國
立 政 治 大 學
‧
N a tio na
l C h engchi U ni ve rs it y
10
paradox, also known as the information disclosure and privacy dilemma among users (Wilson et al., 2012).
2.2 Definition of privacy
According to a survey on Internet users from the website msnbc.com in 2006, privacy meant various things from fear of being watched, fear of government intrusion, worriess over companies tracking purchases, and advanced technology such as the ability for GPS to track their physical movements. Among the numerous responses, the most common definition of privacy was "the right to be left alone," originated from Samuel Warren and Louis Brandeis in 1890. As Sullivan (2011) suggested, the lack of clear definitions of privacy has caused much confusion in the discussion pertaining to this topic. In addition, privacy should be considered in its context. The legal, classical definitions of privacy may be different from that of the online environment. Therefore the following section sought to offer a review on privacy in order to define the term fittingly to the situation on a social networking site.
Privacy in the traditional perspective
In United States, four types of invasion to one’s privacy were commonly known. The four torts included intrusion of solitude, false light, appropriation and public disclosure of private facts that could lead to embarrassment. According to Prosser (1960), intrusion of solitude referred to the physical or electronic intrusion into one's private quarters, whereas false light referred to the publication of facts which placed a person in defamation, even though the facts themselves may not be defamatory. Appropriation referred to the unauthorized use of a person's name or likeness to obtain benefits, whereas public disclosure of private facts meant the dissemination of truthful but private information, such as one’s illness. Oftentimes, the revelation of such private fact could lead to embarrassment on the subject. However, the legal perspective of privacy was not the fittest for the online environment.
‧
國立 政 治 大 學
‧
N a tio na
l C h engchi U ni ve rs it y
11
In order to establish privacy in a different context than the legal perspective, Tavani (2007) stressed that when defining privacy, it must be considered whether privacy was interest-based, or right-based. By definition, the "interests-based" view of privacy referred to a person's desire or intention to have his information protected, and it was mostly for enhancing one's well-being (Tavani, 2007). In terms of the "right-based" view of privacy, it was defined as the utilitarian cost and benefit analysis, where individuals attempted to balance the cost to privacy and the benefits to public safety and crime control (DeCew, 1997, p. 21) As indicated by DeCew (1997), there was a shift to consider privacy in the right-based point of view rather than interest-based. The Universal Declaration of Human Rights also made explicit indication to one’s right to privacy. In Article 12, it was stated that
[no] one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honor and reputation. Everyone has the right to the protection of the law against such interference or attacks.
According to Tavani (2007), privacy theories could be categorized into four types:
non-intrusion, seclusion, limitation and control. Though each of the categories brought insight to what privacy was, each of them also had shortcomings in the underlying definitions.
For instance, privacy could be defined as “non-intrusion,” in which the definition originated from what Warren & Louis (1890) suggested in their article titled “The Right to Privacy” in Harvard Law Review. According to the authors, privacy was “the right to be let alone”
(p.193), or to be free from intrusion of any kind. However, Tavani (2007) found two flaws in this definition. Firstly, “the right to be let alone” sometimes confused the condition or content of privacy with the right to privacy. Furthermore, the non-intrusion theory was also confused with the notion of liberty. Though liberty and non-intrusion were closely related, liberty did not suggest the protection of ones’ rights, whereas non-intrusion did.
As for the second type of privacy, seclusion, it referred to privacy as “being alone”
(Tavani, 2007, p.6). But the problem again surfaced since some seclusion theories defined
‧
國立 政 治 大 學
‧
N a tio na
l C h engchi U ni ve rs it y
12
privacy as being inaccessible at all by others, or voluntary and temporary withdrawal from the society. In other words, the seclusion theory of privacy suggested that the more seclusion, the more privacy the individual would enjoy. However, it could easily be confused with the notion of solitude. By all means, the first two types of privacy theories addressed privacy in its physical terms. Hence they were not valid for the privacy in an online environment.
The third type of privacy was the control theory. Privacy was thus defined under the condition that “one [had] privacy if and only if one [had] control over information about himself” (Tavani, 2007, p. 7). It emphasized that one must also consider what kind of information one could expect to control, and how much control one could have over that particular information. But the idea of control in terms of what kind of information to control, or how much to control, could be confused with the notion of autonomy.
The fourth type of privacy was the limitation theory. In the theory of limitation, privacy was referred to as the situation when access to one’s information was limited or restricted in a certain contexts. The merit of this theory was the recognition of “zones” or personal boundaries set by individual to restrict or limit access to personal information by others.
However, since limitations suggested that the less information others knew about one person, the more privacy the person enjoyed, this notion could be confused with secrecy. Nonetheless, Tavani (2007) found these views of privacy inadequate. According to Tavani (2007, p. 6),
the concept of privacy [in U.S.A.] has evolved, initially being associated with intrusion (physical access), then being associated with concerns about interference (in decision making), and, more recently, being associated with concerns about the flow of personal information.
In fact, out of the four types of privacy theories discussed above, none of them best suited the type of privacy online.
Privacy in the online perspective
As suggested by Tavani (2007), a definition of privacy that could be considered for the
‧
國立 政 治 大 學
‧
N a tio na
l C h engchi U ni ve rs it y
13
online environment was the Restricted Access and Limited Control view of privacy. Under this concept, privacy should be right-based, under an individual’s limited control, and could be protected through restricted access by others. In essence, privacy should be right-based rather than interest-based. What it meant was that an individual would go through the utilitarian cost and benefit analysis in an attempt to balance the cost to privacy and the benefit to public safety and crime control. Privacy online was also under limited control since it was not realistic for an individual to have sole control over every digital footprint or information disclosed in an online environment. Moreover, privacy could be protected by restricted access.
Though an individual did not have complete control over his own information online, he could restrict others from accessing such information through means of social strategies or structural strategies. For the purpose of this thesis, online privacy should be deemed as right-based, under users’ limited control, and could be protected through restricted access.
“Right-based” referred to how an individual will analyze the cost and benefits for disclosing personal information, whereas limited control referred to how an individual did not have complete control online; however, one could protect his online privacy through restricting others’ access to such information.
Having established the definition of online privacy, Raynes-Goldie (2010) further suggested that there were two kinds of online privacy. To be more specific, while users on Facebook cared about protecting their personal information, their concerns about privacy tended to reflect a desire to protect their social privacy rather than their institutional privacy.
What it meant was that users were more concerned about controlling who had access to their personal information rather than how advertising companies would make use of their information. In more concrete terms, social privacy referred to users’ concerns about controlling access to personal data that was available to their social contacts. Users may want to keep certain information from some particular contacts among their Facebook friends.
Such actions like deleting, editing content or removing tags were thus common measures that
‧
國立 政 治 大 學
‧
N a tio na
l C h engchi U ni ve rs it y
14
may help to manage one’s social privacy. On the other hand, institutional privacy referred to how companies like Facebook Inc. and its partners and advertisers alike might use users’
personal data for benefits.
2.3 Theoretical framework: Communications Privacy Management (CPM) Theory