Defining Privacy
A critical investigation of Canadian political discourse


2.2 Definitions and Taxonomies

If the legislation concerning the privacy of Canadians does not define the word privacy, how can we understand what it means to have privacy and what is harmed when we don’t have it?

The concept of privacy has been discussed and debated for centuries, creating a scholarship that is comprehensive in both depth and breadth. This section will focus on an examination of some of the historical and contemporary definitions of privacy as they relate to the Canadian government and the formation of Canadian legislation. This includes a further review of major federal publications and legal decisions on privacy, as well as an introduction to the scholarship and philosophy that informed those publications.

This section will introduce definitions of privacy gleaned from Canadian governmental publications and Supreme Court decisions, in some cases tracing those meanings back to seminal publications on the philosophy of privacy. The idea of privacy as ‘the right to be left alone’ will be discussed, and the concept will be clarified through the taxonomies introduced in the section. And finally, this section will end with an examination of the concept of a ‘reasonable expectation of privacy’ in the context of Canadian privacy law.

A Review of the Literature

The Task Force on Privacy and Computers

Perhaps the most seminal document in the landscape of privacy literature in Canada is a report written by a group colloquially known as the Task Force on Privacy and Computers. The Task Force was formed in 1970 by the Department of Communication and the Department of Justice with the intention of exploring the multi-dimensional nature of privacy in Canada. Their report, published in 1972, was a response to the growing use of computers and ‘databanks’ that stored personal information about Canadians (Task Force 2). They identified 10 major study areas, ranging from the information processing practices of government, public and private institutions; judicial, administrative and self-regulatory remedies; constitutional and international considerations; and a philosophical investigation into the multiple dimensions of the nature of privacy (Task Force 2). The report distinguished between two distinct notions of privacy: the first concerns what the authors consider to be the interrelated issues of accuracy, access, control of dissemination, and security, while the second includes the philosophical and ethical questions surrounding the nature of privacy itself (Task Force 3).

The willingness of the Task Force to consider the “more general and less tangible” aspects of privacy (3) comprises exactly the kind of discourse that Thacker and Finestone advocated for in their respective reports, published decades after the report on Privacy and Computers was released. The Task Force did not consider the specific concerns relating to accuracy, access, control, and security to be worthy of a fundamental conceptual analysis (3), though these issues tend to dominate the modern legislative debates surrounding privacy.

An Introductory Taxonomy

A recurring theme in the scholarship of privacy are taxonomies. Taxonomies are helpful, as they serve to divide big concepts into smaller and more manageable parts. The Task Force on Privacy and Computers developed one such taxonomy, splitting the concept of privacy into three major categories: territorial, personal, and informational (13).

Territorial privacy relates to physical property and space. This is the idea that what happens behind walls or closed doors is one’s own business, and furthermore, that no one may enter that private domain without permission, or without a lawful warrant for access (Task Force 13). Territorial privacy is perhaps the most foundational or traditional concept of privacy (Warren and Brandeis 193), and breaches of this type of privacy are some of the most easily identified: such as an intruder in or around one’s home, or the presence of recording devices. The invasion of territorial privacy may even extend to noxious odors or loud noises that interrupt the solitude of tranquility of one’s own space (Task Force 13; Warren and Brandeis 193). Alan Westin, a well-known privacy theorist, argues that the function of territorial privacy serves to protect individual well-being and small group intimacy, something that is found not only in humans, but in animals (9).

Personal privacy is also a spatial or territorial concept, but one that is less defined by walls or physical barriers, and more by legal norms and social values (Task Force 13). While personal privacy involves freedom of movement and the prohibition of physical assault or warrantless search and seizure (Task Force 13), it also includes the more abstract notions of personal dignity and reputation (Warren and Brandeis 194). This has been characterized as an issue of personal autonomy, or the ‘right to be left alone’ (Stefanick 6). While being ‘left alone’ is itself open to interpretation, this idea generally refers to the moral rights one has over one’s own body, in terms of freedom of expression and freedom from intrusions that blur the boundaries between one’s personal and social life (Richardson 30; Stefanick 6; Warren and Brandeis 194).

Informational privacy is the most abstract of these three distinctions, and in some ways it encompasses the previous the concepts of territorial and personal privacy, especially in terms of modern technology. For example, the digital addresses associated with networked devices can provide information about an individual’s physical location, and social media has the ability to affect the reputation of an individual if others post information that cannot be removed or altered. As evinced by the previous section, informational privacy is also the primary type of privacy protected by most of Canada’s privacy legislation.

Informational privacy refers to the ability for an individual to have control over the ways in which information about the self is disclosed. This is based on an assumption of ownership, meaning that information about a person belongs to that person, and can be used in whatever way that person sees fit (Task Force 13). But much like privacy, the concept of information is in itself difficult to define. Before undertaking an examination of informational privacy, we must first understand what is meant by the word ‘information’.

What is Information?

Claude Shannon, known as the ‘father of information theory’ (Floridi, Information 1) puts forth a broad definition. He defines information as: the messages occurring in any of the standard communication mediums such as telegraphy, radio or television, the signals involved in electronic computing machines, servomechanisms systems and other dataprocessing devices, and even the signals appearing in the nerve networks of animals and man. (emphasis added, Shannon 212)

Luciano Floridi builds on Shannon’s definition with his own philosophy of information, describing the current state of information in society as the ‘infosphere’. The infosphere is “the whole system of services and documents, encoded in any semiotic and physical media, whose contents include any sort of data, information, and knowledge” (“The Digital Revolution” 8). It is the whole informational environment and all of its constituent entities including “their properties, interactions, processes, and mutual relations” (“Foundations of Information Ethics” 3).

Floridi has a useful analogy to describe this concept of the ‘infosphere’. He asks us to imagine the universe from a chemical perspective; everything within it has a chemical composition such as humans are 60% water, or the air is made up of mostly nitrogen and oxygen. In this way, the world can also be imagined from an informational perspective. The same entities described by their chemical composition can be described by their informational composition. Therefore, every ‘thing’ is information, and “to be is to be information” (Floridi, “A Defence of Informational Structural Realism” 241).

Combining Floridi’s concept of the infosphere with Shannon’s definition of information, we can conclude that if every ‘thing’ is information, then everything about a person, from the physical to the abstract, is personal information.

This comprehensive view of personal information is less robust than the definitions provided by federal privacy legislation, namely that personal information consists of “information about an identifiable individual” (PIPEDA, s. 2(1); Privacy Act, s. 3). The Office of the Privacy Commissioner of Canada considers personal information to include things like SIN numbers and other numbers associated with identification, birth dates, addresses, names, banking information, fingerprints and even IP addresses (“Your Guide to PIPEDA”). Each of these items, even something as abstract as a SIN number, is a surrogate for something physical that exists in the real world. A SIN number represents one’s uniquely physical identity with the Canadian government, an IP address refers to an actual, physical networked device like a computer or a smartphone. These examples show how easy it is to make connections between specific pieces of information and an individual in the tangible, physical world.

We are increasingly beginning to amass a considerable amount of personal data that does not have a real-world manifestation. This can include data like web browsing histories, health tracking information collected by wearable fitness devices, credit reports, academic applications and transcripts, and ‘profiles’ generated by data aggregation algorithms owned by Google or Facebook. This information is more connected to the personal behaviours of individuals, rather than the physicality of the individual themselves. The data often includes a web of other connected and related data, even temporal and spatial information like timestamps or GPS coordinates. Some of this data is collected remotely and outside of Canada, recorded on a variety of different mediums and in different formats, and in some cases, protected by Terms of Use agreements that render identification and ownership unclear.

While information that is considered ‘personal’ by the Canadian privacy legislation is protected when collected for the purposes of government or commercial use, there are many other types of secondary and less tangible personal information that has no such explicit protection.

Our first taxonomy has established that privacy applies to three domains: the territorial, the personal, and the informational. Using this taxonomy, I have suggested that territorial and personal privacy are really just types of informational privacy, because information about a physical location, and information about an individual are both just different types of information. Furthermore, we have the argument from the Task Force that informational privacy means that information about a person belongs to that person, and its transmission or communication should not only be protected, but controlled by the individual themselves (13). Finally, the definitions of information put forth by Shannon and Floridi have established that everything about an individual is comprised of information, down to the smallest details of internal biology, such as the electrical messages transmitted by the nervous system (Shannon 212).

A Second Taxonomy

Where the first taxonomy recognized three different theoretical ‘spaces’ of privacy, Westin has developed a taxonomy that differentiates between individual ‘states’ of privacy. The difference here is subtle. Westin is not focused on the spaces where privacy is said to exist, but rather the basic functions that privacy serves for individuals and groups in society (31). These states of privacy are solitude, intimacy, anonymity, and reserve (Westin 31).

Solitude simply means separation, where an individual is separated from the group and from the observation of others (Westin 31). This state, according to Westin, is the most complete state of privacy that can be achieved (31).

Intimacy, the second stage of the taxonomy, is less private than solitude, and occurs when an individual is a part of a small unit that enjoys seclusion within a close and relaxed relationship (Westin 31). This includes marriages or partnerships between people, families, circles of friends, or even work cliques (Westin 31).

Privacy as anonymity is freedom from identification and surveillance, even in public spaces (Westin 31). Even if the individual is aware of being observed, anonymity means that the observation occurs without recognition or identification, letting the individual have the ability to “merge into the situational landscape” (Westin 31). Also included in the state of anonymity is the freedom to publish ideas without identification (Westin 32). Anonymity can be understood as a form of ‘public privacy’, where an individual is free to negotiate societal expectations while remaining free from recognition or identification. A further discussion of anonymity will follow later in this section.

The last state of privacy is reserve, which Westin considers to be the most subtle of the four states (32). Reserve protects against unwanted intrusions with the creation of a ‘psychological barrier’ in the mind of an individual, serving the purpose of protecting certain aspects of the self from others (Westin 32). This type of privacy allows a person to cultivate a ‘mental distance’ within intimate relationships and public life. To Westin, reserve is essential to an individual’s sense of meaningful privacy, especially in an urban, industrialized society (32).

Westin’s taxonomy of the states of privacy informs a further taxonomy regarding the functions of privacy for an individual in society. The relationship between privacy of the individual and society, as well as Westin’s functional taxonomy, will be discussed in the next section of this chapter.

A Third Taxonomy

In a decision known as R. vs. Spencer, s. 8 of the Canadian Charter of Rights and Freedoms was used by the Supreme Court in a ruling involving informational privacy.

While R. vs. Spencer was heavily influenced both by Westin and by the Task Force on Privacy and Computers, the ruling also introduced its own taxonomy of privacy. The judgment stated that in order to understand informational privacy, the nature of privacy itself must itself be understood in three contexts: privacy as secrecy, privacy as control, and privacy as anonymity (R. vs. Spencer, para. 38).

Privacy and secrecy are aspects of confidentiality. A straightforward example of this concept relates to medical records. While people may share private information to receive medical care, they retain an interest in the protection and confidentiality of that information (Task Force 14). The relationship between the information-giver and the information-receiver, such as the one between a patient and doctor, depends on the information-giver having a reasonable expectation that the information-receiver will hold the information in confidence (R. vs. Spencer, para. 39). The information exchange depends completely on trust; trust that the information will be kept completely secret from those outside the relationship. Another Supreme Court ruling, McInerney v. MacDonald, describes the patient-doctor relationship as fiduciary, meaning that a doctor has a duty to hold information received from a patient in confidence, and a patient has the right to expect that the duty of the doctor will be fulfilled (149, para. i).

Privacy as secrecy is primarily covered by the collection, purpose, and use provisions in Canadian privacy legislation. In other words, personal information is collected and used for a specific purpose with the express consent of the individual, and disclosure to others does not occur except with consent or lawful authority.

Privacy as control refers to the ability for an individual to determine how their personal information is used, if at all (Stefanick 29; Westin, Privacy and Freedom 7). This differs from the idea of privacy as secrecy, because the communication of certain types of personal information is often necessary beyond the intimacy of relationships such as the ones between a doctor and patient, or a lawyer and client. Privacy as control is related to an individual’s reasonable expectation of the privacy of their personal information, and their ability to determine and restrict its disclosure (R. v. Dyment 429, para. i).

Privacy as control is covered by the consent, disclosure, and safeguards provisions in Canadian privacy legislation, along with the collection, purpose, and use provisions discussed above.

Privacy as anonymity, in the context of R. v. Spencer, borrows strongly from Westin’s idea that individuals should be free from recognition or identification in public places, as well as freedom to publish ideas without identification (R. v. Spencer, para. 43, para. 45; Westin, Privacy and Freedom 31). Even though Privacy and Freedom was published in 1970, Justice Cromwell argues that Westin’s idea of anonymous publishing perfectly defines many contemporary characteristics of internet communication and use (R. v. Spencer, para. 45). The internet is a functional extension of the concept of ‘public space’ in society, and while an internet user may not necessarily be able to control the monitoring or observation of their online activities by outside actors, they should have the ability to remain anonymous in that space, without having their personal information disclosed and linked to their online activities (R. v. Spencer, para. 47).

Justice Cromwell argues that it is crucial that the link between personal information about an individual and the behaviours or activities in which the individual participates should be protected by a degree of anonymity (R. v. Spencer, para. 50). The reasoning behind this is articulated by Slane and Austin, who describe the difference between personal information about identity (such as a name or a phone number) and personal information that serves the purpose of identification (500). Information like names and addresses are rarely completely private, a phone book is a good example of this, but information used for identification, such as a SIN, has the ability to link an individual to many other types of information, like financial and tax history (Slane and Austin 501). Anonymity is not the freedom to keep every single piece of information about the self private, but the freedom from having that personal information lead to identification, which can then lead to the disclosure of information of a more intimate and personal nature.

What this amounts to, a broad sense, is that privacy can be conceptualized as the right to choose anonymity, or perhaps as the right to be left alone.

The Right to be Left Alone

It may be that the first ‘modern’ taxonomy of privacy was developed in 1890 by American legal scholars Samuel Warren and Louis Brandeis. While it was understood at the time that privacy was a territorial and personal concept, they argued that if the law could protect the rights of property and corporeality, it could also protect the “intangible products and processes of the mind” (194). They believed that the protection and security of the individual amounted to the right to be left alone (194).

Frustrated over the ability of the news media to obtain and disseminate photographs of his daughter’s wedding, Brandeis later wrote in a 1928 US Supreme Court ruling, Olmstead v. United States, that the “greatest dangers to liberty lurk in insidious encroachment by men of zeal, well-meaning but without understanding” (479). This statement is an extension of his earlier work with Brandeis, which argued that an “absence of malice” is no excuse for violating the privacy of others, forwarding the idea that a violation of informational privacy may result in the harm of one’s dignity, despite the intentions of those seeking the information (Warren and Brandeis 218).

While it is relatively easy to determine whether a territorial or personal violation has occurred (e.g., someone digs through your trash on your property, finding a personal letter or photo and publishes it), it is less obvious when informational privacy has been compromised, unless something like identity theft or hacking occurs. This raises the question from the beginning of this section: what harm is there in the sharing of information, especially if the person whose information was shared never finds out?

If breaches of informational privacy weren’t harmful in some way, there would be no reason for the Canadian justice system to rule on cases involving the disclosure of personal information. Yet even though privacy is narrowly recognized in Canadian law as the quasi-judicial or fundamental protection of personal information held by government and business, there is no shortage of examples from case law recognizing the harm of the unnecessary invasion of personal privacy.

Often these cases hinge on whether or not the claimant had a reasonable expectation to the privacy of their personal information. As discussed in the previous section, reasonable expectations form the basis of much of the privacy legislation, from PIPEDA to the Criminal Code.

What is a Reasonable Expectation of Privacy?

R. v. Spencer

As mentioned above, R. vs. Spencer used s. 8 of the Canadian Charter of Rights and Freedoms in a ruling involving informational privacy. Section 8 of the Charter is one short sentence, stating that “(e)veryone has the right to be secure against unreasonable search or seizure”. The court case was about the justification for warrantless access to personal information; specifically whether the police were justified, under PIPEDA, in requesting from an internet service provider (ISP) information about a subscriber associated with an IP address, without first obtaining a warrant from the appropriate judicial authority. The Supreme Court unanimously agreed that the request by the police for this information without a warrant was unconstitutional (R. vs. Spencer 215). They ruled that internet subscribers have the right to a reasonable expectation of privacy concerning their personal information (para. 66), because the activities that individuals engage in online carry with them an expectation of anonymity (para. 44).

In the case, the internet user was accessing and downloading child pornography on a computer belonging to a family member (R. v. Spencer, para. 7). The police became aware of the activity because of the individual’s use of file-sharing software, and they subsequently requested subscriber information including the name, address, and telephone number from the ISP, in this case Shaw Communications Inc. (R. v. Spencer, para. 8). Section 7(3)(c.1)(ii) of PIPEDA states that “an organization may disclose personal information without the knowledge or consent of the individual only if the disclosure is requested for the purpose of enforcing any law of Canada”, while s. 5(3), states that “[a]n organization may collect, use or disclose personal information only for purposes that a reasonable person would consider are appropriate in the circumstances”.

There is a circularity here between these two sections, where s. 7(3)(c.1)(ii) depends on s. 5(3) in terms of an understanding of the concept of ‘reasonable’. Ultimately, the issue was not whether or not a crime was committed, but rather if the police were justified in accessing personal information without either the consent of the individual, or a warrant. As s. 8 of the Charter ensures the right to be secure from unreasonable search or seizure, the constitutional foundation of this case asks if the police request for personal information was an unreasonable search. According to Justice Cromwell, writing for the Court in R. v. Spencer, “the answer to this question turns on whether, in the totality of the circumstances, Mr. Spencer had a reasonable expectation of privacy in the information provided to the police by Shaw. If he did, then obtaining that information was a search” (R. v. Spencer, para. 16).

Determining whether there is a reasonable expectation of privacy is the key to the use of s. 8 in a constitutional claim for the right to privacy (McIsaac, Shields, and Klein 2.3). When there is no reasonable expectation of privacy, there is no constitutional right to be secure from an unnecessary search. In the case of R. v. Spencer, the Supreme Court ruled that a degree of anonymity is foundational to the understanding of privacy, and that a person can reasonably expect privacy when using the internet, despite what that use may entail.

In other words, a reasonable expectation of privacy amounts to a reasonable expectation of anonymity.

A narrow view of this interpretation of privacy as anonymity comes from a speech made by Justice Sopinka of the Supreme Court, discussing his views on the another similar case, R. v. Plant. He states that “(t)he more accessible the information about an individual, the less is his or her expectation of privacy” (“Freedom of Speech and Privacy”). Justice McLachlin, who dissented the ruling, stated in the judgment that information should only be used explicitly for the purpose in which it was collected, and that disclosure beyond the bounds of that purpose should only be undertaken with proper legal authorization (R. v. Plant 283, para. h).

These opposing views highlight the contradiction between the right in s. 8 of the Charter to be free from unreasonable search and seizure, and the consent and disclosure exemptions in federal privacy legislation that arguably allow for warrantless access to personal information. This contradiction is what makes the case of R. v. Spencer so compelling.

Justice Cromwell alludes to this contradiction in the ruling, stating that “Section 7(3)(c.1)(ii) of PIPEDA cannot be used as a factor to weigh against the existence of a reasonable expectation of privacy since the proper interpretation of the relevant provision itself depends on whether such a reasonable expectation of privacy exists” (214-215). Cromwell characterizes PIPEDA as a piece of legislation that is meant to protect the personal information of individuals by restricting non-consensual disclosure, and not as a legal tool for the warrantless access of information by law enforcement (215).

Yet, R v. Spencer is only one Supreme Court decision out of many. An understanding of what a ‘reasonable expectation of privacy’ actually is continues to be decided, literally, on a case by case basis.

While an understanding of the meaning of privacy is important to the interpretation of privacy legislation, it is also just as essential to understand the function that privacy serves to individuals and to society. The next section will investigate this topic by examining another of Westin’s taxonomies, along with a discussion of the kinds of harms that can be sustained from privacy violations, and the lasting impacts of the erosion of privacy on society.

Top of Page Home