A Taxonomy of Privacy
posted by Daniel Solove
My article, A Taxonomy of Privacy, 154 U. Pa. L. Rev. 477 (2006), has recently been published. I have replaced an earlier draft of the article from over a year ago on SSRN with a copy of the final published version. This article is my attempt to provide a framework for understanding the concept of privacy. A diagram of my framework is above. From the abstract:
Privacy is a concept in disarray. Nobody can articulate what it means. As one commentator has observed, privacy suffers from “an embarrassment of meanings.” Privacy is far too vague a concept to guide adjudication and lawmaking, as abstract incantations of the importance of “privacy” do not fare well when pitted against more concretely stated countervailing interests.
In 1960, the famous torts scholar William Prosser attempted to make sense of the landscape of privacy law by identifying four different interests. But Prosser focused only on tort law, and the law of information privacy is significantly more vast and complex, extending to Fourth Amendment law, the constitutional right to information privacy, evidentiary privileges, dozens of federal privacy statutes, and hundreds of state statutes. Moreover, Prosser wrote over 40 years ago, and new technologies have given rise to a panoply of new privacy harms.
A new taxonomy to understand privacy violations is thus sorely needed. This Article develops a taxonomy to identify privacy problems in a comprehensive and concrete manner. It endeavors to guide the law toward a more coherent understanding of privacy and to serve as a framework for the future development of the field of privacy law.
This article is my latest stab at attempting to provide a coherent and comprehensive new understanding of the concept of privacy. In an earlier article, Conceptualizing Privacy, 90 Cal. L. Rev. 1087 (2002), I critiqued the numerous attempts by many others to articulate the concept of privacy. The gist of my criticism was that most attempts to conceptualize privacy go astray because they attempt to find a common denominator in all things we deem as implicating “privacy.” I suggested that privacy must be understood contextually, and that it consists of a multitude of different yet related things. But I left open a very important question — just what are those different yet related things? My new article, A Taxonomy of Privacy, builds on this argument and provides a taxonomy of what these different yet related things are.
UPDATE: I’ve updated and expounded much further on the taxonomy in my new book, UNDERSTANDING PRIVACY (Harvard University Press 2008).
March 21, 2006 at 12:17 am
Posted in: Articles and Books, Privacy
Print This Post
Responses (2)
YaleOneL - March 22, 2006 at 1:44 am
Came across an interesting Note that the Yale Law Journal published this month on the third party doctrine. The Note makes an interesting doctrinal proposal and introduces some new terms and concepts. It expands upon some of Solove’s ideas discussed in the Taxonomy piece and other articles:
http://www.yalelawjournal.org/abstract.asp?id=534
Sini Ruohomaa - January 26, 2010 at 4:17 am
I wandered in here via a tip-off from Bruce Schneier’s CRYPTO-GRAM, and this turned out to be a quite interesting and nicely written paper. I’m a non-US computer scientist, so I don’t read a whole lot of law articles, but I couldn’t let go of this one.
While this paper discusses privacy of individual people, we’ve been facing challenges in the rights of organizations to control information produced by and about themselves, also referred to as “privacy” of enterprises. For example in the context of inter-enterprise collaborations over the Internet, there’s a definite need for somehow representing reputation information and support real-world trust relationship forming through computational means. (Of course, whenever fluffy “people terminology” is being introduced to computer science, there’s a lot of wild pruning going on as to what aspects of a concept are modeled and what not.)
This brings up issues such as whether it’s possible to share experience information about other organizations (particularly negative ones) to serve as a warning to other possible collaborators/victims, without being legally attacked for defamation. Also, it is unclear how actual distortion should be detected and protected against. The current-day reputation systems such as eBay’s seller ratings are not going to cut it – private, pseudonymous users doing “revenge negatives” to users rating them negatively is peanuts compared to when a large organization decides to bash back on a smaller one.
In any case, thanks for the food for thought.
Leave a Reply