How It Is

Conceptualizing Privacy

Some thoughts on what the difference is between the US and those folks across the pond about privacy.

I know a wonderful human named Heather Burns who cares about privacy and GDPR and has made me quite passionate about understanding what the heck I’m talking about. She’s infectious, smart, and well worded. When she talks I listen.

Earlier this year, she posted her slides from a speaking event, PHP Yorkshire. One of them resonated with me to the point that I keep thinking about it:

US vs UK/Europe concept of Privacy
Source: Heather Burns’ PHP Yorkshire Slides

I sat and read it a few times, and I realized that I absolutely 100% agree with all of the UK/Europe concepts and only one of the US’s. I won’t touch on all of them, but here are the ones I spend a lot of time pondering.

Ownership vs Freedom Ownership vs Freedom

In the US, there’s a massive misconception that you have a right to say what you want about what you want without consequences. This is absolutely not true. Freedom of speech, in the United states, does not exculpate me from what happens to me after I say a thing. But we have a big bugaboo here about how our freedoms are fundamental rights. So even though the first few Amendments to the Constitution are quite clearly about their direct applications to ‘against the government’ and ‘in a militia,’ people take them, twist them, and make them apply to everything else.

This runs into an issue with GDPR and people in the UK and Europe, where the law is that you own your own data. You have a right to it, and to what’s said about you. Yeah hang on there. Folks in the US have a right to say what we want. Folks in the UK/Europe have a right to make us shut up.

That’s working out about as well as you’d think, mostly because we disagree about this other thing…

Top ↑

Data Ownership Data Ownership

Really, it should be pretty simple for the freedom of speech to coexist with the right to be private. If I post lies about you, you are legally within your rights in the US to demand I take them down. If I post information about you that wasn’t public, like I know you like burn Beanie Babies (those are stuffed animals, folks), then in the US you’re kind of out of luck unless you can prove it caused you ‘harm.’ Across the pond? I have to delete it.

And right there, I agree with the Europeans. If I take privileged information and make it public, I’m a horrible human first of all. I’ve betrayed your trust, and I’ve probably done it for financial gain. On the other hand, if I take public information (like a photo of you from the Associated Press of you burning a Beanie Baby in Central Park) and share it, I’m still a pretty horrible human, but not in the same way.

As a human, I think I should have the right to own my own data. But this comes with a measure of responsibility. In other words, I’m responsible for what I put out there. If I make it public that I’m a lesbian (which I did), am I legally allowed to demand you remove all references to me being one on your site? In other words, do I get take-backs if I make things public?

Maybe, but over yonder, I should at least ask first!

Top ↑

Cooperation Before Court Cooperation Before Court

There’s a concept called “Assume good faith” and it’s one of Wikipedia’s fundamental principles. It’s related to the concept that we should never attribute to malice that which can be ascribed to ignorance. Generally this comes up when I talk to people about copyright or trademark violations. I never assume people meant to violate those things, just that they were unaware of things.

The idea that someone has to ask me to remove a thing before suing me would be a lovely thing. The closest I can think of in the US is the way DMCA requests are handled. That is, I can issue a counter notice and either state “Hey, removed it!” argue back that it’s fair use. But that isn’t the same as the idea that we should talk before we go to lawyers. And that’s, you know, respectful.

I spend a lot of time thinking about this based on two other sites I run, where there is personal information of other people. It’s all public-personal information, but in general if someone asks me to remove data, I’ve complied. There was one instance where I didn’t, and I explained why not and the other person agreed it was a fair representation of the situation.

Top ↑

What Happens Now? What Happens Now?

Well. A lot of confusion and arguments about who has the right to what and where and when.

There’s going to be a lot of change in your future.