Hence, the Snowden case notwithstanding, protecting privacy is still often ineffective and increasingly challenging in our digitally networked society. Recent cases like the Facebook/Cambridge Analytica scandal, where more than 80 million personal user profiles were misused, leave no doubt that privacy is seriously threatened, which ultimately causes considerable damage to democratic processes (Hern and Pegg 2018; Nicols 2018). Despite the severity of this case it is just the tip of the iceberg or a symptom among many, indicating a serious “disease” that privacy protection suffers from in the digital age. But is there any chance for healing, at least in the longer run? Obviously, this question is far from being easy to answer and requires a closer look at the course of this “disease” of privacy and its consequences. Or is privacy trapped in a dead end? The short answer to this question is clearly NO. Privacy is neither dead and nor has it become a “walking dead”, though, indeed, considerable action is needed to revitalize it. In other words: medication is not enough—there is need for intensive therapy and the will to recover, not least because ultimately nothing less is at stake than a free, democratic society. Imaginings of a post-privacy era without protection are thus rather illusive and fatal in this regard.

Basically, the recent data protection reform of the European Union (EU) is a strong indicator that society is trying to cope with privacy issues to ease this “disease”. The newly created General Data Protection Regulation (GDPR), effective since May 2018, enforces private and public institutions to take data protection much more seriously. This paves the way for a reinforced privacy regime in Europe and may have stimulating effects on a global level to strengthen privacy as a fundamental human right. However, although updating legal frameworks is highly important, the effectiveness of regulation depends heavily on its practicability in socio-technical practices. Furthermore, even activities which do not violate data protection laws can be ethically problematic. A core problem of contemporary society is that the processing of personal information is often opaque and it is often unclear to what extent privacy is really affected. To improve the quality of protection measures thus essentially requires a deeper understanding of privacy impacts and of the very mechanisms inherent to socio-technical practices enabling privacy-intrusive activities. Today, digital information flows can include not merely one but various applications, often appearing as a conglomerate of multiple, interwoven technologies. Given the complexity of digital technology, there is a certain risk of getting lost in technological conflation when analyzing privacy impacts. Therefore, it can be very challenging to grasp the extent to which a technology, application or service bears privacy risks. As a consequence, it is equally difficult to implement effective protection mechanisms. Overall, privacy suffers from its generally abstract conceptualization and a broad range of socio-technical threats. A basic motivation of this book is thus to shed light on the theoretical understanding of privacy impacts. This can facilitate privacy impact assessment (PIA) as well as the implementation of privacy safeguards in the realm of privacy by design (PbD). Both issues are of utmost importance for the GDPR, and in particular the former—PIA—is an essential precondition for the latter. In accordance with the new regulation, new approaches are necessary to implement PIA and reinforce levels of privacy protection. This requires an analysis of the core functions of privacy and the main issues challenging their effectiveness. This book ties in here by putting emphasis on the interplay of privacy and (digital) identification, because privacy and identity are essentially linked, sharing a naturally close relationship. The extent to which this relationship is affected by ICTs and the related socio-technical practices is explored, to grasp the emergence of privacy impacts as well as approaches to improve corresponding safeguards. Based on the results, a novel framework for PIA is proposed to contribute to the theoretical understanding and practical implementation of privacy protection. This framework focuses on identifiability and includes a typology of the basic types of identifiable information. The typology supports the analysis and mapping of identifiable information flows. This can contribute to improving the quality of privacy protection and corresponding standards in the longer run.

Cyberneticist Norbert Wiener once stated: “We are but whirlpools in a river of ever-flowing water. We are not stuff that abides, but patterns that perpetuate themselves. A pattern is a message, and may be transmitted as a message” (Wiener 1954: 96). In line with Wiener’s notion of humans as self-perpetuating patterns, our identities may be perceived as unique patterns representable by information. This is not to be misunderstood as a reductionist approach (as partially suggested by classical cybernetics assuming analogies between human beings and machines). Apparently, identity is more than a unique pattern of (computable) information. Identity is a multifaceted phenomenon with various meanings and functions in society, hardly explainable by machine analogies or similar mechanistic views. But irrespective of its multiple functions, the peculiarities of an identity are representable by unique pieces of information enabling recognition that one entity differs from others. Against the background of an increasingly digitized, networked society, co-shaped by technology, the notion of identity as a pattern represented by information is of special relevance. ICTs created new ways of gathering and processing information about individuals serving a variety of social, economic and political purposes. Substantially, every use of ICTs may generate various forms of information suitable for identifying a particular person.

ICTs are not merely technical tools but integral parts of society serving various societal functions; they represent socio-technical systems which shape society and vice versa. With their rapid progress and widespread diffusion, ICTs deeply pervade a broad array of societal domains and everyday-life contexts. This pervasion entails what Moor (1998: 15) called “informational enrichment” (or informatization) of societal activities as well as their conceptions. This means that ICTs enabled new options to digitally represent and process information about societal entities such as organizations, domains, objects, or people and the activities involved. Consequently, ICT usage also affects the representation of identities, which today can be easily embedded in networking structures. This can reinforce identifiability because contemporary technology offers various methods of direct and indirect identification. In this regard, increasing identifiability is an important side-effect of the (digital) information age. In the “age of identification”, as Hildebrandt (2008: 56) once stated, our personal identities are embedded in and exposed to a magnitude of digital environments. Technology alters the way identities are represented, organized and handled by individuals as well as groups and institutions (Whitley et al. 2014). These developments are phenomena of the “network society” as described by Manuel Castells (2000: 5) as a “social structure characteristic of the Information Age”, triggered by globally networked ICTs. The structural setting of society changed with technology, adding a specific informational layer to the social structure. As “information processing is at the source of life, and of social action, every domain of our eco-social system is thereby transformed” (Castells 2000: 10). Castells realized early the deep structural shifts in society resulting from informatization. Today we may speak of a networked society as networking structures occur within and between offline and online environments in many respects, enabled and reinforced by ICTs. Hence, these shifts did not merely affect how information is structured and processed in digital environments. Society has increasingly entered a stage of convergence between analog and digital environments with information as a driving force in our whole ecosystem (Floridi 2010; Hofkirchner 2010). This ongoing socio-technical transformation proceeds quickly and is hard to grasp; or in other words: “Our technological tree has been growing much more widely, rapidly and chaotically than its conceptual, ethical and cultural roots” (Floridi 2010: 5). Floridi uses the term “infosphere” to describe this transformation embracing the (ontologically) powerful nature of information. The infosphere “denotes the whole informational environment constituted by all informational entities (thus including informational agents as well), their properties, interactions, processes and mutual relations” (Floridi 2010: 6). This infosphere constantly alters with ICTs and describes a highly dynamic environment comprising analog and digital settings,³ linking online as well as offline domains. Hence, socio-technical change reaches a new quality including an incremental shift of the boundaries between society and technology, physical (or analog) and digital environments. As Verbeek (2011: 30ff.) pointed out, humans are “profoundly technologically mediated beings” and “technology is part of the human condition”. Technologies basically represent socio-technical systems that affect the human condition and vice versa. ICTs highlight and enforce this interplay: their rapid diffusion and usage entails increasing connectivity and permanent availability of always-on computer devices, employed in various domains. There is an observable dramatic increase in digitally networked environments, reinforcing further growth in the amount of digital information. While in the year 2001 the number of global Internet users was about 500 million, today there are over 3.5 billion Internet users worldwide (ITU 2017). Network providers predict the amount of global internet traffic will soon exceed one zettabyte per year (10²¹ bytes and about one trillion gigabytes). Mobile computing in particular is on the rise. In 2016, about 50 percent of global Internet traffic resulted from wireless and mobile devices. By 2021, over 60 percent is expected. The number of networked devices is assumed to be three times higher than the world’s population, i.e., more than 27 billion devices (Cisco 2017). Against this background, visions of a globally networked information society including classical notions of pervasive or ubiquitous computing, ambient intelligence, etc. (Weiser 1991; ITU 2005) take more concrete shape with developments in the realm of “smart” technologies, the Internet of Things and similar trends. The general boost in digital networks is accompanied by a further expansion of digital information processing. With these developments, individuals and thus their identities are increasingly interconnected and represented by their digital information, prominently highlighted by, but not limited to, Web 2.0 and social media platforms. Digital identities are already involved in a broad variety of interactions (e.g., information exchange, communication, collaboration, sharing and creating content), among others fulfilling (and stimulating) the societal need to communicate and exchange with others. But this also entails further growth in the amount of personal information, personalization and uncontrolled information disclosure. Trends in the realm of big data, machine learning and so-called artificial “intelligence” (Mayer-Schönberger and Cukier 2013; Strauß 2015, 2018), aiming to exploit data from everyday life for novel se...