Categories
Uncategorized

Privacy for Corporations

Are Corporations People?

“Corporations are people, my friend” said Mitt Romney in 2011 during his ultimately unsuccessful presidential campaign against Barack Obama. But we all know that he is not correct. Corporations (or any disembodied entity like companies, trusts, partnerships etc) cannot be embarrassed about an unexplained lump on an inconvenient body part, or feel the need to hide a secret love of Rick Astley tunes from their friend group, or, perhaps more importantly, have a need to suppress public knowledge of racial or cultural origins, a current or prior disability or of a personal religious belief for fear of vilification. Let alone the inability to have their liberty curtailed by spending time behind bars for breaking the law.

What is Privacy Protection For?

Indeed privacy is primarily about these issues. Privacy helps protect minority individuals from persecution by ensuring that they are the only one’s who can reveal their private information… to whom they desire & if and when they so choose . The other purported benefits such as protection from identity theft or reduction in being hassled by telemarketing companies are, in fact, primarily treated via other legislation. Note that the right to ensure that data held about you is accurate (and therefore decisions based on such are well informed) is related to privacy, but actually does not relate to the right to have that data restricted from distribution.

Fair Use vs Privacy

Fair use (not privacy) is the concept that it is a form of con job if you ask for someone’s information for one purpose and then use it for another purpose, which may be harmful to that person. The idea being that if the person had known the other secondary purpose was a potential use and that that secondary use may result in a negative outcome for them, then they must be allowed to have chosen to restrict the provision of the information in the first place. But what if the secondary use is for regulatory compliance checking or criminal investigation. If such information collection is compulsive then the individual could not have chosen to not provide to the second use. So secondary use, in such cases, is simply a more efficient method than compulsively re-asking for the same information.

Privacy as a means to hide criminal activity

Privacy rights do not imbue an individual (nor their agent) the right to restrict access to information based on the argument that it may reveal the individual’s illegal activity and therefore result in a negative outcome for them. This is called obstruction of justice. So, if a regulator or police investigator is attempting to detect, prevent or discourage illegal activity, individuals do not have the right to prevent data about them being used for this purpose. This is doubly so for corporations, partnerships, companies, and trusts etc. Firstly, privacy does not apply to these disembodied entities as explained above and secondly these organisations are simply legal entities which possess publicly recognised and accepted associations between multiple individuals. These associations (e.g. a corporation) and the entity’s rights and privileges are bestowed by community licence. Therefore their privacy is anathema to the community’s ability to oversee whether the community licence should continue to be granted.

Privacy should not be granted to corporations (only to the individuals inside them)!

Implications

This is particularly important for regulators; whether they be regulators of markets, industries, elections or parts of government. If they are conducting regulatory compliance assessment activity they are looking for non-compliance with regulation. Mostly this is regarding the actors within a market or industry that are corporations or are, at most, individuals as it pertains to their activity in a market. None of this should be considered private information. So regulators, government agencies and 3rd party data holders should be able to share data about corporate activity without having to consider the corporation’s “privacy”. Even sole trader’s data will only be of interest in so far as it relates to the sole trader’s activity in the market. Such activity needs to be transparent to regulators and so, it too, should not be subject to privacy.

Similarly corporations cannot claim commercial-in-confidence as regulators are not competing with them. Such data, of course, should not be shared by regulators with competitors nor shared publicly; but it can be safely used for regulatory compliance analytics work.

If the data required to assess regulatory compliance is inextricably inter-twined with an individual’s preferences for Rick Astley tunes, then we may have a problem.

So does your organisation separate the information about individuals from that of disembodied entities (e.g. corporations) and treat these cohorts differently with regard to privacy legislation or is at all treated in the same way?

https://www.linkedin.com/pulse/privacy-corporations-jeffrey-popova-clark/

This article is the second in a Regulatory Analytics series. The first, titled Auto-Compliance is about the concept of Presumed Omniscience and the power this confers to make markets and other community interactions fairer and more productive (see https://www.linkedin.com/embeds/publishingEmbed.html?articleId=7326197899618471194 )