The suggestion is [sometimes] advanced that a person has a right to both exclusive ownership and unique control/use of her private information and that she must be treated differently from a mere packet of information….[But] a person, a free and responsible agent, is after all a packet of information.

Privacy is nothing less than the defence of the personal integrity of a packet of information, the individual; and the invasion of an individual’s informational privacy…is…a disruption of the information environments that it constitutes. The violation is not a violation of ownership, of personal rights…but a violation of the nature of information itself.

                                                                                    Luciano Floridi, 1999, 53

In these passages, Floridi puts forth a provocative theory of informational privacy. For one thing, it shifts the locus of a violation of privacy from conditions tied to an agent’s personal rights involving control and ownership of information to conditions affecting the information environment which the agent constitutes. In his 1999 essay, Floridi claims that the concept of privacy is not well theorized by the standard macroethical theories used in computer ethics (CE), such as utilitarianism, and that privacy should instead be analyzed from the perspective of his new macroethical theory of Information Ethics (IE). Conspicuously missing in that essay, are answers to three key questions: (1) Which information entities (or “information packets”) warrant privacy protection? (2) Why do they warrant privacy protection? (3) When, exactly, does a privacy violation involving an information entity occur (in the “infosphere”)?

In two later essays (Floridi, 2005; forthcoming), he returns to his analysis of the concept of privacy. In these papers, he provides a much more systematic and comprehensive examination of the concept. He also articulates and defends a new privacy theory – the ontological theory of informational privacy. However, explicit answers to the three questions that arise in his 1999 essay are still not provided in the later essays on privacy. The purpose of the present paper is to examine these (and related) questions vis-à-vis Floridi’s ontological theory of informational privacy.

This paper is organized into four main parts. In Part I, I present a brief synopsis of Floridi’s (overall) theory of IE in order to provide the crucial context required for understanding his discussion of privacy issues affecting the “infosphere.” I do not offer a defense of Floridi’s IE theory in this paper; instead, my objective here is merely to describe and (attempt to) elucidate some of the key foundational concepts that underpin his ontological theory of privacy.

In part II, I examine Floridi’s definition of informational privacy as a “function of the ontological friction of the infosphere.” This part of my essay also includes an analysis of his account of the 2P2Q Hypothesis and of the distinction he draws between “pre-digital ICTs” and “digital ICTS,” as they relate to informational privacy in the infosphere. Also considered in this part of the essay is Floridi’s critique of the “reductionist” and the ownership-based accounts of privacy, which he views as two alternative, but inferior, theories of informational privacy.

In Part III, I describe what I take to be some of Floridi’s insights regarding the concept of privacy. For example, I agree with his claim that the “problem of privacy in public” (Nissenbaum, 1998) can be handled better by his ontological theory of privacy than by most traditional privacy theories. But I also argue that this particular problem is better handled by an alternative theory of privacy that I refer to as the Restricted Access – Limited Control theory, which builds on a theory of privacy advanced by Moor (1997).

In Part IV, I show that the ontological theory of privacy, despite its insights, needs to resolve two key issues before it can be considered a fully adequate theory of privacy. In particular, it needs to address key features found in classic distinctions between: (a) descriptive privacy and normative privacy, and (b) accessibility privacy and informational privacy. In its present form, Floridi’s ontological theory of privacy tends to collapse the distinction between descriptive and normative privacy by failing to distinguish between a loss of privacy and a violation of privacy regarding information entities in the infosphere. In fact, it would seem that on Floridis account, every loss of privacy is, by definition, a violation of privacy. It is a violation in the sense that it “disrupts” the infosphere. Elsewhere (Author, 1999, 2007), I have argued that an adequate theory of privacy must distinguish between one’s merely losing privacy (in a descriptive sense) in contexts that are not normatively protected vs. having one’s privacy violated (i.e., in a normative sense) in contexts or situations that have been established as “normatively private.”

Floridi’s theory also tends to collapse a distinction between accessibility privacy and informational privacy, despite his explicit attempt to separate the two categories. Traditionally, accessibility privacy has referred to privacy intrusions that affect a person’s physical space (i.e., a spatial zone) or a person’s physical affects, such as one’s house, papers, and so forth. Informational privacy, on the other hand, is often described in non-physical terms, where one wishes to have some control over information about oneself.   Floridi claims that each individual is constituted by his or her information and that we can thus understand a “breach of one’s informational privacy” as “a form of aggression towards one’s personal identity” (2005, 194). He goes on to note that an agent

is her or his information. ‘My’ in ‘my information’ is not the same as ‘my’ in ‘my car’ but rather the same as ‘my’ as in ‘my body’ or ‘my feelings’; it expresses a sense of constitutive belonging, not of external ownership, a sense in which my body, my feelings, and my information are part of me but are not my (legal) possessions (2005, 195, italics Floridi’s).

In this sense, then, Floridi’s earlier distinction between informational privacy and accessibility privacy (1999, 52; cf. 2005, 86) appears to break down.

Finally, I propose a suggestion that Floridi might consider in any future revisions to his privacy theory. I suggest that he consider constructing his theory more along the lines of an interest-based vs. a right-based conception of privacy. Floridi (forthcoming, 7) argues that the ontological theory of privacy, which equates privacy protection to the protection of personal identity, considers privacy to be a “fundamental and inalienable right” (Italics mine). Does it make sense to ascribe “inalienable rights” to information entities? Perhaps if Floridi’s account were to view privacy as a kind of interest that agents have, versus a right that they enjoy (or should enjoy), it would have a slightly less controversial rationale for granting privacy protection to information entities. To say that information entities have an interest in having their information packets protected may be easier to defend than a view that ascribes a full-blown right to privacy (or any rights, for that matter) to information entities.

References

Floridi, Luciano (1999). “Information Ethics: On the Philosophical Foundations of Computer Ethics,” Ethics and Information Technology, Vol. 1, No. 1, pp. 37-56.

Floridi, Luciano (2005). “The Ontological Interpretation of Informational Privacy,” Ethics and Information Technology, Vol. 1, No. 1, pp. 185-200.

Floridi, Luciano (in press). “Four Challenges for a Theory of Informational Privacy,” Ethics and Information Technology.

Moor, James H. (1997). “Towards a Theory of Privacy in the Information Age,” Computers and Society, Vol. 27, No. 3, pp. 27-32.

Nissenbaum, Helen (1998). “Protecting Privacy in an Information Age: The Problem of Privacy in Public,” Law and Philosophy, Vol. 17, pp. 323-333.

Warren, Samuel and Louis Brandeis (1890). “The Right to Privacy,” Harvard Law Review, Vol. 193, No. 4.

In fairness to Floridi, the principal objective of the 1999 essay was to lay the foundation for his theory of IE. What he happens to say there about privacy is discussed briefly at the end of the essay in order to show why many micoethical issues in CE, including privacy, are not well served by standard macroethical theories such as consequentialism and deontology. For example, he notes that privacy, which affects “patients” rather than “actions,” is not well theorized by the standard ethical theories.

Floridi goes on to note that this “friction” is “a function of the force that opposes information flow within the space of the infosphere.”

The acronym “2P2Q” refers to Processing, Pace, Quantity, and Quality, as these notions pertain to privacy concerns. Floridi believes that his own account is not only compatible with 2P2Q, but is also superior to it.

Floridi notes that that while older or pre-digital ICTs have tended to “reduce the ontological friction” and hence the informational privacy of the infosphere, newer or digital ICTs can increase informational privacy in so far as they “re-ontologize the very nature of the infosphere.”

See my account of the RALC (Restricted Access – Limited Control) theory of privacy (Author, 2007).

See, for example, Moor (1997).

Floridi (1999, 52; 2005, 186) draws some distinctions between informational privacy and accessibility privacy. He also shows how the latter can be distinguished from decisional privacy.

Accessibility privacy is sometimes associated with the view of privacy defined as “being let alone.” See, for example, the seminal article by Warren and Brandeis (1890).

For a more detailed account of this distinction, see Author (2007).

Of course, Floridi could construct an argument based on “agency” to show why information entities, as moral agents, deserve a right to privacy protection. He may have done so elsewhere; but such an argument is not presented in any of the three essays by Floridi considered in this paper.