Abstract
Computer programs are used to obtain and store information about the online activities of users of the web. Many people are concerned about this practice because they believe that it can violate users' rights to privacy or result in violations of them. This belief is based on the assumption that the information obtained and stored with the use of the programs includes personal information. My main aim in this paper is to argue that this assumption is false. I discuss the import of this result for computer ethics. If my thesis is correct, using the programs cannot violate a person's right to privacy and cannot result in violations of a right to privacy. Nevertheless it is prima facie morally wrong because, as I explain, it encourages people to perform actions that diminish the well-being of others. I discuss the implications of my thesis for the obligations of online businesses with regard to the relevant information.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Notes
I assume that obtaining information can violate a person’s right to privacy only if the information is personal information–information about a particular person. Judith Jarvis Thomson contends that this assumption is false (1975, p. 307). In support of her position, she describes a case in which a man a is making puff pastry in his kitchen at midnight and another person b spies on a to find out how to make puff pastry. b violates a’s right to privacy.
How is this case supposed to show that personal information is not required for a violation of the right to privacy? Thomson’s reasoning is presumably this: how to make puff pastry is not personal information. It is not about a particular person. It is impersonal information. If b’s obtaining this information or b’s obtaining it by spying on a violates a’s right to privacy, then the violation does not require that the information be personal information.
Thomson’s reasoning is mistaken. She does not consider the possibility that how to make puff pastry is not the only information b obtains when he spies on a. b also obtains certain personal information. The personal information is how a makes puff pastry. It could be that b’s obtaining the personal information is what violates a’s right to privacy. Moreover, it could be held that in this case, b’s acquiring information about how a makes puff pastry is necessary for his acquiring the information about how to make puff pastry. For the way in which b obtains the impersonal information—how to make puff pastry—is by obtaining personal information about a—how a makes puff pastry. b obtains this personal information by seeing a and a’s actions. b obtains information about how to make puff pastry by abstracting a’s actions from a—by thinking of them as actions that anyone could perform.
Whenever I say that a singular term refers to or denotes an object, I mean that it refers to or denotes an object relative to a context of use. If the relativization to a context is not explicitly mentioned, it should be understood.
‘Denoting’ applies to a relation between a definite description and an object. A definite description denotes an object relative to a context of use if and only if the object is the only one that has the property or properties specified in the description. ‘Referring’ applies to a relation between a singular term and an object. A singular term refers to an object relative to a context of use if and only if it simply designates the object.
A singular term just is an expression that can be used to denote or refer to an object. Some examples of singular terms are proper names, indexicals, and definite descriptions.
My explanation of the visual identification of an object was suggested by Dretske’s definition of ‘nonepistemic seeing’ in 1969 (p. 20).
By ‘a signal’, Dretske means an event, condition, or state of affairs (p. 43).
By ‘the user’, I mean the person who uses the website, the person who engages in the online activity. I do not mean the entity that uses the computer program. I will refer to that entity as ‘the business’ even though it does not have to be a business. It can be an organization or an institution.
This example is the result of modifying one that Donnellan gives in (1966).
Social Security is a US government program that pays benefits to retirees, survivors of deceased workers, and disabled persons. A Social Security number is a number that the government assigns to each US citizen and to some others. The Social Security number that is assigned to a person is supposed to be unique to him. The government uses the number to identify him in collecting Social Security taxes and paying benefits. The fact that it uses the number in this way does not, of course, mean that the account record contains personal information.
Some laws of nature, for example, Kepler’s laws of planetary motion, do not look like generalized conditionals. But they can be construed as such. Take Kepler’s laws, which ostensibly refer to the sun. They can be re-expressed as generalized conditionals and interpreted as being about any object that has a certain property, the property being one that the sun has.
‘/’ here has the same use as a corner in Cohen and Meskin’s definition.
Staples is a business that sells office supplies.
Target is business that sells a wide variety of items at low prices.
(B1) is latent in the privacy policies of many businesses, organizations, and institutions.
There are good reasons to think that (B2) is widely held. Article 13 of the GDPR (2016) implies (B2). Privacy policies of businesses typically make a point of telling users how the information will be used. In addition, the laws of some states require that businesses fulfill the (B2) obligation. See “State Laws Related to Internet Privacy” (2018).
This belief is implied by Article 6 of the GDPR (2016). The GDPR allows for certain exceptions to its consent requirement. This is consistent with the fact that the obligations in (B1)–(B5) are prima facie obligations.
This belief is expressed in the GDPR (2016), recital 39.
This belief is expressed in the GDPR (2016), recital 39.
The point just made in the text is about a business, not the owner of the business. Everyone agrees that the owner of a business does not have to tell the business’s customers how he will use their payments because he has a right to privacy. What is at issue is the business’s obligation to its customers. The business does not have a right to privacy.
The garage might be owned by a big corporation that sells shares to the public. Such an entity has an obligation to make known to the public how it uses its revenue. This does not show that it has an obligation to make known to its customers how it uses its revenue. The information about use of its revenue should be made known to the public so that people contemplating investing in the company can make an informed decision. They must have the information because if they buy shares, they will become part owners of the company, who by virtue of that relation to it will have a say in how it is run.
A PAC is a political action committee. It is an organization that collects contributed money and uses it to support a candidate or a particular position on a political issue.
References
Behavioral advertising across multiple sites. (2009, October 27). cdt. Retrieved November 13, 2018, https://cdt.org/insight/behavioral-advertising-across-multiple-sites/.
Cameron, D. (2013, August 22). How targeted advertising works. The Washington Post. Retrieved November 3, 2018. https://www.washingtonpost.com/apps/g/page/business/how-targeted-advertising-works/412.
Cohen, J., & Meskin, A. (2006). An objective counterfactual theory of information. Australasian Journal of Philosophy,84(3), 333–352.
Donnellan, K. (1966). Reference and definite descriptions. The Philosophical Review,75(3), 281–304.
Dretske, F. I. (1969). Seeing and knowing. Chicago: The University of Chicago Press.
Dretske, F. I. (1981). Knowledge and the flow of information. Cambridge, MA.: The MIT Press.
Eichelberger, L. (1997–2014). The cookie controversy. Introduction. Cookie Central. Retrieved October 30, 2018, from www.cookiecentral.com/ccstory/cc7htm.
Geary, J. (2012, April 23). Tracking the trackers: What are cookies? An introduction to web tracking. The Guardian. Retrieved October 28, 2018, from https://www.theguardian.com/technology/2012/apr/23/cookies-and-web-tracking-intro.
General Data Protection Regulation, GDPR. (2016). General data protection regulation (GDPR)--Final Text. Intersoft Consulting. Official Journal of the European Union. Retrieved November 26, 2018, from https://gdpr-info.eu/.
Hackett, R. (2015, March 27). How much do data breaches cost companies? Shockingly little. Fortune. Retrieved November 12, 2018, from https://fortune.com/2015/03/27/how-much-do-data-breaches-actually-cost-big-companies-shockingly-little/.
Loewer, B. (1983). Information and belief. Behavioral and Brain Sciences,6(1), 75–76.
Nagel, E. (1961). The structure of science. New York: Harcourt, Brace & World Inc.
State laws related to internet privacy. (2018, September 24). NCLS. Retrieved November 18, 2018, from www.ncls.org/research/telecommunications-and-information-technology/state-laws-related-to-internet-privacy.aspx.
The data brokers: Selling your personal information. (2014). CBS News. CBS Interactive Inc. Retrieved November 17, 2018, from https://cbsnews.com/news/the-data-brokers-selling-your-personal-information/.
Thomson, J. J. (1975). The right to privacy. Philosophy & Public Affairs,4(4), 295–314.
Webwise Team. (2012, October 10) Cookies on the BBC website. BBC. Retrieved October 28, 2018, from, www.bbc.com.
What are internet cookies. (2018). Hotspot Shield. Anchor Free Inc. Retrieved November 24, 2018, from https://www.hotspotshield.com/resources/what-are-internet-cookies.
What is a cookie and why is it important? (n.d.) BigCommerce. Retrieved October 30, 2018, from https://www.bigcommerce.com/ecommerce-answers/what-cookie-and-why-it-important/.
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Price, M.S. Internet privacy, technology, and personal information. Ethics Inf Technol 22, 163–173 (2020). https://doi.org/10.1007/s10676-019-09525-y
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10676-019-09525-y