This post is sure to be controversial and raise hackles among some readers. It is not meant to disparage lawyers or even privacy professionals but rather identify a gap between them.
Many legal professionals enter the privacy profession, not as a result of personal interest in the topic, but rather through career paths that had them addressing organizational compliance with laws categorized as “privacy” or “data protection.” This isn’t a bad thing. Organizations need to comply with the complex and often contradictory laws under which they operate, and they need professionals to help them do so. And this certainly isn’t meant to belittle anyone who, upon seeing that market opportunity, pursued the profession with vigor. Unfortunately, for many it’s only “the paycheck that binds” them to the profession.
First off, one must acknowledge that privacy law is not privacy.
Privacy is much more expansive and encompassing a topic; it is about the boundary between an individual and others in society. The law does not and cannot address every instance of social interaction to define the appropriate terms of each boundary. Determination of the nature and scope of a boundary involves a complex interplay of factors: social and cultural norms, relationships, subjective beliefs, technology, and context. This is a burgeoning realization. Omer Tene recently discussed this in time to fully investigate all possible ramifications of their decisions and make rational choices.
Personal decisions also ignore social changes. Those decisions may support what may ultimately return to affect the individual in unforeseen ways. Plus, individuals don’t have the negotiation power to enact change. Consent is often illusory. If every market player holds the same position, a consumer’s only choice is to exit the market. Hermitization is not a very palatable option for most. Even if individuals are fully informed of the risks, cognitive biases prevent rational decision-making when rewards are immediate but consequences are delayed.
Given the limited ability of the law to bring parity to parties involved, the lawyer’s role is equally constrained. A lawyer is to be a zealous advocate for their client’s interest. When an organization asks its attorney, “Is this legal?” the resulting response of “Yes,” “No,” or “It depends” is irrelevant. The problem lies in the question, for it forgoes all analysis beyond the bounds of the law.
In my discussions with many legal privacy professionals, they seem to be narrowly focused on the role of and compliance with the law. They become shackled by it, limiting their ability to see beyond it and understand the need to achieve a balance of interests. My introduction of privacy issues and concerns outside the bounds of a regulatory requirement are met with blank stares or derisive commentary. This is not to say it is reflective of all lawyers in the profession, and perhaps, I’m stereotyping unnecessarily. However, I’m not the first to express this privacy as trust. Essentially, trust is the belief by individuals that the organization they patronize doesn’t abuse the power differential it has to its advantage. Organizational leaders must make a conscious choice to aspire to this relationship equity.
And it’s privacy professionals who should be there to facilitate that choice.
photo credit: 3D Scales of Justice via photopin (license)