REPORT – Why Collection Matters: Surveillance as a De Facto Privacy Harm

Consumer privacy remains one of the most pressing issues in technology policy. The interactions between individuals and service providers generate a great deal of data, much of it
personally identifiable and sensitive. Individual users are transacting more and more data online with each passing year, and companies have begun exploring what insights and lessons they can glean from consumer data, via storage, processing, and analysis of exceedingly large data sets. These practices, loosely described as big data, have raised questions regarding the appropriate balance of control between individuals and companies, and how best to protect personal privacy interests.

In terms of privacy protection, some theorists have insisted that advocates must articulate a concrete harm as a prerequisite for legislated rules, or even self-regulation. Others have argued that privacy protections should focus exclusively on curtailing controversial uses rather than on the collection of personal information.

This paper argues that consumers have a legitimate interest in the mere collection of data by third parties. That is, big data collection practices per se, rather than bad uses or outcomes, are sufficient to trigger an individual’s privacy interests. Today, big data collection practices are for the most part unregulated. As collection, retention, and analysis practices become increasingly sophisticated, these threats will only increase in magnitude, with a concomitant chilling effective on individual behavior and free expression.