In the spring of 2018, we learned that Facebook, the technology company we cannot seem to get away from, allowed a political analytics group to obtain Facebook users’ data. In late 2018, Facebook admitted another, even more egregious intrusion. The New York Times showed us how the technology company gave millions of users’ personal data to other companies. It also allowed other companies to read the content of personal messages made on the platform, messages users assumed to be private. CEO Mark Zuckerberg testified before Congress and Facebook ran an apology ad campaign, including airing an apology video during the NBA playoffs. In a Facebook post, Zuckerberg pledged: “We have a responsibility to protect your data, and if we can’t then we don’t deserve to serve you.” In doing so, Zuckerberg signaled its users’ importance, and their importance required privacy protection. In other words, Facebook acknowledged that when it allowed a privacy violation, it inherently disrespected its users.
In An Expressive Theory of Privacy Intrusions, Craig Konnoth explicitly argues what Zuckerberg implicitly acknowledged: privacy intrusions involve more than what is being taken or how the intruders use that information. Intrusions express something about the breacher and the breachee beyond the material consequences; according to Konnoth, the social meaning of privacy intrusions suggest the victim’s lower social status, a form of “disrespect.”
In this article, Konnoth makes two main contributions that can help us understand the problem of privacy breaches. First, he argues that the very act of information intrusion harms, even when that information is relatively benign, does not stop actors from acting, or where the intruders protect that information against others. “Instead,” Konnoth argues, “the very act of intrusion sends a message about the values society holds dear and the status that particular individuals have in society.” (P. 1535.) He grounds this argument in expressive theories of law, placing privacy intrusions within theories of how state action communicates certain values. For example, he shows how the Supreme Court’s Fourth Amendment jurisprudence acknowledges these expressive purposes of searches: when schools conduct drug tests on student athletes, the search conveys an important value, the “abhorrence of…drug abuse.” (P. 1545.) In addition, privacy intrusions say something about their victims. For example, when a school drug tests athletes, the search expresses a belief that students are inherently immature and unable to make good choices.
Konnoth’s second contribution closely follows the first. He argues that when privacy intrusions affect a particular group, the intruder communicates a belief in the relatively lower social standing of that group vis-à-vis other groups not similarly affected. For equality purposes, Konnoth argues that rather than lower social standing triggering the privacy intrusion, the intrusion itself can also signal to others to regard the group as having lower social standing: “[P]rivacy intrusions are often combined with other forms of status expression…that specifically identify certain groups as undesirable.” (P. 1561.)
Of course, Facebook is not the government, the subject of Konnoth’s piece. Facebook is a private entity engaging in the intrusion, thus while its actions are disrespectful, it does not have the social-status-generating power that the law does. It cannot grant social status, while the government can. Konnoth argues that if the government legally could do what Facebook did, it would create a unique status problem because when the government disrespects, it marks social status more generally. And it also marks those who intrude with impunity as having higher status.
What to do? Konnoth offers three solutions. The first and third are familiar: end the intrusion and apologize for the intrusion. But it is his second solution that brings the article together: change the privacy norms so that when privacy breaches occur, they don’t feel like intrusions at all. A breach that does not feel like an intrusion likely will not trigger feelings of disrespect. Indeed, so-called “data breaches” are becoming ubiquitous in our modern society, and fears of government spying are widespread. From companies whose job it is to monitor our most personal financial information (Equifax) to technology companies like Facebook, such breaches have already led many of us to feel that there is no such thing as privacy anymore. Furthermore, we have gotten so used to the breaches—what is one or a thousand more?
If Konnoth is right, maybe having more breaches, not fewer, is not such a bad thing.