What is privacy?

Countless definitions of privacy exist. Arguably, the most prominent one was offered by Alan Westin. It goes as follows:

[…] privacy is the voluntary and temporary withdrawal of a person from the general society through physical or psychological means […]

Alan Westin (1967, p. 7)

You might ask yourself: “Well, that seems pretty convincing — so where’s the problem?” It already begins in the same book, in the very previous sentence. Here, Westin offers the following definition:

Privacy is the claim of individuals, groups, or institutions to determine for themselves when, how, and to what extent information about them is communicated to others.

Alan Westin (1967, p. 7).

At first glance, these definitions seem similar. But they are not.

In the first one, Westin conceptualizes privacy as a voluntary and temporary withdrawal. The definition is hence about a person’s level of seclusion, separateness, or segregation. It defines privacy as limitation of accessibility.¹

In the second definition, Westin conceptualizes privacy as the claim to determine what information is communicated to others. It hence addresses a person’s agency, self-determination, or autonomy. The second definition defines privacy as control over accessibility.

What do you think, which definition is correct? Is privacy the limitation of accessibility or rather the control over that limitation?

You might respond: “Who cares, what’s the big difference?” Rest assured, several academics do care. In fact, finding the answer is still one of the biggest theoretical challenges that privacy research is facing (e.g., Masur, 2018). Helen Nissenbaum, one of the most influential researchers on privacy, described the situation as follows:

In my view, the effect of these challenges, coupled with persuasive arguments, is not to prove that one or the other of these approaches is correct, but that both capture essential aspects of privacy that we seem to care about. A non-arbitrary resolution of this disagreement is not possible, nor […] is it needed.

Helen Nissenbaum (2010, p. 71)

I think I don’t agree. True, not having a shared definition still allows us to address several pertinent issues. However, adopting such a stance seems all too easy and a bit defeatist. Privacy is one of the most pressing topics of today, and having a shared definition would surely help improve subsequent research.

Also in my own work I have been grappling with this issue throughout the last years. But I think that I have come to understand the concept of privacy a bit better by now, and maybe it is indeed possible to make some progress. So bear with me, in what follows I present a novel understanding of privacy.²

Note that I’m approaching privacy from the perspective of the individual. My approach is descriptive and does not make any normative claims, for example with regard to a person’s right to privacy.

As a first step, let’s embark on a brief excursus on the logical concept of necessary versus sufficient conditions, which will be helpful for structuring our subsequent musings about the theoretical nature of privacy.

Necessary versus sufficient conditions

Let’s imagine that you are thirsty. To successfully quench your thirst, you could drink a glass of water. Hence, drinking a glass of water is a sufficient condition for, you’ve guessed it, quenching your thirst. However it is not a necessary one, because you could have also drunk something else — milk, for example.

Next, let’s imagine that you want to brew yourself a cup of coffee. For that, having water would be a necessary condition, because you cannot brew coffee without water. However, it is not a sufficient one, because you also need coffee and equipment.

Finally, sometimes something is both a sufficient and a necessary condition. For example, drinking multiple alcoholic beverages is both necessary and sufficient for getting stone-cold drunk.

With that in mind, let us now return to what defines privacy and what not.

Limitation of access is a necessary condition for experiencing privacy

There’s no way getting around it: We cannot talk about privacy if there is not at least some level of limitation involved, some withdrawal, some seclusion. The word private comes from the Latin privatus, which means separated, deprived, or being owned.

In our ordinary language, we hence talk about having privacy when we’re alone in our room. We don’t talk about having privacy when we’re uploading a picture of that very room to our 10,000 followers on Instagram.

What we need is a definition which is by and large consistent with ordinary language, so that capable speakers of English will not be genuinely surprised that the term ‘‘privacy’’ should be defined in this way, but which also enables us to talk consistently, clearly, and precisely about the family of concepts to which privacy belongs.

W. A. Parent (1983, p. 269), as cited from Tavani (2007)

In conclusion, a definition of privacy needs to incorporate the notion that limiting one’s accessibility also increases one’s privacy. In other words, it is a necessary condition. Might it even be a sufficient one?

Limitation of access is not a sufficient condition for experiencing privacy

Does a person thrown into prison feel private? What about an employee banned from using her Smartphone at work, does she feel private?

In most cultures, the answer should be no. Being alone does not feel private if one is forced to being alone. Likewise, not being allowed to use a smartphone at work does not induce feelings of privacy, it rather feels like being cut off from the rest of the world. In conclusion, the limitation of accessibility cannot be a sufficient condition for experiencing privacy.

Full disclosure: I’ve changed my mind on this aspect. I used to think that the limitation of accessibility is a sufficient condition for privacy, because if the word privatus captures separateness, then technically prisoners should also be considered private.³ However, it was my colleague Philipp Masur who eventually convinced me of the opposite. He said: Tobias, on strictly logical terms you might be right. But if you asked a prisoner whether she feels private, she would say no. She would not feel private.

I’ve hence realized that such a definition of privacy has indeed lost touch with its meaning in ordinary language. It is somewhat unworldly, weltfremd, a form of academic patronizing.

But if the limitation of accessibility is not sufficient for experiencing privacy, what else do we need to include? As mentioned above, some have suggested that being in control of one’s accessibility is a sufficient definition for privacy. Maybe that’s the solution?

Control over accessibility is not a sufficient condition for experiencing privacy

Has an author who has published his diary lost privacy? What about a teenager who vlogs about her daily life? Or a person partaking in a porn movie, has he lost privacy?

In most cultures, the answer should be a definite and resounding yes. Karl Ove Knausgaard wrote 3000 pages about his life. Now that I have finished reading almost all of them,⁴ I surely know more about him than I know about most other people, even my closest friends. Nonetheless, and this is the point I want to make, according to the understanding of privacy as control, being in full control while writing, Knausgaard should have perfect privacy.⁵

Although I agree that being in control has something to do with experiencing privacy (more on that later), understanding privacy strictly as control goes too far. If we stated that being in control of one’s accessibility is sufficient for experiencing privacy, we would truly lose touch with its ordinary understanding. We would reduce privacy to an academic definition.⁶

Hence, being in control over one’s accessibility is not a sufficient condition for experiencing privacy. But maybe it’s a necessary one?

Control over accessibility is not even a necessary condition for experiencing privacy

If your best friend takes a spontaneous selfie of you and your pals, would you feel private? Or if your partner takes you on a surprise trip to a deserted island, would you feel private then?

I reckon that most of us would say yes. Despite the fact that in all of these situations we would have next to no control over our accessibility. In other words, in several situations we have no control over our accessibility but still feel private. Which means that being in control is not even a necessary condition for experiencing privacy.⁷

But what is the final ingredient of privacy given that limitation of access alone does not cut it? It is not control. The secret lies in one of the words Westin also used: The limitation of access has to be voluntary.

Correspondence between desired and achieved level of accessibility is necessary for experiencing privacy

The word voluntary implies that we feel private when we’re fine with our accessibility being limited — even if we cannot control it. But how can we conceptualize such a vague term?

To make it short, we could simply compare the objectively achieved level of accessibility with the subjectively desired level of accessibility (see, e.g., Altman 1976). If our achieved level of accessibility and our desired level of accessibility correspond, we experience more privacy. Or put differently, we increasingly experience privacy the more we want to be private.

But what about control? Should we completely eradicate it from our theoretical musings about privacy? Far from it!

Control allows to change achieved levels of accessibility

Although control is irrelevant when it comes to theoretically defining privacy, it is crucial for practically establishing it. When people have more control over their accessibility, they have more ways to alter their achieved level of accessibility in such a way that it aligns with their desired level of accessibility. More control, more correspondence.

Being able to achieve correspondence is essential, because only then can we engage in several behaviors crucial for our sociopsychological flourishing. We need privacy for counsel, respite, crying, getting intimate, or rehearsing. Being in control of one’s accessibility hence fosters privacy, but it is not a defining part of it.

You might ask: All that hubbub for so little implications? Isn’t that more or less the same? I dare say no. If we equated control with privacy, we would conflate the cause with its result. It would be tantamount to saying that drinking alcohol is the same as being drunk. We would commit a jingle fallacy⁸ — that is, we would give the same name to two different things.

I repeat: Control being highly relevant for achieving privacy does not equate it with actually being privacy.⁹

Presenting a novel definition of privacy

Let’s recap. According to the aforementioned, privacy increases the more we (a) limit our accessibility and (b) establish correspondence between our achieved level of accessibility and our desired level of accessibility.

Such an understanding of privacy has several implications. For one thing, privacy is not binary, it is continuous. There can be more and there can be less privacy. For example, privacy is extreme when you’re on your long-expected, single-person, two-week yoga retreat to a remote Himalayan hovel; it is moderate when you’re simply sitting in your office writing papers (what about that name tag on the door?); and it is nonexistent when your ex publishes pictures of you and your beloved cuddly toy on his Instagram (poor teddy … ).

For another thing, a general optimal level of accessibility does not exist. As already alluded to above, each behavior warrants a specific level of accessibility. Say you needed to recover from an excruciating breakup. For that you want some but not total limitation of your accessibility. Thinking about the past does not suffice, you might need to write it down.¹⁰ Or talk to your best friend. Remember that human beings are social animals, and limiting one’s accessibility is often precisely what we don’t want or need.

Technically speaking, the experience of privacy is hence a formative latent factor.¹¹ The contribution of the two dimensions to the experience of privacy is additive (with a premium on the limitation of one’s accessibility). Thrown into a prison cell, one experiences more privacy if the walls are made of brick instead of bars. Likewise, voluntarily uploading a picture of one’s wedding cake feels more private if you do it yourself instead of others without your permission.

In sum, this leads to the following novel definition of privacy:

People increasingly experience privacy the more they limit their own accessibility and the more their achieved level of accessibility corresponds to their desired level of accessibility.

Privacy and its dimensions

Finally, we still have to address that one elephant standing in the room. Namely, what exactly is accessibility and how can it be measured? In a prominent article, Burgoon (1982) defined the following four dimensions of privacy: physical, social, psychological, and informational privacy.¹²

Physical privacy refers to the actual boundaries people erect, such as fences, doors, or walls. Social privacy measures how many other people have access to oneself. Psychological privacy captures whether one is free to think and express oneself; it is for example reduced when there is too much distracting noise. Informational privacy describes the degree to which a person is identifiable and how much person-related information is attainable.

While I consider this conceptualization to be valuable, in order to make more precise predictions it has to be further specified. Without going into too much detail here, I suggest to differentiate three dimensions of accessibility, which have several subdimensions each.

First, one can differentiate the dimension of degree, which has three subdimensions: quantity, duration, and audience size.¹³ The second dimension is called entity and consists of another six subdimensions: sight, proximity, touch, sound, odor, and information. The third dimension is directionality and describes whether we refer to outputs or inputs.¹⁴

Brief interlude: It is also possible to differentiate an objective assessment of one’s accessibility from a subjective assessment (Dienlin, 2014). For example in online contexts, people often underestimate their actual level of accessibility. However, as we’re currently defining the subjective experience of privacy, we need to focus only on the subjective assessment.

In conclusion, a person’s level of accessibility can be described on staggering number of 3 x 6 x 2 = 36 units. That’s a lot. Unfortunately, this level of specificity is determined by how things are (bottom-up) and not by how we want things to be (top-down). And of course, people don’t calculate those numbers arithmetically, most of that happens implicitly. Let me give you an example.

Let’s imagine that you go outside to walk your dog for ten minutes. You’re wearing sunglasses as well as headphones. You estimate that roughly twenty people saw see you walking around the neighborhood. In terms of the directionality output and the entity sight, for ten minutes (duration) twenty people (audience size) were able to see you but not your eyes (quantity). Considering information, twenty people now know that you probably own a dog, that you live in this neighborhood, and what clothes you typically wear. No one got close to you, no one touched you, and you did not hear any sounds except that soothing voice from your favorite podcast. (You did have to smell a bit of your dog’s poo though). Overall, your accessibility was still mostly limited, but if you had stayed at home it would have been more (but then you couldn’t have walked your dog), and if you had decided to leave the glasses at home, it would have been less (but then everyone would’ve seen that the party you’ve been to last night was crazy).

Conclusion

What is privacy? To sum up, I’m positive that we can capture privacy using only the following three suppositions:

1. The limitation of one’s accessibility is a necessary condition for experiencing privacy.
2. Establishing a correspondence between one’s achieved level of accessibility and one’s desired level of accessibility is another necessary condition for experiencing privacy.
3. Accessibility can be measured on three dimensions: degree (quantity, duration, and audience size), entity (sight, proximity, touch, sound, odor, and information), and directionality (output and input).

What do you think — does this approach describe privacy sufficiently? Does it help address our perennial privacy problem or do you rather agree with Helen Nissenbaum that a non-arbitrary resolution is impossible?

You decide.

Next steps

This is the first of two blog posts on privacy. In the second one, I will address why we need privacy (I’ll thereby also step on some normative terrain). The theory I’ve presented here is part of a novel iteration of my Privacy Process Model. In other words, I’m planning to write this up as a proper paper, using more of those academic words (and hopefully less of that awkward Germenglish). I will also try to formalize the model as explicitly as possible, so that it’s possible to actually falsify it. So if you have any recommended readings regarding theory formalization and development, please let me know! Once all that is finished, I will link a preprint to the paper (not anytime soon).

Acknowledgements

Credit where credit is due: The abovementioned is the result of several years of collaboration with many a great scholar. Most prominently, this includes Philipp Masur, Sabine Trepte, and all colleagues from the project Transformations of Privacy. I can only recommend that everyone working on privacy read Philipp’s dissertation (Masur, 2018). Similarly, Sabine’s work on privacy, control, and affordances (Trepte, 2018) will soon be published as a full paper. I will link to that then. Thank you all!

Literature

• Altman, I. (1976). Privacy: A conceptual analysis. Environment and Behavior, 8(1), 7–29. https://doi.org/10.1177/001391657600800102
• Burgoon, J. K. (1982). Privacy and communication. Annals of the International Communication Association, 1, 206–249.
• Diamantopoulos, A., Riefler, P., & Roth, K. P. (2008). Advancing formative measurement models. Journal of Business Research, 61(12), 1203–1218. https://doi.org/10.1016/j.jbusres.2008.01.009
• Dienlin, T. (2014). The privacy process model. In S. Garnett, S. Halft, M. Herz, & J. M. Mönig (Eds.), Medien und Privatheit (pp. 105–122). Passau, Germany: Karl Stutz.
  
• Gusy, C. (2018). Datenschutz als Privatheitsschutz oder Datenschutz statt Privatheitsschutz? Europäische Grundrechte, 45(9), 244–254.
• Laufer, R. S., & Wolfe, M. (1977). Privacy as a concept and a social issue: A multidimensional developmental theory. Journal of Social Issues, 33(3), 22–42. https://doi.org/10.1111/j.1540-4560.1977.tb01880.x
• Masur, P. K. (2018). Situational privacy and self-disclosure: Communication processes in online environments. Cham, Switzerland: Springer.
• Nissenbaum, H. (2010). Privacy in context: Technology, policy, and the integrity of social life. Stanford, CA: Stanford University Press.
• Parent, W. A. (1983). Privacy, morality, and the law. Philosophy & Public Affairs, 12(4), 269–288.
• Tavani, H. T. (2007). Philosophical theories of privacy: Implications for an adequate online privacy policy. Metaphilosophy, 38(1), 1–22. https://doi.org/10.1111/j.1467-9973.2006.00474.x
• Trepte, S. (2018). Out of control: Privacy and communication in the light of social media affordances, Paper presented at the ICA’s 68th Annual Conference, Prague, Czech Republic.
• Westin, A. F. (1967). Privacy and freedom. New York, NY: Atheneum.

New blog post: "What is privacy"?https://t.co/xEN298s3Ir#privacy #theory pic.twitter.com/bDEMTfZdXe

— Tobias Dienlin (@tdienlin) March 22, 2019

1. Which is something I have first learned from Philipp Masur (see, e.g., Masur, 2018), who builds on Tavani (2007). I prefer to use the term accessibility over other options such as withdrawal or seclusion, because accessibility is both general and descriptive. Withdrawal or seclusion implies the existence of an intention, of a goal-directed behavior, which I consider superfluous at this point.
2. Which will surely settle the issue once and for all.
3. In fact, you can find this understanding of privacy in several of my publications; e.g., Dienlin (2014).
4. Can’t wait to read Book six, which will soon appear as paperback
5. Interestingly, note that according to Gusy (2018) we could also say that Knausgaard has not lost his control or privacy, but that he has enacted it.
6. And by all means, I’m not the first one to say so. In the words of Herman Tavani: “However, the prospect of someone disclosing all of his or her personal information and still somehow retaining privacy, merely because he or she had control over whether to reveal that information, would seem to be counter to our intuitions about what is required for privacy, as well as to the way we use that concept in ordinary discourse. Although one could exercise one’s individual autonomy in choosing to disclose every piece of one’s personal information to others, it would be difficult to understand how one could still retain one’s privacy in that case.” (Tavani, p 8)
7. Which is something that I have just recently learned from Sabine Trepte (see, e.g., Trepte, 2018).
8. One of those many nifty things I’ve learned from the100.ci.
9. Again, I’m not the first to state that. Let’s listen to Laufer & Wolfe, 1977 (p. 39): “In sum, control/choice influences and is influenced by the situation. As such, it is an important variable in the analysis of privacy. However, the dimensions of the privacy phenomenon are conceptually distinct from control/choice, which is a mediating variable. This distinction must be maintained if we are to understand the issues of privacy and invasions of privacy.” (Note that Laufer and Wolfe still have a different understanding of privacy compared to the one presented here.)
10. Because others might find it, this slightly increases your accessibility
11. For more information on formative factors, see for example Diamantopulous et al. (2008).
12. Interestingly, Burgoon herself was a proponent of the privacy as control paradigm.
13. If you should know a better term than audience size, please let me know.
14. Output refers to all the things you’re emanating and that others can process. Input means the opposite. Take a mirrored glass for example. If you’re on the side or the mirror, your input is reduced because you cannot see what’s happening outside. Sometimes that’s exactly what you want, because you have privacy to focus on yourself. If you’re on the opposite side, your output is reduced because others cannot see you and what you’re doing. So there are always two ways of assessing accessibility.