Just read an interesting paper on the Internet of Things and privacy by Jeroen van der Hoven and Pieter Vermaas. According to them, privacy regulation is justified, because it aims to reach the following moral goals.

Prevention of information-based harm.
Personal information can be used by criminals to inflict personal harm, like stalking, or identity theft.

Prevention of informational inequality.
Personal information is valuable. Increasingly, there is a market for this type of information. This market must be transparent and open for all.

Prevention of informational injustice.
Information from one personal sphere should not be used to make decisions in another sphere. Personal information is context dependent, and should not float from one sphere (medical) to another (work).

Respect for moral autonomy.
One’s moral identity should not be fixed by the views of others (based on personal information obtained). People change, and may change opinion over time.

What is missing in this list of goals is “prevention of discrimination”, or, to phrase is positively, the “right to be treated equal despite obvious differences”. The authors do not consider this as part of “prevention of information inequality”, and I think it is important enough to warrant separate mention.

The authors also argue that even decentralised storage and processing may constitute a privacy violation. This may be plain obvious, but worth mentioning because often the metaphor of Big Brother or the Panopticon – that stress the centralised form of surveillance – is used to explian the importance of privacy.

Finally, the authors give examples of technology that by its very nature is privacy invasive. RFID tags have a unique number that makes them (and the persons carrying them) traceable. Such technology itself should be regulated (like the EU recommendation to “kill” RFID tags at the point of sale, or the Japanse requirement that cameras in mobile phones must make a clear sound or ignite a flash whenever a picture is taken). One should not rely on data protection mechanisms here.  To quote: “But [one] need[s] to engage information technology upstream, when it is technology, and there is not yet information.”

Reference: Hoven, Jeroen Van Den and Vermaas, Pieter E.(2007) ‘Nano-Technology and Privacy: On Continuous Surveillance Outside the Panopticon’, Journal of Medicine and Philosophy, 32: 3, 283 – 297.