'Code' and Privacy - Or How Technology is Slowly Eroding Privacy
Ronald E. Leenes
Tilburg Institute for Law, Technology, and Society; Tilburg Law School
Tilburg University - Tilburg Institute for Law, Technology, and Society (TILT)
ESSAYS ON THE NORMATIVE ROLE OF INFORMATION TECHNOLOGY, T.M.C. Asser Press, The Hague, Netherlands, 2005
Reidenberg and Lessig have called attention to software 'code' increasingly being used to supplement, or even replace, traditional legal code as a mechanism to control behaviour. This idea of 'code as law' is often illustrated with examples in intellectual property and freedom of speech; the relationship with 'code' and privacy has so far received less attention.
In this paper, Leenes and Koops explore the impact of technology on privacy to see to what extent privacy-related 'code' is used, either to undermine or to enhance privacy. In other words, are privacy-affecting norms being embedded in technology? On the basis of eight case studies in the domains of law enforcement, national security, E-government, and commerce, they conclude that technology, in particular software and the Internet architecture, rarely incorporates specific privacy-related norms. The few existing exceptions concern building-in an option of privacy violation, such as interceptability of telecommunications. At the same time, however, technology very often does have clear effects on privacy as it affects the 'reasonable expectation of privacy'. In real-life applications, this influence is usually to the detriment of privacy: It makes privacy violations easier. Particularly information technology turns out to be a technology of control, much more than a technology of freedom. Privacy-enhancing technologies (PETs) have been devised and propagated, but they have yet to be implemented on any serious scale. The eroding effect of technology on privacy is a slow, hardly perceptible process. Because of the flexible, fluid nature of what is deemed privacy, society gradually adapts to new technologies and the privacy expectations that go with it. If one is to stop this almost natural process, a concerted effort is called for, possibly in the form of 'privacy impact assessments', enhanced control mechanisms, and awareness-raising.
This paper is based on a conference paper presented at a conference on Code as code, at the Institute for Information Law of the University of Amsterdam, in July 2004. It is a draft version of a chapter in L.F. Asscher (ed.), Coding Regulation. Essays on the normative role of information technology, that is to be published in the Information Technology & Law Series (IT&Law Series) by T.M.C. Asser Press, The Hague, Netherlands, 2005.
Number of Pages in PDF File: 60
Keywords: Privacy, Technology, Internet, Code as Law, Privacy Enhancing Technologies
JEL Classification: K10, K39, K42, I28, D63, D72, D78
Date posted: February 4, 2005