General Resources

This segment provides answers to some background questions that an organisation that is about to conduct a PIA may pose. Many of the terms and concepts in the answers are used in other parts of this Handbook and will be important to understand when conducting a PIA. The topics addressed are:

1. What is privacy?
2. How is privacy protected?
3. Why is privacy important?
4. Why have a privacy strategy?

1. What is privacy?

Privacy is recognised as a human right in all relevant major documents applicable in the UK, including the Universal Declaration of Human Rights (UDHR 1948, Article 12), the International Covenant on Civil and Political Rights (ICCPR 1966, Article 17), the European Convention on Human Rights (ECHR 1950, Article 8), and the Charter of Fundamental Rights of the European Union (CFREU 2000, Articles 7 and 8). Specifically, it is mentioned in the UK Human Rights Act 1998, at Article 8.1, as "respect for ... private and family life, ... home and ... correspondence".

These documents though are not always consistent in their approach and generally they do not define the term 'privacy', and the scope to which it overlaps with a range of other freedoms and rights. A useful working definition of privacy is "the interest that individuals have in sustaining a 'personal space', free from interference by other people and organisations".

Interpreted most broadly, privacy is about the integrity of the individual. It therefore encompasses many aspects of the individual's social needs. The following dimensions can be usefully distinguished.

Privacy of the person, sometimes referred to as 'bodily privacy', is concerned with the integrity of the individual's body. At its broadest, it could be interpreted as extending to freedom from torture and right to medical treatment, but these are more commonly seen as human rights rather than as aspects of privacy. Issues that are more readily associated with privacy include compulsory immunisation, blood transfusion without consent, compulsory provision of samples of body fluids and body tissue, and requirements for submission to biometric measurement.

Privacy of personal behaviour relates to the observation of what individuals do, and includes such issues and optical surveillance and 'media privacy'. Many issues that come to attention relate to sensitive matters, such as sexual preferences and habits, political activities and religious practices. But the notion of 'private space' is vital to all aspects of behaviour, is relevant in 'private places' such as the home and toilet cubicle, and is also relevant in 'public places', where casual observation by the few people in the vicinity is very different from systematic observation, the recording or transmission of images and sounds.

Threats to privacy of personal communications include mail 'covers', the use of directional microphones and 'bugs' with or without recording apparatus and telephonic interception and recording. In recent years, concerns have arisen about third-party access to email-messages. Individuals generally desire the freedom to communicate among themselves, using various media, without routine monitoring of their communications by other persons or organisations.

Privacy of personal data is referred to variously as 'data privacy' and 'information privacy'. Individuals generally do not want data about themselves to be automatically available to other individuals and organisations. Even where data is possessed by another party, the individual should be able to exercise a substantial degree of control over that data and its use. The last six decades have seen the application of information technologies in many ways that have had substantial negative impacts on data privacy.

2. How is privacy protected?

Privacy only emerged as a distinct concern in the second half of the twentieth century. Incidental protections already existed for various aspects of privacy, however. For example, the privacy of the physical person is protected by the criminal law relating to assault. The law of confidence applies to personal data collected in any context in which 'confidentiality' exists, including (but not limited to) the particular cases of doctor and patient, lawyer and client, and priest and confessant. An overview of the law of confidence in provided in ICO (2006). Telephone conversations have been subject to prohibitions on recording and interception for many decades. There are also specific laws relating to 'Peeping Tom' / voyeurism offences.

A much broader body of law has emerged since the late 1990s, as a result of the UK's membership of the European Union, and its obligation to be consistent with such documents as the EU Charter of Fundamental Rights. This gave rise to the Human Rights Act, including Articles 8 and 14 relating to private life and discrimination. In addition, it appears that the courts may be developing a tort of privacy, although to date its primary application appears to be in relation to the media's treatment of celebrities.

An area in which a considerable body of law has developed is privacy of personal data. A 1984 UK statute was replaced by the present Data Protection Act in 1998. For an assessment of the legal framework underlying data protection law, see ICO (2004).

3. Why is privacy important?

Privacy is important from a number of different perspectives.

Philosophically, particularly on the European Continent, there is a strong emphasis on people being important for their own sake. The concepts of 'human dignity' and integrity play a significant role in some countries, as do the notions of individual autonomy and self-determination. In some (though perhaps not all) traditions and jurisdictions, these are the ideas that underpin the notion and significance of human rights.

Psychologically, people need private space. This applies in public as well as behind closed doors and drawn curtains. We need to be able to glance around, judge whether the people in the vicinity are a threat, before performing actions that could be embarrassing or have other negative consequences in other contexts.

Sociologically, people need to be free to behave, and to associate with others, subject to broad social mores, but without the continual threat of being observed. Otherwise, people are reduced to the inhuman, constrained environments that have been imposed on people in other times and countries.

Economically, people need to be free to innovate. International competition is fierce, and countries with high labour-costs need to innovate if they want to sustain their standard-of-living. Cleverness has to be continually reinvented; but the chilling effect that surveillance brings with it stifles innovation. All innovators are, by definition, 'deviant' from the norms of the time, and they are both at risk, and perceive themselves to be at risk, if they lack private space in which to experiment.

Politically, people need to be free to think, and argue, and act. Surveillance can chill behaviour and speech, and undermine democracy.

Privacy grew in significance in 'advanced western nations' through the twentieth century. Key factors in its emergence as a major factor in the minds of consumers/citizens have included the following:

• There has been sustained growth in the scale, tempo and professionalism of business and government since the 1920s
• There has been an increase in the 'social distance' between individuals and the institutions that serve them. This is epitomised by the replacement of local store-owners and bank managers with data-intensive operations run from Head Office, whose customer interface is now an impersonal call centre.
• There has been exponential growth in privacy-invasive information technologies since the 1950s. This has served and reinforced the social distance between people and organisations. In addition, in recent years computing and communications have converged, resulting in a compounding of the threat. Relevant technologies include RFID tags, biometrics, locator technologies including mobile phone location and applications of GPS, inexpensive visual surveillance, digital image and video recording, profiling, data mining, and logging of electronic traffic. Such technologies have increased both the level of the threat to privacy and the public perception of that threat-level.
• Privacy-invasive technologies have become pervasive. Many such technologies are now very widely deployed, including Internet-connected desktops and laptops, mobile phones, networked PDAs of many different kinds and CCTV. These devices are generating greatly increased data-trails and consequent enhanced capacity for inappropriate data access and data disclosures, and for location and tracking. These implications are often of less concern to the generation of people who have grown up with the technology
• There is a tendency in business and government to act as though there is a technology imperative ('because it can be done, it should be done'), due to the combined pressures of technology marketers and the need for efficiency improvements. This has not always been tempered by scepticism about the real capabilities of technologies, and understanding of the implications of applying them.
• There has been an increasing incidence of multi-organisational arrangements, in such forms as strategic partnerships among groups of corporations, 'joined-up government', 'single-portal electronic services', and 'public-private partnerships'. In addition to creating the possibility of enhanced services, this exacerbates the privacy threat, because it tempts organisations to apply personal data to multiple purposes, and hence to break down the 'personal data silos' and 'identity silos' that were the most important form of privacy protection through the second half of the twentieth century.
• Increasing emphasis on public safety, particularly since 2001, has resulted in the implementation of measures to protect the physical safety of the population and critical infrastructure, with little evidence of attention to their privacy impacts.

People are aware that organisations acquire personal data, and that those organisations use the information to exercise power over them. Some give up with the attitude that, “they already know everything about me”. Others react strongly against the intrusiveness (the 'privacy absolutists'). Most are apathetic and seldom think about it. But many flip between the two extremes, with privacy not mattering most of the time, but occasionally exploding into prominence (“privacy doesn't matter until it does”).

The media have the capacity to turn a minor issue into a public furore within hours. As a result, privacy is a risk factor for many organisations. Misjudging whether the media and the public will accept has resulted in negative impacts on business enterprises and government agencies alike. For example, the public has demanded action on lack of security at a financial institution (resulting in a fine of almost £1 million for one institution), and on breaches of the Data Protection Act by several major corporations. With the growth in data-intensity and increasing use of privacy-intrusive technologies, the risks of a project or scheme being rejected by the public are increasing.

4. Why have a privacy strategy?

The performance of a PIA is much simpler for organisations that have a privacy strategy in place. This is because staff will be better attuned to the kinds of issues, and more aware of public concerns and of the risks that those concerns represent to the organisation's reputation.

Organisations whose operations have considerable impacts on the privacy of their customers, their staff, or indeed any other categories of people, may find themselves embroiled in media controversies from time to time, and may need to respond to enquiries from individuals, their representatives, elected officials. Moreover, they may find that realising potential value from projects is subject to risks arising from public reaction to the project's privacy profile.

Organisations that are in that position may need to undertake PIAs fairly frequently. They may also find that their staff are resistant to changes in business processes and system design that arise as a result of those PIA processes. In order to ensure that the organisation is adaptive, and that PIAs can be conducted quickly and inexpensively, strategic measures may be appropriate.

Further discussion is provided in relation to 'What is a privacy strategy?'.