The importance of privacy is often downplayed. It sometimes seems as though privacy is viewed as something bad, something inherently selfish, something that ‘good’ people don’t need or really want – or at the very least are willing to sacrifice for the greater good. To me, that displays a fundamental misunderstanding of privacy and of the role it plays in society. Privacy isn’t selfish – though it is sometimes used for selfish means – it’s one of the crucial elements of a functioning society. We all need privacy – and not just for our personal, individualistic needs, but to be able to function properly in society. We need to have our privacy respected – and we need to respect others’ privacy.
Two current stories exemplify both the importance of privacy and the way that the arguments often get skewed: the debate over mass surveillance of the internet, and the issue of the ‘opening up’/'selling off’ of health data from the NHS (the ‘care.data’ story).
Mass surveillance and selfishness
The argument here (which I’ve discussed before, most recently here) is that the only reason to oppose mass surveillance is to protect your own, individual and selfish personal privacy. As ‘good’ people have ‘nothing to hide’, they’ve got ‘nothing to lose’ by sacrificing this individual, selfish concern for the greater good. As Sir Malcolm Rifkind put it:
“There is a balance to be found between our individual right to privacy and our collective right to security.”
The implication of Rifkind’s words is pretty clear – the collective right to security is more important. It’s ‘collective’ rather than ‘individual’ – and hence altruistic rather than selfish. There are many holes in the argument. Surveillance impacts upon rights that are far from individual or selfish – chilling free speech (and the right of others to hear your speech), limiting rights to assemble and associate both offline and online and more. It creates a power imbalance between those who have the information (in this case the authorities) and those about whom the information is held (in this case each and every one of us) which ultimately undermines pretty much every element of how our society functions. That’s why police states are so keen on surveillance and information gathering – it gives them control. It’s not just selfish to want to avoid that kind of control – it’s for the good of the society as a whole.
Furthermore, the idea that only those who have ‘something to hide’ should be concerned about privacy is in itself fundamentally flawed. People don’t just want to hide ‘bad’ or ‘discreditable’ information – and privacy isn’t just about ‘hiding’ things either. Privacy is about autonomy – about the ability to have at least an element of control over what information about them is made available to whom. Some information you might be happy to share with your friends but not with your parents, your employers or the government. What you might want to share can change over time – even the nicest things are often best held back for your own reasons. It’s not selfishness – it’s humanity.
Health data and selfishness
The parallels between the care.data debate and the debate over mass surveillance may not be immediately apparent, but the two issues are closer than they might seem. The argument goes broadly like this: those who are objecting to the sharing of health data are selfishly worrying about a minuscule risk to their own, individual privacy and should be sacrificing that selfishness to the collective good created by the sharing of health data. Just as for mass surveillance, the balance suggested is between an almost irrelevant selfishness and a general and bountiful good created by the sharing of health data.
Again, I think this argument is misstated – though perhaps not as clearly as with mass surveillance. The first thing to say is that the risk to individual privacy is not minuscule. The suggestion by the proponents of the system is that because the data is ‘anonymised’ then privacy is protected. The problem is that anonymisation, both theoretically and practically, has generally been shown to be ineffective. ‘Anonymous’ records can be deanonymised – and individual, personal and deeply private information can be extracted.
The next question is whether making this data available will actually benefit the ‘collective good’. The assumption that seems to be being made – the image being presented – is that the data will go to research laboratories developing cures for terrible diseases. If we don’t let this data be shared in this way, we’ll stop them developing cures for currently incurable cancers and so forth. The reality appears likely to be quite different – one key aim seems to be to sell the data to drug companies and insurance firms. Both of these aims need to be handled with a great deal of care.
As for mass surveillance, the ultimate result may well be more about a transfer of power from individuals to organisations that may well be far from benevolent. A society where those in control of health care – and in particular access to health care (either to services or to drugs) have complete informational control over individuals is in some ways just as bad (and remarkably similar) to one where authorities have informational control over people. In a society like that in the UK where there is increasing and creeping privatisation of health services this is particularly worrying. Being concerned about this isn’t selfishness.
A more privacy friendly society?
In both cases, it is important to understand that we’re not left with just one choice. This isn’t black and white. It’s not ‘mass surveillance or anarchy’, or ‘complete health data sharing or a collapse in public health’. It really is about balance – but finding the balance should be based on a more appropriate and accurate analysis of the issues. For mass surveillance we need to look more carefully at the impact of that surveillance, and ask for more evidence of the collective benefit.
For health data we need to look more carefully – much more carefully – at the risks of deanonymisation. And, if we can ameliorate those risks appropriately, we need to set the terms of the ‘opening up’/'selling off’ of the data in a way that benefits society. Drug companies should only get access to that information if they make appropriate commitments to make the drugs they develop available in forms and at prices that benefit society – and the NHS in particular. For insurance companies the terms should be even tougher – if they should be allowed access at all.
Most of all, though, we need to have a proper debate about this, and the case needs to be made. Anyone who has received the care.data leaflet through their door (mine came last week) should be shown how much it shows only one side of the argument. This is a critical moment – for both health data and surveillance. What we do now will be very hard to reverse, not just for us but for future generations. To care about them is the opposite of selfishness.