Gartner Blog Network

A Right to Privacy? Really?

by Andrew Walls  |  May 7, 2012  |  3 Comments

On a regular basis I find myself perplexed by someone asserting that they have a ‘right’ to something. This is particularly the case when someone tells me that they have a right to privacy. What on earth do they mean?

I am not the first to ask this question and many different (and often conflicting) answers have been offered. A right to maintenance of confidentiality over personal data, the right to be left alone, etc. These are all potentially useful definitions of this particular right, but what appears to be missing – IMHO – is an acknowledgement that rights are constructed by society. Rights do not have an existence outside of a social context. Different human cultures define rights in different ways, drawing on religion, culture and environmental drivers to construct baseline statements or principles regarding the privileges of individuals and/or groups.

I find the right to privacy (however it is defined) particularly odd. Humans are social animals. We congregate in groups and erect complex cultures and social structures. Social interaction is based on the exposure and sharing of personal data. All of that personal data that many of us consider private (such as your birth date, favorite color, etc.) is known by many people, only some of which we know and can control through some sort of culture-based behavioral expectation. A lot of people tell me that the growth of IT has spurred the public outcry around privacy because IT makes personal information accessible to people and organizations that we do not personally know and with whom we do not share a cultural basis for management of behavior. The security analyst in me, translates this to “we used to have security through obscurity (difficulty of getting access to personal data), but now the obscurity has been removed.”

This makes sense to me. As the use case changes so must the controls we apply. If we are to enable innovation without engaging in undue privacy risks, we need to develop new security approaches to replace the obscurity that we once enjoyed. But let’s not kid ourselves. The right to privacy under discussion also is changing as people are alternately repulsed by and attracted to the power of new IT service delivery options.

Rights are fluid and dynamic. Their meanings change across time and cultures and (here’s the part that drives IT security investment) the policies and laws written to define and enforce these rights will experience continual change. The end result is that your privacy and data protection program can never rest.


Tags: privacy  security  

Andrew Walls
Research Director
5 years at Gartner
35 years IT industry

Andrew Walls is a research director in Gartner Research, where he specializes in information security practices, tools and markets in social media, enterprise governance, awareness/communications, directories, investigations and security program management. ...Read Full Bio

Thoughts on A Right to Privacy? Really?

  1. shreyas dutta says:

    i think privacy is the sole responsibility of an individual and no one else. different people have different definitions of privacy and similarly privacy in these days has dual standards; one in the real world and one in the virtual world.

  2. Jude says:

    “Rights are fluid and dynamic” – Well said, Andrew. IMHO, Human beings are highly dynamic and adaptable creatures, hence constant change is the norm. No point in trying to use IT systems to ossify something that is intrinsically fluid.

Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.