This month I checked back in with Micah Sifry to learn about the status of the That’s Not Privacy campaign, which MFG covered in May. Here’s what I learned (the following is an edited version of an email exchange):
Micah, it has been about six months since the campaign launched. How is the That’s Not Privacy campaign going?
We also wanted to stimulate more conversation within NGOs, in particular those who profess interest in user rights and privacy. We knew at the outset that many of these organizations would not be able to make this change as quickly as the groups that joined That’s Not Privacy for the launch. We had dozens of conversations with such organizations and know that in several cases seeds were planted that have yet to bear fruit in terms of a policy change. In some cases, the issue was very practical: legacy websites whose core pages aren’t easily edited, or organizations working through lengthy site redesigns and/or policy changes. So the timeline for further adoption of That’s Not Privacy (TNP) remains open.
The basic tactic of That’s Not Privacy is to get organizations to align their practices with their policies and let web users know what the organization’s data practices are. Why is this so important and what, if anything, do you see changing about it?
This is essentially about truth in labeling. It also involves educating your members or users about the realities of online data tracking. Most people think that if they see the word “privacy” it means their personal information isn’t being collected or used, when in fact most so-called “privacy policies” describe how an organization is actually collecting and using their personal data. There are legitimate reasons for organizations to do that, and we want them to do so responsibly. Included in that is making clear that collecting data from your users (with or without their knowledge) is not “privacy.”
Why should nonprofits care about That’s Not Privacy?
Information is power, and when people lose control over their personal information, they lose power. In the last few years, more people are waking up to the fact that digital technologies make the capture and use of their personal data incredibly easy, and many are starting to ask critical questions and take steps to better protect their privacy. We think nonprofits want to be on the right side of that dynamic.
There’s lot of concern that space for free association and free expression (in other words, civil society) is closing around the world. A recent Civicus report shows 109 countries where civil society is closing down. Is That’s Not Privacy part of the effort to change that? What’s the broader motivation?
Yes, the impulse for That’s Not Privacy is definitely connected to a larger concern that mass surveillance (by governments or private actors) is corrosive to freedom of thought, speech and association. As NSA whistleblower Edward Snowden said recently:
“Privacy isn’t about something to hide. Privacy is about something to protect. That’s who you are. That’s what you believe in, that’s who you want to become. Privacy is the right to the self. Privacy is what gives you the ability to share with the world who you are, on your own terms, for them to understand what you’re trying to be. And to protect for yourself the parts of you that you’re not sure about, that you’re still experimenting with. If we don’t have privacy, what we’re losing is the ability to make mistakes. We’re losing the ability to be ourselves. Privacy is the fountainhead of all other rights. Freedom of speech doesn’t have a lot of meaning if you can’t have a quiet space. . . . to decide what it is that you actually wanna say. Freedom of religion doesn’t mean that if you can’t figure out what you actually believe without being influenced by the criticisms and sort of outside direction and peer pressure of others. And it goes on and on and on. But privacy is baked into our language, our core concepts of government and self in every way . . . without privacy, you won’t have anything for yourself. So when people say that to me, I say back arguing that you don’t have privacy because you have nothing to hide is like arguing that you don’t care about free speech because you have nothing to say.”
Other movements have emerged this year that try to draw people’s attention to how companies/organizations use their data. I’m thinking of Ranking Digital Rights in particular. Are there others? Why do you think this is happening now?
As I just noted, there’s a larger trend afoot as people learn more about how their personal information is tracked, used and abused, with regular reports of massive data hacks of major businesses generating headlines alongside the whistleblowing of people like Snowden.
What big change do you want to see?
At a much larger level, we would like to see a sea change in how consumers relate to privacy, alongside a shift in how companies design their products. People have few cues right now that can help them understand the trade-offs involved in their use of digital products. There’s no equivalent of a FDA label telling you the nutritional value (or lack thereof) of a product, or even a simple label like “organic” that would enable people to make more informed choices about what they use. Ultimately this may require legislation or stronger regulation as well.
There is also a latent market for privacy by design, which ought not be that expensive to produce. We don’t want a world where only the well-off can afford the equivalent of high walls around their lives, while the poor are exposed and subject to greater exploitation.
How can readers and their organizations get involved with That’s Not Privacy?
Everything at That’sNotPrivacy.com is open source. People can sign their organization up, and we’ll add their logo to the coalition. And people can download the policy backgrounder and use it in their own internal education work or public outreach.