“the publicness of any particular information does not in and of itself mean that it escapes information privacy law.”

Yes, I’m not disputing that.

Thank you for your comments. No offense taken.

I should explain that I’ve been engaged in a lot of dialogues lately which I think expose a systemic misunderstanding of privacy *law* by technologists. The Google wifi example is obviously front and centre there. So I took some of the points in your blog and without knowing if you were supporting the views or just mentioning them, I used the points to advance my thesis. I only mentioned Google to sharpen my point, not to join you to that issue in any way. No offence intended!

I don’t think secondary usage should be prohibited. I just want technologists to recognise that privacy law is actually very clear on Collection and on Use & Disclosure. You might not be saying otherwise … but the publicness of any particular information does not in and of itself mean that it escapes information privacy law.

Your blog opened with a line about technologsts seeing a simple distinction, and I merely used that as a jumping off point for my argument that that particular distinction is unhelpful. In fact, it betrays a category error that makes it difficult for technologists to engage in the privacy debate. My thesis is that technologists and privacy policy wonks have very different frames of reference.

Again, sorry to have used your blog as a platform!

Cheers,

Stephen.

You make some good points, but let me clarify a couple of things.

Firstly, my article is absolutely not about whether or not making data more public is a violation of the law. Rather, it is about whether or not it is a violation of users’ expectations. You can have a privacy disaster even if you are perfectly compliant with information privacy law. That is largely the setting that I’m concerned with.

You say,

“The public-private dichotomy is intractable, and technologists should learn to avoid it altogether.” You also say that all secondary uses of data are, or should be, prohibited.

I think that is just silly. Today’s web would simply cease to exist without the secondary usage of data. (If the law prohibits it, then it will be worked around.) Far from avoiding the public-private distinction, it is crucial for technologists to learn to navigate it.

Finally, nobody is arguing that it was OK for Google to collect WiFi data. Bringing that up is a red herring and is counterproductive.

Obviously there are shades of grey in gauging identifiability, but it’s a much more tangible and measureable quality than ‘publicness’. As you say there are “entire philosophical theories devoted to understanding what one can and cannot do with public data in different contexts”. That is, the public-private dichotomy is intractable, and technologists should learn to avoid it altogether.

Technologists need to understand this: Most information privacy law prohibits the collection of personal information without a good reason or consent, and the arbitrary secondary use of information collected for an original purpose. These principles are basically blind to whether the source data is “public” or “private”. So a whole lot of personal information might be available in “public” over open wifi networks, but it does not follow that Google and others may collect that information and do with it as they like.

The fact that information privacy law doesn’t care if information is “public” might be counterintuitive to many technologists, but that’s they way the law is. And ignorance of the law is no excuse!

Stephen Wilson, Lockstep, Australia.

I really believe there is a difference between some data being available and somebody go around publishing it.

Doesn’t ‘publish’ originally mean actively go around distributing information (witch is quantifiable)? That seems different than passively giving access to data.

Is a conversation between two people at the shopping mall, public or private?

In life, we develop a construct of privacy. We create our expectations and we adjust ourselves to situations by lowering our voice or raising the music. Technology, on the other hand, evolves more rapidly than our ability to change our behavior. We still “expect” an email to be private. We “expect” that our IRC conversations are not “overheard”.

I don’t deny that our “public” information can be useful for commercial or scientific purposes. What is often lacking is the knowledge that our information in a certain situation CAN be “searched, archived, and distributed beyond the expected audience” before we expose the information.

As information sharing is linked to many revenue models, it is often protected (poor Pete), not clearly stated and often hidden in the fine prints of a ten-page policy.

Good luck with the model.