Facing Up to the Generational Privacy Divide

Last week hundreds of privacy regulators, corporate officers, and activists gathered in Jerusalem, Israel for the annual Data Protection and Privacy Commissioner Conference.  My weekly technology law column (Toronto Star version, homepage version) notes the conference theme focused on the perception of a growing privacy divide between generations, with older and younger demographics seemingly adopting sharply different views on the importance of privacy.  

Many acknowledged that longstanding privacy norms are being increasingly challenged by the massive popularity of social networks that encourage users to share information that in a previous generation would have never been made publicly available for all the world to see.  Moreover, rapid technological change and the continuous evolution of online sites and services create enormous difficulty for regulators unaccustomed to moving at Internet speed.

Given these changes, the conference asked participants to question whether privacy norms are at a breaking point with conventional laws, regulations, and principles rendered irrelevant in the face of the generational and technological shift.

The response from many participants – both privacy experts and those studying online youth – was that privacy remains an important value. Recent studies in the United States and New Zealand both found that people want it all: robust, interactive social networks and privacy protection.   

Experts pointed to two explanations to reconcile the desire to be openly online and maintain privacy.  First, they noted that online social networks are merely social spaces that replicate what we commonly do socially offline including chatting with friends, gossiping with co-workers, and connecting with family.  In the offline world, these activities rarely raise privacy concerns since sharing photos or discussing recent activities is not perceived to be a privacy issue.  Once those activities move online, the privacy implications can become dramatically different.

Bringing offline social activities to the online environment raise a host of issues, including the notion of “collapsed context.” In the offline world, we interact with many different groups, such as friends, family, and co-workers, with conversations and information sharing that differs for each.  In online social networks, the context for those different conversations is collapsed into a single space. Moreover, the information from online social networks never disappears and the context for a photograph, video or conversation from years earlier is often lost.

Second, privacy experts argued that social media companies make it too difficult for users to protect their privacy by establishing open privacy settings as the default. Facebook and other social media sites give users the ability to adjust those settings, yet over the past few years the default settings have steadily pushed users toward greater openness leaving hundreds of millions of users with the open privacy settings that Facebook selected for them.

Pursuing the twin goals of greater openness and protecting personal privacy may seem like an impossibility, but at least three strategies to address both desires emerged from the discussions.  First, there is a need to focus on default settings by ensuring that they err on the side of greater privacy.  Users should be free to make their information as openly available as they wish, but guarding against inadvertently exposing a photo, video, or embarrassing comment requires default settings that enshrine privacy as the norm.

Second, education is needed on the implications of privacy, social networks, and sharing information online.  Online social network offer tremendous opportunities to mirror and extend our offline networks, yet many users have yet to fully grapple with differences and the potential implications.

Third, there is still a role for regulation and the law.  Although it will invariably lag behind the rapid pace of technology, it is important for companies to understand the legal limits on collecting, using, and disclosing personal information and for users to know that the law stands ready to assist them if those rules are violated.


  1. Our freedom
    With “cookies” that cannot be destroyed, and kids’ websites using them the most, responsible parents should teach their children to only use pseudonyms, like their nicknames when online AND use anonymizing services. Our government recommends that we all use anonymizing services here: (“Surf anonymously by using third party software that hides your real IP address.”) In upholding the right to anonymity online, the U.S. Supreme Court said “our society accords greater weight to the value of free speech than to the dangers of its misuse.” (Abrams v. United States)
    The danger is that in passing laws like C-32 we set ourselves up for a time when most copyright infringement is done anonymously, and then we will be told that we have to outlaw these same anonymizing services which we now recognize as essential for our freedom.

  2. Comment above was cut off – please add this in the … middle
    Our government recommends that we all use anonymizing services here: (“Surf anonymously by using third party software that hides your real IP address.”) In upholding the right to anonymity online, the U.S. Supreme Court said “our society accords greater weight to the value of free speech than to the dangers of its misuse.” (Abrams v. United States)

  3. Russell McOrmond says:

    Importance of privacy, or differences on what is private/public?
    I wonder if there is another dynamic here, which is a different set of ideas of what constitutes public and private information.

    I spoke about my different views on Google street geodata collection at

  4. Many might disagree with this view, but of course younger people today have a different concept of privacy. The only limitation to their communication is how fast they can type/text, they all cary cell phones which have digital cameras, it’s much more difficult to keep secrets than it once was. Services like Facebook, Twitter, blogs, etc. are the next great steps in that…digital promiscuity…share yourself, your life, with the world. It’s a fact that, in general, teens and young adults these days place less value on “intimacy” and are much more promiscuous than they would have been 20 or 30 years ago, it’s common sense that this would follow them in to the on-line world.

  5. There’s a definite shift in what people consider public and private information.

    Also, I think when newer people ask for privacy, it means that they want to know that the entity that they are in business with is not using their private information in a way they don’t like. Less of “I don’t want to be known!” and more of “I want to be known, but in ways I decide.”

  6. @Chris A
    I think you’ve probably hit the nail on the head there.

  7. Kevin Beckford says:

    The “experts” need to incorporate the nature of education in canada
    In Canada, we do not teach critical thinking until post secondary school. Education up to that point, although acceptable, is essentially training on how to perform rote tasks during daylight hours. I make this point because critical thinking and logic, and the internalization of these things, are what gives a person resistance to many types of societal pressure and media manipulation. I feel we see the natural rebellion of teens and we assume that this intractability indicates critical thinking. In short, we assume that we are not like the other mammals.

    That’s incorrect. We are just like the other mammals, and as we grow into maturity, we test our pack leader’s control over us, and we audition in our peer group to see who will be the de facto leader, and if that person can in fact become the de jure leader.

    Why mention these thoughts in this context? One word will suffice: Territoriality.

    If nobody is teaching teens critical thinking until post secondary school, then policies that depend on the values of the Enlightenment should not infer the state of society from observing these subjects. I recall teenage life, and I speak with them from time to time. Feelings are big. Words are not. The law is text, and does not properly reflect the emotions involved in these issues, which is right and proper, since the part of our brains that governs behaviour does not have access to the speech centers.

    The emotions are strong. Privacy is very important.

    An easy test is to go sit in somebody’s house and wait for them to come home. No matter how connected they are, if they are citizens of the ‘West’ they will react poorly to this. That is the test to see if privacy values have changed, in my opinion. We want our territory defined. We are territorial. The online world is as real as this one, or Valhalla, or Paradise, or Narnia. The nature of our thinking machinery generates the same physical effects regardless.

    So, to the government and to the corporations who would sell my information and use studies of non voters to justify it I simply say “Get the hell out of my house!” Given that, much else is negotiable. My feelings on this issue are nowhere near as polite as these words.

    Thanks for supporting us , by the way. Reading your blog informed me about the issue. I don’t want to go back to the pseudo democracy of my youth.

  8. Don’t forget that in the case of companies like F you (and your personal info) are the product, not the customer. The customers are the marketers and advertisers.

    Lasciate ogne speranza, voi ch’intrate.


  9. if you want to see a social network that is attempting to meet all these needs you should check out the Diaspora project:

  10. @Claire:

    I still don’t see why I should post personal stuff on the web at large. And the concept is flawed. Even if it would be protected from all but my “friends”, there’s still the issue of offering a single, collapsed view to all the “friends” at once. I.e. everybody sees the same thing. So how do you deal with those pics that would be fine to share with your girlfriend but not with your hockey pals.

    E-mail has some advantages. You do have “an expectancy of privacy” and you can keep different “views” of yourself customized to the recipient. And personalized discussions.

    And if there’s something that you want to share with absolutely everybody, then start a blog. Like this one.


  11. John Edwards says:

    Nice post – thanks for that – I just posted on a similar topic

  12. John Edwards says:

    ps I enjoy your tweets also

  13. RE: Claire
    Good point on noting Diaspora. The problem with Facebook is that it is proprietary and externally hosted. Users who want to “share” data must upload it to Facebook servers. Once it is on those servers, their control is completely lost. Services like Diaspora on the other hand use Peer-to-Peer technology, which means no data is uploaded to an external server; the data is only hosted from your computer.

    I think the problem here isn’t merely privacy perception but rather a fundimental flaw in “cloud [hype term for web] computing in general. It is is the worst kind of application. It’s proprietary, meaning nobody can analyze it and determine what it is doing, it is web-based which means it can only be accessed from the web (and even if it was Free-as-in-freedom, there is no way to determine if the binary they have hosted is the same as the source code), and it encourages surrendering your data to external servers way out of your ultimate control. Hence, the only time I use it is for unimportant crap I don’t care about that doesn’t immediately expose my identity (save for possible logistics).

  14. Facebook
    I ran across this in search of tools to help with security features with Facebook, you may want to try it out it worked for me.

    Free Cloakguard plugin for Facebook available from:
    Download –
    Demo –

  15. @Eric: “I think the problem here isn’t merely privacy perception but rather a fundimental flaw in “cloud [hype term for web] computing in general. It is is the worst kind of application.”

    Yes but imagine the leverage it gives to the cloud providers. Not only your data is locked in their proprietary formats (and can be accessed only through their apps), but it resides on their servers too. They would 0WN you completely.

    Will the CIO’s bite? Definitely. Kickbacks, natural propensity to flee responsibility combined with various degrees of incompetence in leading a real IT organization will ensure it.

    Better just sign a contract, transfer all work and responsibility, sit back and relax while watching your bank account. If it works, increase bonus. If it blows, cash the “golden parachute” package and move to the next sucker.

    While the private sector is free to experiment as much as it can (since it’s on their own money), I would be very wary of the government going there.


  16. I would agree there is somewhat of a generational divide. However I would add another issue that i think gets overlooked within the ‘privacy’ debate. As someone who works in health informatics I would argue that privacy law is increasingly becoming politicized when it comes to the management of personal information stored by governments.
    Increasingly privacy law is not being used by governments to ensure security and improper use of personal information. Rather it is being used as leverage on data custodians to increase governmental control of how data is accessed and to ensure that the data cant be used in ways that could lead to governmental embarrassment. For example: using administrative data in academic research is being increasingly curtailed often due to ‘concerns about privacy’. Even though research ethics boards at universities have far more advanced criteria for the proper use of research using data than any government does.
    Equally we see that most provincial governments forbid access to data across inter-provincial borders citing privacy concerns – without really demonstrating why a level of access to admin data is inherently a greater privacy risk than another jurisdiction.

  17. Great, if you want to check some retail store, you can try it here:

  18. Corriador Chandri says:

    unimpressed/down right frightened
    I had posted this elswhere on this site and am now relocating it to solicit some feedback. Am I paranoid or is it a given that any use of email legitimizes the revelation of said content to the service provider to do as they see fit, ie. the sale of the information contained within the email to service providers who target you for their wares?

    unimpressed/down right frightened

    I have been using gmail for a while.
    Stumbling across a travel description in the Star or Canoe news online about “tourist” type activities in Baffin Island, my curiosity was piqued and I found videos of people “base jumping” – parachuting from fixed objects- from a mountain on Baffin Island. Having sent the videos of You Tube links to several friends, I am now being sent targetted ads in gmail about skydiving opportunities.
    I have just sent them an email complaint that I find this an “unwarranted and unsolicited invasion of privacy” that they would be monitoring the content or subject headings if my emails!
    This information is obviously being sold to those companies! I did not sign up for this!

  19. Corriador Chandri says:

    It continues!
    Having communicated w/sister, a professional musician working cruise boats in south america, I am now getting solicitations for guitar lessons and strings!
    None of the subject headings ever mentioned her instrument of choice or her profession!
    This is creepy!

    Check out her site:

  20. Revolua Registration says:

    Great Post
    A very nice informational blog. Keep on making such important blog post. Your work is really being appreciated by someone.

    Check out her site: