Welcome to WebmasterWorld Guest from

Forum Moderators: phranque

Ambient Privacy: is it a thing?

High level look at Privacy in the Age of the Web

10:31 pm on Jun 21, 2019 (gmt 0)

Senior Member from CA 

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Nov 25, 2003
votes: 420

I'm sure we've all read some of the zillion of articles, threads, posts, comments et al on the subject of PII (Personally Identifiable Information) especially in the past few years. Most, close to all, that I've read are technical, i.e. how best to meet some regulation such as GDPR (there are many many across the world's jurisdictions). Very few seem to be taking a high level thoughtful view of the intersection of the legal definitions (therein bounding it's scope) of privacy and it's historical and current realities.

In an article I find cogent and thought provoking, Maciej Ceglowski (owner of Pinboard) does just that with Ambient Privacy [idlewords.com].

In the eyes of regulators, privacy still means what it did in the eighteenth century—protecting specific categories of personal data, or communications between individuals, from unauthorized disclosure. Third parties that are given access to our personal data have a duty to protect it, and to the extent that they discharge this duty, they are respecting our privacy.


The question we need to ask is not whether our data is safe, but why there is suddenly so much of it that needs protecting. The problem with the dragon, after all, is not its stockpile stewardship, but its appetite.


This requires us to talk about a different kind of privacy, one that we haven’t needed to give a name to before. For the purposes of this essay, I’ll call it ‘ambient privacy’—the understanding that there is value in having our everyday interactions with one another remain outside the reach of monitoring, and that the small details of our daily lives should pass by unremembered. What we do at home, work, church, school, or in our leisure time does not belong in a permanent record. Not every conversation needs to be a deposition.


Ambient privacy is not a property of people, or of their data, but of the world around us. Just like you can’t drop out of the oil economy by refusing to drive a car, you can’t opt out of the surveillance economy by forswearing technology (and for many people, that choice is not an option). While there may be worthy reasons to take your life off the grid, the infrastructure will go up around you whether you use it or not.

Because our laws frame privacy as an individual right, we don’t have a mechanism for deciding whether we want to live in a surveillance society.


All of this leads me to see a parallel between privacy law and environmental law, another area where a technological shift forced us to protect a dwindling resource that earlier generations could take for granted.

The idea of passing laws to protect the natural world was not one that came naturally to early Americans. In their experience, the wilderness was something that hungry bears came out of, not an endangered resource that required lawyers to defend. Our mastery over nature was the very measure of our civilization.

There's much more to the piece than what I quoted above, please take the time to go and read. I've been quite content with meeting GDPR and ePrivacy (most/all others have similar or lessor requirements). And while the foundation of my mindset on Privacy is not greatly dissimilar to that in the article I have never actually articulated it, as most webdev's I was too busy chasing the technical aka putting cart before horse.

Granted, what I might do does not affect actual law in place, however I can certainly not inappropriately transgress. For the times they are a-changin'. Yet again. And I see yet another potential competitive advantage...
12:32 am on June 22, 2019 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member tangor is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Nov 29, 2005
votes: 972

Good topic. One that we should explore ... meanwhile, do all we can to actually abide by 'ordinary" privacy protection... much of which was codified by many countries even before GDPR reared its head.
4:35 am on June 22, 2019 (gmt 0)

Senior Member

WebmasterWorld Senior Member Top Contributors Of The Month

joined:Apr 1, 2016
votes: 774

In my view the problem is not privacy protection. Ultimately privacy is easy to protect, and alone your personal data is worthless.

The issue is information asymmetry. One side is collecting and aggregating data in ways that the counter party has know way of knowing or understanding.

You take a shower, you have a window in the bathroom. Protecting your privacy is easy, you put a curtain in the bathroom. The other side then inserts mini cameras into the vent, the drain, the wall, the floor, thermal imaging, x-ray. You don't know, you can't know. Protecting yourself becomes impossible. So long as regulators are focused on developing better curtains, we will have no privacy.