February 11th, 2025 // Did someone forward you this newsletter? Sign up to receive your own copy here.

A new definition of online privacy

Do we need to rethink the definition of privacy online?

This was the question that Sheila Warren, Project Liberty Institute’s new CEO, posed at a panel at Future House in Davos, Switzerland, during The World Economic Forum last month.

The panel featured Meredith Whittaker, President of the messaging app Signal, and Kenneth Cukier, Deputy Executive Editor of The Economist. (You can watch the entire session here.)

Traditionally, online privacy refers to the ability of individuals to control their personal information and determine how it’s collected, used, shared, and stored online. 

But Whittaker suggested that this conception of privacy is too “sterile”—that we need a broader definition. The fact that what is criminal in one jurisdiction is permitted in another points to our definitions of privacy and illicit online activity as ever-evolving.

“We forget that the definition of what is illicit is a fluid and flexible definition. We are seeing a moment in time where the definition of what is illicit is shrinking in some places and expanding in other places,” Warren said.

In this newsletter, we’re taking a step back: Why is our current definition of privacy so narrow? What is the benefit of a more expansive definition? And what does that mean for the future of data rights and the internet?

// Our evolving understanding of "privacy"

Warren remarked that in law school, she was struck by the fact that “there is no defined right to privacy.” The fluidity of our understanding of privacy stems not just from the lack of a commonly agreed-upon definition but also from technological breakthroughs that have challenged us to examine privacy from new angles.

Cukier explained that in 1890, Louis Brandeis, a lawyer and U.S. Supreme Court Justice, and Samuel D. Warren II, another prominent lawyer, penned an essay called “The Right to Privacy.”  It would become one of the most influential essays in the history of American law.

The article was written, in part, as a response to a new technology at the time: the camera. The authors saw photographs (from a nosy tabloid press) as an invasion of one’s privacy and suggested that privacy is “the right to be let alone.” As Cukier described, the right to be let alone is “not an informational right, but a physical right.”

In the panel, Cukier and Whittaker built upon this historical definition to suggest that privacy is something more expansive and even physical than how it’s currently conceived. It is the right to intimacy, the right to love, the right to explore ideas, the right to experiment without retribution or shame, and the right to dignity and liberty.

This embodied definition gets flattened when translated into online spaces. Today, online privacy tends to be more narrowly-defined around information: what information to share and what information to withhold.

// The uphill battle to true privacy

What has flattened and sterilized our understanding of privacy is an internet ecosystem built by Big Tech that seeks to limit individual privacy in the interest of surveillance capitalism—the collecting of data for profit.

“We live in a world where we are more surveilled and classified than any other time in human history,” Whittaker said. It’s no wonder an embodied and more expansive definition of privacy suffers when online platforms’ set their default settings to unsecure and open.

In the early days of the internet, Whittaker said that regulators allowed two “original sins” that have become major threats to privacy today.

1. Lawmakers in the 1990s imposed few restrictions on private companies surveilling their internet users. The lack of consequences for this surveillance created foundational precedents that the ecosystem of commercial actors continues to use today.
2. Lawmakers supported and endorsed advertising as a primary business model of the internet. Pushed by the advertising industry, this created a “huge incentive to gather more data and open the floodgates.”

Cukier noted that in the U.S., surveillance happens every day (the U.S. Postal Service photographs every piece of mail sent, and government agencies like the NSA have been accused of improperly collecting phone call data from U.S. citizens), but still represents a threat to individual privacy. 

Fundamentally, as Whittaker said, in today’s tech world, “there is no business model that provides the level of revenue that is expected in tech for meaningfully private communications.” So what do we do? Is there a way forward?

// Reimagining data rights

In the power struggle between Big Tech and everyday people, the focus has often been on data ownership—who controls and profits from our information. But Whittaker offers a sharper critique: The real issue isn’t just who owns our data, but that it exists at all. True privacy isn’t about managing or reclaiming data—it’s about ensuring it was never collected in the first place.

“We need to rethink what data is and de-naturalize this idea of data as an organic off-gas of ourselves that has been captured in a jar by these companies. A lot of data is methodologically shoddy answers to questions that help sell ads and not actually an organic production of who we are.”

Alternative messaging platforms like Signal do this. They try to capture as little data as possible about their users because they see it as a fuller, more embodied representation of privacy. That is, the right to be let alone.

This is where the heady, more expanded concept of privacy gets translated into code and policy: by choice or law (like last year’s American Privacy Rights Act), platforms could not collect any data about users. The result would require a significant shift in the advertising-based business models that have become so popular (Signal, for example, is a nonprofit). Still, it could lead to innovations in how platforms make money and share profits:

• Platforms like X and YouTube charge for annual subscriptions that exempt users from watching ads (though such platforms still collect data).
• Platforms could share advertising profits with the people who consume those ads (This is how WeAre8 has designed its platform: its users (their term is citizens) get paid to watch ads).

The current tech business models force a tradeoff between privacy and profit. The more we embrace a different definition of privacy, the less profit there is for the platforms that generate revenue through targeted ads. 

But that’s just the current status quo. Warren ended the session by saying that there are different business models—an entire fair data economy—where the profits are more “reasonable” (than the Big Tech standards) and more distributed among the people who create the value. 

There’s never been a more promising time to build new business models, technologies, and innovations that unite privacy and profit.

We’d love to hear your perspective — reply to this email to share your thoughts.

Project Liberty in the news

// The Robust Open Online Safety Tools (ROOST) Initiative launched at Paris AI Summit, according to an article in Tech.eu. ROOST, of which Project Liberty Institute is a founding partner, creates open and accessible tools that put safety back in the hands of the people.

Other notable headlines

// 🤖 A journalist from The Verge tested ChatGPT’s deep research with the most misunderstood law on the internet, Section 230. It got the facts right but the story wrong.

// 📱 An article in WIRED provided the real story and inside scoop behind the bust that took down Pavel Durov and upended Telegram.

// 🧭 Google Maps turns 20 years old this weekend. An article in The Guardian featured its origin story.

// 🏛 Amid takedowns of various government sites and databases, several organizations are working to preserve vital climate, health, and scientific data before it’s gone for good, according to an article in MIT Technology Review.

// 🥷 A series of articles in The Economist explored the vast and sophisticated global enterprise of online scams and fraud.

// 🎨 Most experts agree that tech companies should pay creators whose work is used to train artificial intelligence. But according to an article in Bloomberg, deciding on the right number is the hard part.

// 🌐 To fight algorithm addiction, WikiTok cures boredom in spare moments with wholesome swipe-up Wikipedia article discovery according to an article in ArsTechnica.

// 🙏 An article in The Economist discussed how TikTok became a religious pulpit. Social media is changing people’s faith in unexpected ways.

Partner news & opportunities

// Tackling loneliness in the digital age

February 26th at 12pm ET | Virtual

Join Children and Screens for the Ask the Experts webinar where a panel of psychologists and researchers will explore how digital devices and social media impact children’s emotional and social well-being. Register here.

// FAI’s The Dynamist explores tech policy shifts

In the latest podcast episode of The Dynamist, FAI dives into the evolving landscape of U.S. tech policy. Garry Tan, President and CEO of Y Combinator, joins the discussion on how “Little Tech” startups can thrive amid Big Tech dominance and regulatory changes. Listen here. 

// NewsGuard releases AI misinformation audit

Recently, NewsGuard released the January edition of its AI Misinformation Monitor, a misinformation audit conducted in 7 languages across the world’s 10 leading generative AI tools. This critical work serves as a foundation for tracking how AI tools handle false narratives in the news.

What did you think of today's newsletter?

/ Project Liberty builds solutions that help people take back control of their lives in the digital age by reclaiming a voice, choice, and stake in a better internet.

Thank you for reading.