Privacy and Our Humanity

I’ve come to the realization that all of the issues surrounding privacy, whether they be political, legal or cultural, are nothing more than a response to fear. This realization is changing my point of view. I’m no longer viewing privacy through a technical, political or legal lens but rather I’m viewing it primarily as a human issue. It’s this new context that has lead me to conclude that those that approach privacy through an understanding of our human nature will be the future market leaders. Those that follow the traditional corporate line of doing the minimum to comply with the law will ultimately lose to those with a deeper understanding and a human approach.

I originally wanted this post to detail a method for a “human approach” to privacy but unfortunately I couldn’t find any easy answers, nor a one-size-fits-all methodology. I’m not giving up though. I still want to try to describe the aspects of our human nature that can comprise a framework from which a specific plan can be created. To start that off I want to begin at the top, and the top of this framework needs to be a clear definition of a “privacy violation:”

A privacy violation is giving, willingly or otherwise, personal information to a third party without consent.

That’s it. All the legalese, policies and political bluster boil down to that one simple statement, and I need to give credit to Bruce Schneier’s excellent Secrets and Lies which I’ve paraphrased with that statement.

I’ve put this definition front and center because without privacy violations there are no privacy issues at all, and given that, and to humanize the topic, at the heart of the issue of privacy is nothing more than people’s fear of a privacy violation.

Culture of Fear

As Danah Boyd so succinctly states in her summary of her 2012 SXSW presentation, “We live in a culture of fear.” I can’t think of a better way to describe our current environment. She describes this fear as something manufactured by marketers, politicians, the media and others to control the population with the motive of profit.

The result of this is that privacy laws, regulations and cultural norms all derive from this environment. An environment where we are bombarded by messages that prey on (and resultantly exacerbate) this fear. In other words we are innately fearful and our culture is only feeding this aspect of who we are.

Out of Control

Truthfully though “fear” is just an abstract concept. However the root cause of a fear is certainly describable. As Helen Nissenbaum states in a recent Atlantic Monthly article, the fear associated with privacy is rooted in people’s impression that they have lost control over their personal information, but it is not that they’ve handed over too much information. It’s that the flow of information is something they can’t control.

This feeling of a loss of control is leading to a recognition among the general public that personal data does not belong to the person it belongs to the corporation who collected it and the corporation may not have the individual’s best interest in mind.

Free and the Free Market

If people are fearful from a loss of control, what possesses them to hand over their information in the first place? The answer is that they’re willing to exchange their information for something valuable in return. This is the essence of a free market: If an exchange is perceived as having an equal value by both participants the exchange is made.

And, as Dan Ariely documents in Predictably Irrational, that willingness to exchange becomes even more powerful if the person perceives that they are getting something for free. Through rigorous experiments Ariely finds that even though we recognize that every exchange has an upside and downside, when something is free we forget the downside. It is exactly this mechanism of our human nature that Facebook, Google and countless others leverage to their advantage.

However the time of that model is likely drawing to a close as people are beginning to understand that what companies offer benefit the company more than it does the consumer and as a consequence, especially in combination with the feeling of loss of control, are becoming more distrustful.


To fight against that lack of trust companies need to become more transparent. Human nature is such that people believe that when all of the facts are out in the open that people are more honest then when they deal in private. Regulations and laws around the world are forcing transparency and disclosure on corporations to some extent, but the smart ones, like Google are working to be as transparent as possible.

The problem with transparency is that it fights an uphill battle against a public’s general short attention span and the inherent complexity required to properly describe everything an organization does with personal information. It is not a simple thing to educate the consumer in plain language. As Andy Kahl of Evidon (the makers of Ghostery) states,

I think the biggest challenge we have right now is figuring out a way to educate the average user in a way that’s reasonable.


As any lawyer will tell you “reasonable,” due to its subjectivity, is a loaded term, but since educating the consumer is the task that resolves so much of the fear and tension around privacy, we need to figure out what is reasonable. To that end there are a number of characteristics of our human nature we need to consider.

Context: People don’t know what they want unless they see it in context. Notifying them about the risks/rewards of handing over personal information at a time when they are not performing that exchange is not effective.

Rarity: We covet those things that are difficult to obtain. We don’t covet our names. Go up to any stranger, extend your hand for a handshake and say, “Hi, I’m [state your full name]” and you are likely to get a response including the strangers full name. Try that same exchange with your phone number and you’re not likely to get that information back so easily. Asking for personal information, those that we covet, is a sensitive matter.

Comparison and Expectations: We tend to compare things that are easily comparable and once the comparison is made expectations are set. Previously set expectations are very difficult to change and unfortunately most consumers have a set of expectations already from participating on the Web.

Grouping: We assume things are good or bad based on other actions. If everyone else is doing it then it must be OK. If no one else is doing then it must be bad.

It’s these aspects of our nature in combination with current cultural norms that make transparency so difficult to get right, but in solving that conundrum lies the key to resolving our collective fear and issues of privacy.


A privacy violation is a simple concept but one that many rightly fear. Addressing that fear, taking into account the complexities of our human nature and established cultural norms, is profoundly challenging. Successfully meeting that challenge will be the key to success for any company hoping to do direct business with the general public. As I’ve already stated, unfortunately there is no easy answer. If you think you have the answer, or an example of someone on the right track, let me know!


Now read this

Consumer Expectations

Or alternatively titled, “How security and privacy both intersect but are different and why it would benefit to pay closer attention,” but that would be way too long of title. As CTO of the IAPP – at the center of privacy – I have a... Continue →