Saturday, November 8, 2008 - The Progress & Freedom Foundation Blog

Book Review: Solove's Understanding Privacy

Solove Understanding Privacy book coverWith the publication of Understanding Privacy (Harvard University Press 2008), George Washington University Law School professor Daniel J. Solove has firmly established himself as one of America's leading intellectuals in the field of information policy and cyberlaw. Solove had already made himself a force to be reckoned with in this field with the publication of important books like The Future of Reputation: Gossip, Rumor, and Privacy on the Internet (Yale University Press 2007), The Digital Person: Technology and Privacy in the Information Age (NYU Press 2004) and his treatise on Information Privacy Law with Paul M. Schwartz of the Berkeley School of Law (Aspen Publishing, 2d ed. 2006). But with Understanding Privacy, Solove has now elevated himself to that rarefied air of "people worth watching" in the cyberlaw field; an intellectual -- like Lawrence Lessig or Jonathan Zittrain -- whose every publication becomes something of an event in the field to which all eyes turn upon release.

Like those other intellectuals, however, my respect for their stature should not be confused with agreement with their positions. In fact, my disagreements with Lessig and Zittrain are frequently on display here and, we have been critical of Solove here in the past as well. [Here's Jim Harper's review of Solove's last book, with which I am in wholehearted agreement.] In a similar vein, although I greatly appreciate what Prof. Solove attempts to accomplish in Understanding Privacy -- and I am sure it will change the way we conceptualize and debate privacy policy in the future -- I found his approach and conclusions highly problematic.

Let me begin by summarizing Solove's bold objective in Understanding Privacy. In the book, he attempts "to set forth a theory of privacy that will guide our understanding of privacy issues and the crafting of effective laws and policies to address them." (p. 2) Solove's "pragmatic" proposal to rethink privacy requires us to abandon the ways we have traditional thought about it. He begins by rightly noting that privacy has long been a "conceptual jungle" (p. 196) and a "concept in disarray." (p. 1) "[T]he attempt to locate the 'essential' or 'core' characteristics of privacy has led to failure," he says. (p. 8)

Consequently -- and this is what make's his approach so unique and important -- Solove's proposal to rethink privacy begins with a call to abandon the entire philosophical exercise of trying to tie privacy rights to some "common denominator" (p. 8) since "Nobody can articulate what it means." (p. 1) Actually, what he really means to say is that plenty of theorists can articulate what it means, it's just that there is rarely any strong consensus about what justifies a particular theory of privacy. Indeed, in Chapter 2, he walks the reader through a half-dozen "conceptions of privacy" and illustrates how each has intellectual weaknesses and suffers from over- and under-breadth problems in terms of what it types of privacy it protects.

More importantly, according to Solove, not only has the effort "to locate the 'essence' of privacy" failed, but there is never any hope of it succeeding. Instead of continuing the futile search for such a grand, unified theory of privacy, Solove says we should tackle privacy issues from the "bottom up" by looking to "solve certain problems" (p. 75) The key to making it all work, he says, is "balancing":

Because privacy conflicts with other fundamental values, such as free speech, security, curiosity, and transparency, we should engage in a candid and direct analysis of why privacy interests are important and how they ought to be reconciled with other interests. We cannot ascribe a value to privacy in the abstract. The value of privacy is not uniform across all contexts. We determine the value of privacy when we seek to reconcile privacy with opposing interests in the particular situations. (p. 87)

It is tempting to applaud Solove's attempt to unhinge privacy from any "common denominator" and instead get more concrete about how to work through the details of practical privacy problems. After all, it is easy to get frustrated with some modern theories of privacy that have been tied up with amorphous, warm-and-fuzzy terms like "personhood" and "intimacy." The inherent subjectivity of some of those terms makes it challenging to derive bright-line principles and tests to help craft law or resolve privacy disputes when they come before the courts.

But I believe there are serious problems with any attempt to completely divorce privacy policy from a theory of rights or justice. In my opinion, you can't just dynamite all conceptual frameworks to the ground; value judgments will persist and references to rights theory will always be required. Even Solove's pragmatic, bottom-up approach is value-laden; he just doesn't acknowledge it. The majority of privacy controversies he attempts to work through in Chapter 5's ambitious 16-part "Taxonomy of Privacy" mostly end up coming down in favor of taking stronger steps (i.e., rules, regulations, lawsuits, etc) to enhance privacy rights. He clearly has a bias in favor of enhancing and extending privacy rights relative to many other rights, but he doesn't bother grounding it in any substantive theory of rights or justice.

Simply stated, even though Solove claims he can construct a new paradigm based strictly on a "pragmatic," utilitarian, "problem-solving" approach, there is just no getting around the fact that, at some point, you are going to have to provide a more robust theory of rights or justice to explain why one right trumps another.

For example, let's consider the frequent clash between privacy and free speech rights. As any casual reader of this blog knows, I feel quite passionately about the First Amendment and free speech rights. And, in all but the most extreme cases or circumstances, I will argue that speech rights should trump privacy rights. When would speech rights not trump privacy rights? For me, that would only occur when a clear, quantifiable harm resulted from the speech. But what is "clear, quantifiable harm"? Reputation, for example, is not something one can easily quantify the loss of. When a company or a government agency loses or sells your personal health records without permission, however, that privacy violation gets a little more quantifiable. And in the case of someone stealing your personal information to engage in identity theft, the harm becomes still more quantifiable. But those cases often involve monetary damages, whereas something like defamation is much more difficult to quantify. However, when considering privacy-vs.-free speech trade-offs, I would first look to identify and quantify to concrete harm to an individual before allowing the state to curtain freedom of speech.

Solove acknowledges these privacy-speech trade-offs and cites the work of scholars like Eugene Volokh, Fred Cate, Virginia Postrel, and Solveig Singleton, who have all discussed these problems in their work. Volokh, for example, wrote an incredibly important 2000 law review article entitled, "Freedom of Speech, Information Privacy, and the Troubling Implications of a Right to Stop People from Speaking About You." As he pointed out in that piece:

The difficulty is that the right to information privacy -- the right to control other people's communication of personally identifiable information about you -- is a right to have the government stop people from speaking about you. And the First Amendment (which is already our basic code of "fair information practices") generally bars the government from "control[ling the communication] of information," either by direct regulation or through the authorization of private lawsuits.

Without reference to some higher set of first principles or theory of rights / justice, I believe it is very difficult to sort through thorny problems like these. We need to know how and when one right trumps another. A theory of rights that focuses on avoiding direct, tangible harm to others -- but largely leaves individuals otherwise free to do what they wish -- would generally place speech rights above many privacy "rights" (some of which perhaps should not quality be rights at all). Of course, this more libertarian construction of rights remains quite controversial in our modern society, and there are other theories of rights and justice that would minimize the importance of speech rights relative to privacy.

Importantly, there also needs to be some recognition of the qualitative difference between government threats to privacy versus private threats. The harm that can come from government violations of privacy are generally far more troubling (surveillance, taxation, fines, imprisonment, etc) than potential private harms. I don't think Solove's framework appreciates that distinction.

Regardless of which approach one adopts -- reasoning from first principles, or working from the "bottom up" (a la Solove) -- there will always be fair degree of "balancing" undertaken by legislatures and the courts when crafting privacy policies. Indeed, in many ways, I see Solove's more "pragmatic" approach often getting us to the same point we would find ourselves in if we took a more philosophical, first principles-based approach. It's just that under his approach, he would often give the nod to privacy concerns over other rights whereas others (like me) would first look to enhance other values, especially free speech.

In sum, I believe that if one attempts to divorce the exercise of "understanding privacy" from any theory of rights, inevitably, you end right back in the same "conceptual jungle" you were in before. In that sense, I regret to say that Solove's approach in Understanding Privacy ultimately fails. There's just no escaping a fight over first principles.

But make no doubt about it, Daniel Solove's book -- and his approach to classifying and dealing with privacy problems -- will have a profound impact on all future privacy debates. In that sense, it is a vital text; a must read for all who follow, or engage in, privacy debates.


P.S. Prof. Solove contributed an article to this month's big Scientific American special issue on "The Future of Privacy." Many articles in that issue worth reading.

posted by Adam Thierer @ 7:46 PM | Books & Book Reviews , Privacy