United Kingdom

Is Privacy Protection in the U.K. No Better Than in China?

|

A new Privacy International survey of 36 countries ranks the U.K. with China, Russia, Malaysia, and Singapore as an "endemic surveillance society." British Information Commissioner Richard Thomas is worried. "Two years ago," he says, "I warned that we were in danger of sleepwalking into a surveillance society. Today I fear that we are in fact waking up to a surveillance society that is already all around us." 

The U.S., an "extensive surveillance society," fares only slightly better than the U.K. The survey deals only with privacy-related issues, of course, not with civil liberties generally. In that sense it's too narrow to accurately reflect the state of individual freedom in the countries surveyed. The U.K. may have more surveillance cameras per capita than China does, but when it comes to what governments do with the information they collect, the Chinese have a lot more cause for worry than the British do.

In another sense, the criteria for Privacy International's ranking are too broad. Citizens of the U.K. and the U.S., for example, have good reason to feel more secure against arbitrary government search and seizure than citizens of China and Russia do. And they are apt to be more concerned about that risk than, say, the chance that magazines to which they subscribe will sell their names and addresses to direct-mail merchants. Yet Privacy International's "statutory protection" and "privacy enforcement" categories include restrictions on the use of information people voluntarily divulge to private companies; it also has a category for "workplace monitoring" (a.k.a. keeping an eye on your employees). The inclusion of business regulations is one reason Canada and Germany (identified as countries with "significant protections and safeguards") do so much better in the ranking than the U.S.

I've long argued that it's a mistake to treat private use of voluntarily revealed information as a violation of privacy rights in the absence of an agreement restricting use of the data (which would include a company's official privacy policy) or special circumstances in which confidentiality is assumed (as with medical records or psychological counseling). The voluntary sharing of information as part of a commercial transaction is qualitatively different from the nonconsensual collection of information by the government. I have a choice about whether I want to let my grocery store track my purchases in exchange for discounts; I don't have a choice about whether the government searches my house or eavesdrops on my phone calls.

At the same time, the collection of information by private entities is undeniably worrisome when that information can be demanded by the government on a whim through devices such as administrative subpoenas. Because the Supreme Court has ruled that information you give to a private business is no longer yours as far as the Fourth Amendment is concerned, the government's access to that information is governed by a hodgepodge of statutes and regulations. As the NSA's phone call database shows, these rules have loopholes that allow the government to collect information that most Americans would consider private without any sort of court order. In the case of the phone call information (which included numbers dialed and call duration), any statutory violation was committed by the phone companies that surrendered the information, not the government agency that "requested" it.

That's an example of a business regulation aimed at preventing unjustified government surveillance. So while it's important to distinguish between the threats posed by the government and the threats posed by private entities, regulation of data sharing may be an important backstop when the courts and the legislature fail to restrict government directly.

NEXT: A Stealthy Goodbye

Editor's Note: We invite comments and request that they be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of Reason.com or Reason Foundation. We reserve the right to delete any comment for any reason at any time. Report abuses.

  1. Damn lib-ruls. What’s wrong with y’all, not trustin’ our government’s intentions under the control of the wonderful George W. Bush? If ya ain’t got nothin’ to hide what y’all worried ’bout? Y’all just some latte-sippin’, Volvo-drivin’, Saddam worshippin’ America-haters, that’s what you is.

  2. Businesses can use information they collect in ways that are quite damaging – for instance, adding information to a credit record that is routinely consulted by other companies.

    I’m quite glad to have a UK government-enforced right to force them to remove this information when it’s incorrect.

  3. Wait, if the information is incorrect, why would the credit rating agency not want it removed? Are companies buying credit reports not concerned about the accuracy of the information?

  4. I’ve had my credit info stolen. As a comparative case study, my Mom had her info stolen about fifteen years earlier. It has been a lot easier for me to deal with than her (basically I’ve just had to send out letters and forms), but it is still a pain in the ass.

    Every time I have to get a loan, I have to pay forty bucks for credit reports to make sure I don’t get dinged (or worse, get a really shitty rate) for something I didn’t do. (I am a law student, so I have to do this fairly often).

    Since private individuals can be screwed over by debt collectors who understand the legal system, it creates the incentive for bad actors to screw with people, leading people to settle it.

    Also, I imagine that it costs a fair amount to credit agencies to verify that information is bad, so they have the incentive to make it difficult and leave the burden of proof on the consumer.

  5. I imagine that, like any holder of information, they accept a certain margin for error. Not easy for them to abitrate either – when the company stands by its information…

  6. I agree with FinFangFoom.

    Too much erroneous information creeps in to public records. The burden of correcting the information should not fall to the consumer.

    Further, the consumer should not have to “opt out” of having information shared. Companies should have to ask permission to share it. The authorization to share should be up front and in large print.

    That being said, I read the same study yesterday & agree that the measures were poorly framed and badly weighted.

  7. Does anybody else find it odd that of all the Central European countries on the list, Switzerland was the one that didn’t make it? That’s what I call good privacy!

  8. Citizens of the U.K. and the U.S., for example, have good reason to feel more secure against arbitrary government search and seizure than citizens of China and Russia do.

    Except for the war on drugs. See today’s Brickbat, for example.

  9. Oh, how happy I am to be a Canadian!

  10. “Oh, how happy I am to be a Canadian!”

    Right. We’ll just forget about the ‘notwithstanding’ clause.

    [For the benefit of our American friends who may not be aware: The Canadian Constitution has a clause which allows the Federal and/or Provincial Governments to pass laws that contravene the ‘rights’ in the constitution when it is invoked. The clause is known as the ‘notwithstanding’ clause.]

Please to post comments

Comments are closed.