Database Reference
In-Depth Information
19.1.1 The Failure of Access Controls
While privacy and antidiscrimination concerns are derived from different legal
sources, they are commonly cured by a similar remedy - the limitation of data
collection. Discrimination concerns usually focus on distinguishing among
individuals on the basis of particular sensitive attributes (such as gender, ethnic
background, religion, et cetera). Privacy concerns usually focus on the use,
exposure or analysis of identifying attributes (such as name, address, etc.) in
combination with sensitive attributes.
1
Usually the advice to citizens who want to
protect their privacy is not to disclose their personal data. The advice to citizens
who want to protect themselves against discrimination is the same. Data subjects,
i.e., the people the data in databases relate to, may have good reasons not to provide
particular data. For instance, people may consider such information not to be
someone else's business, they may consider disclosure as not improving their
reputation, or they may fear disadvantageous judgments of others about
themselves. Some information may not be considered appropriate for disclosure to
anyone, but more often information may not be considered appropriate for
disclosure to particular people or institutions. For instance, people may want to
share medical information with their physician and their hospital, but not with their
car insurance company, employer or supermarket. People may want to discuss their
sexual preferences with friends, but not with their parents. Such a partitioning of
social spheres is referred to as audience segregation.
2
In short, people may prefer
that others who collect, process, and analyze data have some blanks in their
databases.
Let's focus this argument on privacy issues. From a legal perspective, people
have, to some extent, a right to refuse disclosure of their personal information.
3
Everyone has a right to privacy, according to Article 12 of the Universal
Declaration of Human Rights. What this right to privacy exactly means and
encompasses, is not entirely clear. When it comes to informational privacy
(contrary to, for instance, spatial privacy) a commonly used definition (particularly
in the United States) is that of Alan Westin, who refers to privacy in terms of
control over information.
4
Privacy is a person's right to determine for himself
when, how, and to what extent information about him is communicated to others.
In other words: who has access and who does not. This definition is sometimes
referred to as
informational self-determination
and has a strong focus on the
autonomy of the individual.
5
Based on this perspective, people were equipped
(through data protection regulation) with access controls. Such access controls
focus on limiting the collection and distribution of personal data. The concept of
informational self-determination is an example of this. Other examples are concepts
1
See Chapter 4 and also Custers B.H.M. (2010).
2
Van den Berg, B. and Leenes, R. (2010).
3
See Chapter 7.
4
Westin, A. (1967).
5
Other common definitions of the right to privacy are the right to be let alone, see Warren
and Brandeis (1890) and the right to respect for one's private and family life (Article 8 of
the European Convention on Human Rights and Fundamental Freedoms).
Search WWH ::
Custom Search