Chilling effects and transatlantic privacy

Can the European and American privacy divide be bridged? Bilyana Petkova, in this issue, offers compelling reasons to be sceptical. One recent solution, advanced by Pierluigi Perri and David Thaw, is that common concerns about chilling effects can bridge that divide. However, their discussion of chilling effects was narrow and their analysis limited to procedural transatlantic convergence. This essay explores this idea with a more systematic and sustained discussion of chilling effects theory and research, while arguing that chilling effects does, in fact, provide possibilities for substantive transatlantic privacy. I argue that “chilling effects” is often treated as an ahistorical singular idea but there are, in fact, three separate paradigms of chilling effects theory, research and understanding: (1) speech; (2) privacy and autonomy; and (3) collectivist. I set out each and argue that the conceptualisation of chilling effects exemplified by the second paradigm—focused on privacy‐related chilling effects—offers a shared normative and theoretical foundation to bridge the transatlantic privacy divide. I also explore how new chilling effects theory and research can impact substantive and procedural transatlantic privacy efforts, including re‐thinking consent; empowering stronger judicial enforcement of privacy claims; and balancing competing claims in substantive proposals like the Right to be Forgotten (RTBF).     

Open-source intelligence and privacy by design

As demonstrated by other papers on this issue, open-source intelligence (OSINT) by state authorities poses challenges for privacy protection and intellectual-property enforcement. A possible strategy to address these challenges is to adapt the design of OSINT tools to embed normative requirements, in particular legal requirements. The experience of the VIRTUOSO platform will be used to illustrate this strategy. Ideally, the technical development process of OSINT tools is combined with legal and ethical safeguards in such a way that the resulting products have a legally compliant design, are acceptable within society (social embedding), and at the same time meet in a sufficiently flexible way the varying requirements of different end-user groups. This paper uses the analytic framework of privacy design strategies (minimise, separate, aggregate, hide, inform, control, enforce, and demonstrate), arguing that two approaches for embedding legal compliance seem promising to explore in particular. One approach is the concept of revocable privacy with spread responsibility. The other approach uses a policy mark-up language to define Enterprise Privacy Policies, which determine appropriate data handling.     

Disentangling privacy from property: toward a deeper understanding of genetic privacy

With the mapping of the human genome, genetic privacy has become a concern to many. People care about genetic privacy because genes play an important role in shaping us--our genetic information is about us, and it is deeply connected to our sense of ourselves. In addition, unwanted disclosure of our genetic information, like a great deal of other personal information, makes us vulnerable to unwanted exposure, stigmatization, and discrimination. One recent approach to protecting genetic privacy is to create property rights in genetic information. This Article argues against that approach. Privacy and property are fundamentally different concepts. At heart, the term "property" connotes control within the marketplace and over something that is disaggregated or alienable from the self. "Privacy," in contrast, connotes control over access to the self as well as things close to, intimately connected to, and about the self. Given these different meanings, a regime of property rights in genetic information would impoverish our understanding of that information, ourselves, and the relationships we hope will be built around and through its disclosure. This Article explores our interests in genetic information in order to deepen our understanding of the ongoing discourse about the distinction between property and privacy. It develops a conception of genetic privacy with a strong relational component. We ordinarily share genetic information in the context of relationships in which disclosure is important to the relationship--family, intimate, doctor-patient, researcher-participant, employer-employee, and insurer-insured relationships. Such disclosure makes us vulnerable to and dependent on the person to whom we disclose it. As a result, trust is essential to the integrity of these relationships and our sharing of genetic information. Genetic privacy can protect our vulnerability in these relationships and enhance the trust we hope to have in them. Property, in contrast, by connoting commodification, disaggregation, and arms-length dealings, can negatively affect the self and harm these relationships. This Article concludes that a deeper understanding of genetic privacy calls for remedies for privacy violations that address dignitary harm and breach of trust, as opposed to market harms, as the property model suggests.