Information privacy

Information privacy is the relationship between the collection and dissemination of data, technology, the public expectation of privacy, contextual information norms, and the legal and political issues surrounding them. It is also known as data privacy or data protection.

History and Evolution

The concept of information privacy can be traced to the year 1890. Legal scholars Samuel Warren and Louis Brandeis published an article explaining "the right to be let alone," which meant to establish privacy as a right. Their guidelines set the foundation for how privacy can be understood in terms of personal data.
In the United States, the Privacy Act of 1974 represented an achievement in information privacy law. The law set a Code of Fair Information Practice to govern how federal agencies collect personal information and data. It was founded primarily after the scandal at the Watergate office building that highlighted illegal government surveillance such as COINTELPRO. The Act allowed a person to have the right to access information about themselves and know how their information would be used.
The beginning of the internet's popularity in the early 2000s presented different privacy concerns as many companies and organizations began to collect user's personal data. Scholars such as Daniel Solove explained the importance of informed consent.
In 2018, the Facebook Cambridge Analytica scandal introduced new privacy risks to the public. A consulting firm called Cambridge Analytica collected personal user data from over 85 million Facebook users without informed consent. The data collected was used to assist in politically targeted ads during the 2016 U.S. Presidential Election. This resulted in the United States Federal Trade Commission fining Facebook $5 billion. The Cambridge Analytica scandal did create new legislation such as the European Union's General Data Protection Regulation.

Information types

Various types of personal information often come under privacy concerns.

Cable television

This describes the ability to control what information one reveals about oneself over cable television, and who can access that information. For example, third parties can track IP TV programs someone has watched at any given time. "The addition of any information in a broadcasting stream is not required for an audience rating survey, additional devices are not requested to be installed in the houses of viewers or listeners, and without the necessity of their cooperations, audience ratings can be automatically performed in real-time."

Educational

In the United Kingdom in 2012, the Education Secretary Michael Gove described the National Pupil Database as a "rich dataset" whose value could be "maximised" by making it more openly accessible, including to private companies. Kelly Fiveash of The Register said that this could mean "a child's school life including exam results, attendance, teacher assessments and even characteristics" could be available, with third-party organizations being responsible for anonymizing any publications themselves, rather than the data being anonymized by the government before being handed over. An example of a data request that Gove indicated had been rejected in the past, but might be possible under an improved version of privacy regulations, was for "analysis on sexual exploitation".

Financial

Information about a person's financial transactions, including the amount of assets, positions held in stocks or funds, outstanding debts, and purchases can be sensitive. If criminals gain access to information such as a person's accounts or credit card numbers, that person could become the victim of fraud or identity theft. Information about a person's purchases can reveal a great deal about that person's history, such as places they have visited, whom they have contact with, products they have used, their activities and habits, or medications they have used. In some cases, corporations may use this information to target individuals with marketing customized towards those individual's personal preferences, which that person may or may not approve.

Information technology

As heterogeneous information systems with differing privacy rules are interconnected and information is shared, policy appliances will be required to reconcile, enforce, and monitor an increasing amount of privacy policy rules. There are two categories of technology to address privacy protection in commercial IT systems: communication and enforcement.
;Policy communication

P3P – The Platform for Privacy Preferences. P3P is a standard for communicating privacy practices and comparing them to the preferences of individuals.

;Policy enforcement

XACML – The Extensible Access Control Markup Language together with its Privacy Profile is a standard for expressing privacy policies in a machine-readable language which a software system can use to enforce the policy in enterprise IT systems.
EPAL – The Enterprise Privacy Authorization Language is very similar to XACML, but is not yet a standard.
WS-Privacy – "Web Service Privacy" will be a specification for communicating privacy policy in web services. For example, it may specify how privacy policy information can be embedded in the SOAP envelope of a web service message.

;Improving privacy through individualization
Computer privacy can be improved through individualization. Currently security messages are designed for the "average user", i.e. the same message for everyone. Researchers have posited that individualized messages and security "nudges", crafted based on users' individual differences and personality traits, can be used for further improvements for each person's compliance with computer security and privacy.
Improve privacy through data encryption
By converting data into a non-readable format, encryption prevents unauthorized access. At present, common encryption technologies include AES and RSA. Use data encryption so that only users with decryption keys can access the data.

Internet

The ability to control the information one reveals about oneself over the internet and who can access that information has become a growing concern. These concerns include whether email can be stored or read by third parties without consent or whether third parties can continue to track the websites that someone visited. Another concern is whether websites one visits can collect, store, and possibly share personally identifiable information about users.
The advent of various search engines and the use of data mining created a capability for data about individuals to be collected and combined from a wide variety of sources very easily. AI facilitated creating inferential information about individuals and groups based on such enormous amounts of collected data, transforming the information economy.
The FTC has provided a set of guidelines that represent widely accepted concepts concerning fair information practices in an electronic marketplace, called the Fair Information Practice Principles. But these have been critiqued for their insufficiency in the context of AI-enabled inferential information.
On the internet many users give away a lot of information about themselves: unencrypted emails can be read by the administrators of an e-mail server if the connection is not encrypted, and also the internet service provider and other parties sniffing the network traffic of that connection are able to know the contents.
The same applies to any kind of traffic generated on the Internet, including web browsing, instant messaging, and others.
In order not to give away too much personal information, emails can be encrypted and browsing of webpages as well as other online activities can be done anonymously via anonymizers, or by open source distributed anonymizers, so-called mix networks.
Nym and I2P are examples of well-known mix nets.
With social media and e-commerce sites being used more frequently, there are more potential openings for stealing consumer’s data. Companies can see which types of products consumers like to purchase and can use targeted ads to try to make people purchase more items thinking that this is what they will want to purchase. However, sometimes this type of data is used without explicit consent, people’s data can be protected and they asked for explicit consent before using said data. Globally, many nations are trying to implement similar clauses to protect consumers.
Email is not the only internet content with privacy concerns. In an age where increasing amounts of information are online, social networking sites pose additional privacy challenges. People may be tagged in photos or have valuable information exposed about themselves either by choice or unexpectedly by others, referred to as participatory surveillance. Data about location can also be accidentally published, for example, when someone posts a picture with a store as a background. Caution should be exercised when posting information online. Social networks vary in what they allow users to make private and what remains publicly accessible. Without strong security settings in place and careful attention to what remains public, a person can be profiled by searching for and collecting disparate pieces of information, leading to cases of cyberstalking or reputation damage.
Cookies are used on websites so that users may allow the website to retrieve some information from the user's internet, but they usually do not mention what the data being retrieved is. In 2018, the General Data Protection Regulation passed a regulation that forces websites to visibly disclose to consumers their information privacy practices, referred to as cookie notices. This was issued to give consumers the choice of what information about their behavior they consent to letting websites track; however, its effectiveness is controversial. Some websites may engage in deceptive practices such as placing cookie notices in places on the page that are not visible or only giving consumers notice that their information is being tracked but not allowing them to change their privacy settings. Apps like Instagram and Facebook collect user data for a personalized app experience; however, they track user activity on other apps, which jeopardizes users' privacy and data. By controlling how visible these cookie notices are, companies can discreetly collect data, giving them more power over consumers.