random order to the next dest ...
s.
Well-known open-source mix nets include I2P – The Anonymous Network and
Tor
Tor, TOR or ToR may refer to:
Places
* Tor, Pallars, a village in Spain
* Tor, former name of Sloviansk, Ukraine, a city
* Mount Tor, Tasmania, Australia, an extinct volcano
* Tor Bay, Devon, England
* Tor River, Western New Guinea, Indonesia
Sc ...
.
;Improving privacy through individualization
Computer privacy can be improved through individualization. Currently security messages are designed for the "average user", i.e. the same message for everyone. Researchers have posited that individualized messages and security "nudges", crafted based on users' individual differences and personality traits, can be used for further improvements for each person's compliance with computer security and privacy.
United States Safe Harbor program and passenger name record issues
The
United States Department of Commerce
The United States Department of Commerce is an executive department of the U.S. federal government concerned with creating the conditions for economic growth and opportunity. Among its tasks are gathering economic and demographic data for bus ...
created the
International Safe Harbor Privacy Principles
The International Safe Harbor Privacy Principles or Safe Harbour Privacy Principles were principles developed between 1998 and 2000 in order to prevent private organizations within the European Union or United States which store customer data from ...
certification program in response to the 1995 Directive on Data Protection (Directive 95/46/EC) of the European Commission. Both the United States and the European Union officially state that they are committed to upholding information privacy of individuals, but the former has caused friction between the two by failing to meet the standards of the EU's stricter laws on personal data. The negotiation of the Safe Harbor program was, in part, to address this long-running issue. Directive 95/46/EC declares in Chapter IV Article 25 that personal data may only be transferred from the countries in the
European Economic Area
The European Economic Area (EEA) was established via the ''Agreement on the European Economic Area'', an international agreement which enables the extension of the European Union's single market to member states of the European Free Trade As ...
Department of Homeland Security
The United States Department of Homeland Security (DHS) is the U.S. federal executive department responsible for public security, roughly comparable to the interior or home ministries of other countries. Its stated missions involve anti-terr ...
, for the
Arrival and Departure Information System
Arrival(s) or The Arrival(s) may refer to:
Film
* ''The Arrival'' (1991 film), an American science fiction horror film
* ''The Arrival'' (1996 film), an American-Mexican science fiction horror film
* ''Arrival'' (film), a 2016 American science ...
Statewatch Statewatch is a non-profit organization founded in 1991 that monitors civil liberties and other issues in the European Union and encourages investigative reporting and research.
The organization has three free databases: a large database of all its ...
Czech Republic
The Czech Republic, or simply Czechia, is a landlocked country in Central Europe. Historically known as Bohemia, it is bordered by Austria to the south, Germany to the west, Poland to the northeast, and Slovakia to the southeast. The ...
Rue 89
Rue89 is a French news website started by former journalists from the newspaper ''Libération''. It was officially launched on 6 May 2007, on the day of the second round of the French presidential election. Its news editor is Pascal Riché, forme ...
'', 4 March 2008 The tensions between Washington and Brussels are mainly caused by a lesser level of
data protection
Information privacy is the relationship between the collection and dissemination of data, technology, the public expectation of privacy, contextual information norms, and the legal and political issues surrounding them. It is also known as data pr ...
in the US, especially since foreigners do not benefit from the US
Privacy Act of 1974
The Privacy Act of 1974 (, ), a United States federal law, establishes a Code of Fair Information Practice that governs the collection, maintenance, use, and dissemination of personally identifiable information about individuals that is maintaine ...
. Other countries approached for bilateral MOU included the United Kingdom, Estonia, Germany and Greece.
Statewatch Statewatch is a non-profit organization founded in 1991 that monitors civil liberties and other issues in the European Union and encourages investigative reporting and research.
The organization has three free databases: a large database of all its ...
, March 2008
See also
;Computer science specific
;Organisations
;Scholars working in the field