On Twitter: @JamesFirth and @s_r_o_c (post feed)

Got a tip? tip@sroc.eu

Friday, 20 May 2011

Injunctions restrict information, they don't protect privacy

'Ah, but the right to privacy is more important than...' has become the think of the children line of the current debate about press freedoms.

And it's not helping, especially since the topic under discussion - the ability of a court to issue a gagging order - has very little to do with protecting privacy.

Injunctions, like the Data Protection Act, do nothing to protect individuals from intrusion.  They both attempt to regulate the information - data - after it has been gathered; and it's the act of intrusion, not what we do with the data gathered, that breaches our privacy.

The right to privacy is the right to be able to perform certain actions free from observation. There are obvious limits, notably the setting where we choose to perform our actions plays a major role in determining whether or not we should be afforded a right to privacy.

Me on privacy, Twitter and injunctions (14:28 in)
on last week's Pod Delusion
In the physical world we are all reasonably capable of making decisions on the relative privacy afforded by different settings. We do something on the street, we know we might be observed. We do something in a closed room, we would hope not to be observed.  The real privacy law prevents others from hiding secret cameras or bugs in private rooms.

To me, press intrusion is the very act or surveillance. Camping outside a private residence with long lens cameras, or hacking mobile phones.  Our privacy is breached as soon as an uninvited third party becomes aware of our actions in a setting where we had a reasonable expectation of privacy.

Arguing that the injunction system protects anyone's privacy; at the point at least one journalist, their editor, sub-editors, legal team, judge plus our own lawyer has become involved; is absurd.

Furthermore, it's unrealistic to expect information can be suppressed.  Even without the internet, information travels from person to person. Lawyers, judges and policemen gossip in the pub - indeed sometimes with the odd blogger present.

Injunctions do nothing to punish and deter the act of invasion.  Journalists and paparazzi lose nothing from having their story spiked by a judge.  Maybe a bit of the editor's budget is wasted on a story they couldn't run... Oh well, try again next Sunday.

In general, especially given the internet, we face the question of how far do we attempt to control and regulate the flow of information.

Many civil and digital rights issues lead to a question of appropriate balance, but in practice there's very little granularity in censorship; for once a control system is in place, the temptation to expand its use to cover other "good causes" becomes overwhelming, and the task of sifting and reviewing what the public can and cannot see becomes both immense, and ripe for corruption by self-interested parties.

In a democracy, the free press goes a long way to providing oversight of government. Who oversees the press?  It may be hard to stomach, and indeed looking at the headlines it may seem absurd and wrong, but we the public oversee the press in our decision to buy their papers or read their websites.

For this reason it's so very important that we have plurality of the press, so readers have an alternative if certain newspapers overstep the mark.  Bloggers are contributing to that plurality, which is another reason why controls on the internet in particular could threaten the freedom and plurality of the press.

Privacy is not dead

Of course there are no absolutes - I'm pretty easy with the current internet censorship regime in the UK that blocks images of child abuse hosted overseas.  But the success of, and acceptance by the public for, this regime; stems from its highly focussed and extremely limited role.

Extreme cases aside, we have two basic choices - to regulate information, or let it free.  But in letting information go free does not mean that privacy is dead. It means we must adapt our behaviour to the new reality.

A vital concept in privacy is our ability to judge the consequences of our actions in any given environment.  There's a huge degree of granularity to this - e.g. we might be in public, but we might be hiding behind a bush.

Whilst the physical settings where we afforded a reasonable expectation of privacy have changed very little, the manner and consequences of being observed have changed dramatically.

Photography has been around for long enough for the majority of the population accept the fact they might be photographed in public.  A still-large percentage of the population are probably alert to the probability of CCTV being operational in any given place.

We moderate our behaviour according to the risk of being observed.  And to do this we must understand the risks. And consequences.

The internet introduces two new problems: our actions in the physical world could have a global audience, and there's no clarity or consensus over what constitutes a private space online.

The second of these problems is about bringing clarity to the public's understanding of where and when they are likely to be "observed", and the consequences of being "observed".  In reality it has only a very loose relationship with the laws protecting our personal data after it has been collated.

Last week I co-founded a new organisation to look far more closely at creating the online equivalent of a private home and family life, separating this from more public online spaces, and bringing clarity to net users and businesses alike, struggling to grasp the concept of privacy and the risk in a potential collapse of consumer confidence if businesses remain ignorant to the issues.



  1. Just a short reply where a longer one is needed (but it's Friday afternoon!)

    One of the issues to me is that the press has gone beyond reporting of facts. It is one thing to report a fact - it is another to use that fact as the basis for a rant, a moral tirade of righteous judgement.

    You may say there is little difference, but in fact the "comment and analysis" of any case involving an individual is one-sided and is used to illustrate a general point, of which the individual concerned becomes the corner stone, and the image of that "social point".

    That is when the press go beyond their remit - adultery reported as unemotional fact is uninteresting and therefore not worth an injuction of any kind. I have a little sympathy (streess on "little") for those in the public view who are subjected to vitriol of the press flavoured with huge amounts of speculation and assumption.

    If the court could ensure that only FACT were reported, then the injunctions (super or otherwise) would largely become redundant)

  2. Very good point and something I've commented on before - if you can, listen to my piece on last week's Pod Delusion:


    Think we need to try and separate the issues:
    * Injunctions don't prevent intrusion, they just attempt to suppress the product of intrusion
    * Sex shouldn't be selling the number of newspapers that it does, but privacy law is probably not the best stick to try and change the "interest of the public"
    * Press willingness to case judgement on people based on sex and sexuality. But again, is the law the right way to drive this moral change?


  3. I notice that you compare the injunctions issue to the Data Protection Act; and yet, the DPA provides for very different remedies.

    The DPA sets out the terms under which you can collect personally identifying information legally. The penalty for breach is not jail time - it's financial; each damaged individual can collect compensation from you to cover their costs in coping with the release of information. In addition, the state can fine you; this is separate from any damage to an individual.

    Taking the ACS:Law example, as that's been in the press recently. The state has fined Andrew Crossley £1,000 for his negligence. Each individual affected has a right of action against Mr Crossley; any damage they can demonstrate was caused by his unauthorised release of data will have to be paid by Mr Crossley - for example, if I lose my job due to his release of data, Mr Crossley owes me lost pay for the time it takes me to find an equivalently paid job.

    Applying a similar train of thought to privacy rights suggests that there should be financial compensation for the loss of privacy.

  4. Farnz - fair points but I said the DPA, like an injunction, does little to prevent the act of intrusion occurring. They both attempt to control information once it's been extracted.

    Under the DPA you get fined for incorrectly handling information. There's very little it says you can't store, with prior consent. And consent is as easy as "tick this box or you're not using my service, or getting a software update, etc..."

    I'm not talking about fines as a compensatory tool but sanctions for the act of intrusion.

    Essentially we need to change - or at least examine and clarify we're happy with - social attitudes to privacy and intrusion.

    The only scalable solution to privacy I see is in social acceptance that intrusion is anti-social and we shouldn't do it. Any attempt to enforce this through law and enforcement without in parallel ensuring the will of the [online] community is there will fail, especially given the global jurisdiction of the internet.

    Overseas news outlets will become the first port of call for UK news.

    Also on the DPA, it relies on goodwill for compliance. How many companies have a UK operation and handle personal data. How many can the ICO raid and examine?

    How can a UK authority possibly check that an overseas arm of a company operating in the UK doesn't have a massive cache of personal information in some foreign jurisdiction?

    Again, the only solution I see is a mix of: education, clarity in the risk/reward balance when we hand over personal data, and legal powers to tackle "criminal" non-compliance.


Comments will be accepted so long as they're on-topic, do not include gratuitous language and do not include personal attacks or libellous assertions.

Comments are the views of the commentator and not necessarily the view of the blog owner.

Comments on newer posts are not normally pre-moderated and the blog owner cannot be held responsible for comments made by 3rd parties.

Requests for comment removal will be considered via the Contact section (above) or email to editorial@slightlyrightofcentre.com.