I should be able to define privacy, as
I am the Privacy Officer for
OnlineGroups.Net — but I find privacy hard to define.
Thankfully, I am not alone: the New Zealand Law Commision’s paper,
Conceptual Approach to Privacy,
spends many pages discussing how hard privacy is to define.
The paper’s author, Mark Hickford, concludes
that privacy is a sub-category of two interconnected values: autonomy
These values apply to aspects of your life (both social and
information) that you expect to have control.
This definition is nice, but not useful when you are trying to write
However, it is easy to know when privacy has been breached.
I quite like Solove’s taxonomy of privacy breaches, which I quote from
- Dissemination, and
We constantly think about privacy when coding GroupServer.
For example, GroupServer requires that the user authorises the creation
of an account — otherwise a collection breach could occur.
When presenting aggregate information about a group (such as
we have to ensure that individuals cannot be identified, and that
the data is only used for the purpose that it was intended —
to avoid a processing breach.
is not easy.)
Security is important to prevent dissemination breaches, and for that
we rely heavily on Zope.
Finally, we have to ensure that a user controls the
email addresses he or she claims to, so we do not invade the privacy
(Email address verification in GroupServer is not right yet, but
we are in the
process of improving it.)
Ensuring privacy can put us (mostly me) into conflict
The conflict usually comes from good intentions, such as administrators
who want to add users to groups without the annoying verification step.
If the user does not consent to joining a group, a collection breach
To gain consent, and prevent a breach, GroupServer sends out a
verification email that the user responds to.
Unfortunately, messages get caught by spam filters, or the
user simply ignores the message.
This normally leads to unhappy administrators, and users.
We cannot sacrifice privacy, so we work on
GroupServer more usable,
so these sorts of problems do not occur.
There is hope that privacy laws will become standardised.
OnlineGroups.Net must follow the
Zealand Privacy Act (1993),
which is based on
Guidelines on the Protection of Privacy and Transborder Flows of
Other countries, such as
also follow the principals in the OECD document.
Even the United States of America has the
system, which follows the same privacy principals.
Privacy is not just a good idea, it’s the law; I pledge to constantly
uphold the user’s right to privacy.