Crises disorient, but they also have a clarifying effect. They focus attention by forcing decisions. In Italy, for example, bioethics turned from a relatively abstract intellectual endeavor into a practical necessity when COVID-19 patients began to flood the hospitals of Lombardy in early March. Since there simply weren’t enough ventilators to keep everyone alive, doctors had to decide who would receive life-saving equipment. The principle they settled on was utilitarian: those with the highest statistical chance of survival would receive the best care. It was a choice born out of the demands of an acute emergency situation.
It’s a similar situation with the growing debate over public health and privacy. In theory, the inviolability of personal space and data is deeply anchored in our legal architecture and cultural norms. Yet such abstractions tend to crumble under the pressure of a crisis, like the one in which we currently find ourselves. The logic of fundamental rights has swiftly been replaced by the logic of incommensurability, according to which an insistence on privacy protections will necessarily hinder attempts to contain the spread of COVID-19 through contact tracing, quarantine, or movement tracking. The apparent choice is now between a rejection of medical advice and a renunciation of privacy. And if those are indeed the only options, privacy is unlikely to prevail. No amount of ventilation will save it from certain death.
But is this true? Does the fierce urgency of now require the subordination of privacy to public health, or worse, imply its sudden demise? For more than a century, newspapers and magazine have published obituaries to privacy under headlines like “No Privacy in City Life” (The Los Angeles Times, 1902), “Is Privacy Dead?” (Newsweek, 1970), “The Death of Privacy” (Time Magazine, 1997) and “The End of Privacy” (Science, 2015). Yet it has stubbornly refused to die. Decades of infectious disease campaigns did not kill it off, and neither did the subsequent rise of computational databases and digital surveillance. In fact, Supreme Court decisions like Katz v. United States (which held that warrantless wiretapping constituted a violation of privacy under the Fourth Amendment of the US Constitution) or the European General Data Protection Regulation (GDPR) arose precisely during periods when new technological capabilities, new techniques of governance, and new business models seemed to drive a stake straight through the heart of established conceptions of privacy. Indeed, premature proclamations of death are one of the great fallacies of contemporary privacy discourse. They misconstrue reality and, perhaps more importantly, impede attempts to shape the future trajectory of the right to privacy.
Privacy – a vague concept
There are three related reasons why it is empirically misleading and politically misguided to treat the collision of privacy and public health as a zero-sum game. First, privacy is an excessively vague concept. It appears in discussions about wiretapping, contraception, sexual intercourse, domestic life, communication technologies, gender roles, digital markets, financial transactions, and a great number of other contexts. In fact, privacy is so vague that it has often functioned as a negative space: it is heavily defined by what it is not. For example, the governance of mail privacy has historically been built on a series of exceptions that waived the sanctity of the seal for undeliverable letters, for shipments that needed to clear customs inspections, for some forms of merchandise, and for foreign mail during wartime. Likewise, the vagueness of privacy means that it frequently becomes entangled with other substantive ideologies. For much of the nineteenth century, mentions of privacy functioned as a thinly veiled reference to gender norms that relegated women to the domestic sphere but treated the “public” life of politics and business as the domain of men. And during the 1960s, privacy jurisprudence protected access to contraception for married couples by merging the defense of an inviolate private sphere with heteronormative ideals about the nuclear family.
For much of the nineteenth century, mentions of privacy functioned as a thinly veiled reference to gender norms that relegated women to the domestic sphere.
Especially during crises, such exceptions and entanglements can give substance to an otherwise vague idea. But what is their proper scope? This is especially crucial when bio-surveillance utilizes legacy technologies that were originally developed for an entirely different purpose — as is currently the case in many countries around the world. For example, post-9/11 security operations often distinguished between foreigners and citizens when collecting and analyzing data. But is this logic really appropriate when fighting a virus that respects no borders and carries no passport? Applying legacy technologies during infectious disease outbreaks requires their disentanglement from the ideology of counterterrorism, just as a reliance on private-sector surveillance systems requires the disentanglement of public health necessities from the profit motive. In short, pandemic containment and privacy are intimately linked because the former concretizes the latter, not because more of one implies less of the other.
This leads to the second point. Privacy takes shape within specific socio-political settings. The privacy norms that govern intimate relations differ from norms that govern financial transactions or the connection between a state and its citizens. The privacy scholar Helen Nissenbaum refers to this as the “contextual integrity” of privacy: the gathering and dissemination of information must be appropriate to specific contexts and must not be unwittingly carried into other contexts. For example, doctors are often required to report infectious disease outbreaks to public health authorities, and such reporting is widely considered as a justified exception to patient-doctor confidentiality. Still, it would be inappropriate for doctors to broadcast someone’s COVID-19 diagnosis to the entire neighborhood or to sell it to private healthcare providers and advertisers. Yet such context-specific norms are neither self-evident nor static. In the United States, the growth of the women’s rights movement and the widespread use of consumer surveys after World War II led to a reassessment of medical and informational privacy and to prolonged contestation between activists, government agencies, marketing firms, and judges about the substance of privacy in modern society. Privacy is contextual, but also an object of perpetual contestation.
It would be inappropriate for doctors to broadcast someone’s COVID-19 diagnosis to the entire neighborhood or to sell it to private healthcare providers and advertisers.
The current pandemic is best understood as a highly specific context with unique norms and standards of conduct. Practices that might be entirely inappropriate during other periods can suddenly become socially acceptable – not because privacy has died, but because the substance of privacy is necessarily tied to the context of its articulation. Its governing logic is the logic of practice. What we thus have to guard against is the diffusion of emergency logics across time and space, not the redefinition of privacy per se. Many technologies and tactics that are used during the fight against COVID-19 are likely to outlast this particular pandemic and diffuse into the routine operations of policing and monitoring and into the durable infrastructures of state- and market-led surveillance. What will emerge as the new normal once infections begin to decline?
Privacy as a cause
Third, privacy is a cause rather than a consequence. We often treat it like we would treat the shadow cast by a hand puppet: if the puppet jigs and dances, so too will its shadow. If targeted advertising or contact tracing increase, privacy disappears. But this mechanistic view undervalues both the profound indeterminacy of privacy norms – see above! – and their social significance. The choices we make today as we pass emergency legislation, establish regulatory guardrails, construct new databases, and determine the context-specific meaning of privacy during the COVID-19 pandemic are likely to have significant downstream effects that will diffuse into adjacent domains of state practice and into the private sector. It’s worth remembering what the scholar Langdon Winner once wrote about the politics of technology. He argued that most technical systems are powerful precisely because they can be adapted to serve a multitude of ends and agendas. That’s why initial design choices matter greatly: it is often easiest to change technologies or behavior during infancy. Once they become settled and sedimented, course corrections are more difficult to pursue.
The fierce urgency of now
This final point returns us to the fierce urgency of now. What matters most during an acute crisis is neither a fight for dominance in a zero-sum setting, nor abstract pondering of post-pandemic social norms. The time will come to articulate those norms, but it has not yet arrived. The most consequential thing we can do today is to insist on considerations of privacy rights during the initial drafting of legislation and the design of algorithms and databases that make bio-surveillance possible. They should be minimally invasive and reversible once the needs of containment are satisfied.
The logic of incommensurability misconstrues each of these points. It treats privacy and public health as mutually exclusive social goods instead of seeing them as mutually constitutive. It accepts the temporary loss of privacy as a necessary concession instead of engaging directly with the substance of exceptions and entanglements. And it undervalues the importance of early design choices and legislative action for the long history of privacy.
But perhaps history can offer an encouraging lesson. Between the middle of the nineteenth century and the early decades of the twentieth century, the fight against infectious diseases in the United States turned into a nationwide endeavor that linked municipal health authorities to State Boards of Health and a federal Public Health Service. An important task of this expanding bureaucracy was the containment of diseases like tuberculosis, cholera, and smallpox. This was no small task: in 1900, Tuberculosis still ranked among the most common causes of death in the United States, where about one in forty urban residents died from infectious diseases. Thus cities established "sanitary police corps” to combat infectious diseases through tighter community surveillance and relied on law enforcement to assist with public health work. The reporting of vital statistics and infectious disease outbreaks became standardized, which allowed for greater statistical accuracy and targeted interventions.
The “health of the people” became the guiding standard of governance against which the legality of state power could be judged and justified.
And the “health of the people” became the guiding standard of governance against which the legality of state power could be judged and justified. In short, the fight against infectious diseases birthed new forms of state power, new forms of knowledge about individuals and populations, and new logics of state legitimacy. But it did not kill privacy. Throughout much of the twentieth century, privacy protections for medical data increased and became more formalized — not despite the fight against infectious disease, but because decades of public health campaigns had helped to give new shape to the idea of medical privacy, had imbued it with tangible significance, and had turned it into a salient political issue.