Big data analytics has gradually come into public view since the dawn of 21st century, yet a detailed inquiry concerning its social and legal implications has been missing in the discourse on privacy and data protection. This book, Group Privacy: New Challenges of Data Technologies, fills that void and closes the gaps between law and technology that have been largely undervalued for decades. To be specific, big data marks a fundamental transformation in the technological landscape, but existing norms are proven to have little flexibility in acknowledging that sometimes individual interests may be well shielded by law, yet leave certain collective interests unprotected. What concerns the contributors of this book most is hence a dangerous assumption that “if a person is well-protected, the group he or she belongs will take care of itself” (p. 97). Group Privacy is a lively collection of the newest discussions about extending the boundaries of data privacy law, comprising a total of 11 chapters and one concluding summary by the three editors of this book. Each chapter approaches the construction of group privacy from a unique perspective, such as legal philosophy, information ethics, human rights, computer science, sociology and geography.
The notion of group privacy is not new. Discussions have been circulating as early as the 1960s, from scholars like Westin (1967) and Bloustein (1978). However, that notion was not paid enough attention until the rise of big data analytics, which is considered, along with an entire data ecosystem that underpins this method, to be “a new epistemological phenomenon” (p. 14). Simply put, the basic rationale behind this phenomenon is that data is aggregated and analysed for general patterns, which inevitably render individuals being grouped on the basis of certain commonalities. Quite a few chapters of this book start with accounts of its underlying logic and far-reaching implications, especially on the group level. As Floridi indicates, for example, big data is employed to “formulate types, not tokens” (p. 97), that is, legal problems arising from big data analytics are more visible when individuals are grouped in the process of data aggregation and analysis.
However, the less-visible problems this book aims to explore have not been well captured by current data protection regime. Several contributors point out that the current model is problematic in terms of being anthropocentric and nominalist (Floridi, p. 98), non-aggregate (Mantelero, p. 139) and extortionate (Pagallo, p. 172). Established in the pre-digital age, such an individual-oriented model is less likely to fully acknowledge the novelty and complexity of big data analytics. Further, if attempts to construct group privacy are established upon an individualistic model, risks are that such a notion of “group privacy” would be reducible to individual privacy. Indeed, the reductionist critique should be duly respected as such a notion would be of little value if it is no more than another piece of rhetoric on top of individual privacy. The central question of this book, therefore, is how far the construction of group privacy can go beyond the traditional individual-based privacy model. Attempts have been made to differentiate the new concept of group privacy from traditional discourses. Consensus exists among the contributors that a reducible version of group privacy is not satisfactory, and that a shift of focus should be proposed from visible problems on the individual level regarding the identifiability of an individual to some intangible and unpredictable problems raised at the aggregate level. Raymond’s proposal in Chapter 4, for example, is about a shift of regulatory focus from the notion of personal identifiable information (PII) – the very target of current data protection regime – to a more broad and inclusive construct of demographically identifiable information (DII). As a result, aggregated data would at length fall into the net of data protection norms.
In Chapter 5, Floridi attempts to extend the boundaries of group privacy, starting from a sceptical position (a group cannot have a right to privacy), to a moderate position (group privacy is not reducible to individual privacy), and ultimately to a strong position (privacy sometimes only belongs to the group rather than any individual). He exemplifies the strong position of group privacy with the situation where close friends and relatives (i.e. groups) attend a private funeral of a deceased person and concludes that sometimes a group, and only a group, has a right to a specific kind of privacy to “protect grieving and reflection, or perhaps because of cultural or religious customs” (p. 91). Floridi suggests a realist approach to start considering the moderate version, based on which we could strive to achieve a full recognition of strong group privacy eventually.
Rather than wresting with moral debates, O’Hara and Roberson (in Chapter 6) take a less controversial approach to justify the invention of group privacy based on the functionality of “social machine”. In their view, this is a social construct that would create privacy requirements for the well-functioning of the machine. The novelty of this approach is commendable, but it should be noted that the computational stance is inherently partial and the contributors intend not to propose a comprehensive theory on group privacy (p. 105). Again, Chapter 7 deals with no theoretical debates but directs readers to another inquiry – the practical aspect of group privacy. Eijkman explores ways of protecting group interests from a particular source of harms in relation to big data, namely mass surveillance and communication interception. Concrete examples are provided about vulnerable groups in reality, such as journalists and NGOs, and their interests threatened by technological intrusions. However, this chapter seems a bit less relevant to other discussions in this book as it solely examines an individualist approach barely associated with the making of group privacy.
In Chapter 8, Mantelero starts by disputing the validity of the concept of group privacy in general. As an alternative, he proposes another concept – collective privacy – and argues why the latter fits better into the context of big data analytics. The collective dimension of big data, he contends, now relates “less to the secrecy of information and data quality, but more to the ethical use of information and data analytics” (p. 154). Further, his notion of collective privacy is established upon “a right to limit the potential harms to the group itself from invasive and discriminatory data processing” (p. 148). In addressing those harms arising from big data, Mantelero proposes two practical solutions in response to big data implications: (1) multiple-impact assessment of risks arising from big data analytics, and (2) supervision of data protection authorities (particularly in terms of their role in balancing the conflicting interests of the stakeholders involved). In addition, similar conclusions have been drawn in Chapter 9. Pagallo, by refuting the approach to construct group privacy on the basis of the US constitutional model of intimate corporate rights, is also in support of a risk-based approach to protect group privacy.
Aside from Chapter 7, another case study on groups and their under-protected interests is provided in Chapter 10. Hallinan and de Hert examine genetic data and its relevance to group privacy, as an individual’s genome can disclose information about others, and in practice, individuals are often grouped because of shared genetics, engendering the notion of genetic groups. They suggest ex ante guidance and oversight as an effective solution for now because it would be too late to seek remedies when privacy-related interests have been already intruded.
Chapter 11 returns to the theoretical debates on better constructing the concept of group privacy. Van der Sloot takes a unique approach by referring to the doctrine of prohibition against abuse of power, which is not individual-oriented by nature, he argues, but has been incrementally shaped by the Article 8 of the European Convention of Human Rights (the right to data protection) over decades. By examining four types of groups – individual, legal person, group and general (society), and in particular, both their rights and interests – he concludes with solid reasons for allowing groups to invoke a right to privacy.
The book includes a concluding chapter summarising the major contributions of the above chapters. Although what this book provides is not a coherent theory, the editors contend that it is still instructive to propose a variety of factors to be considered when conceptualising group privacy, viz. real/artificial, self-proclaimed/framed, self-aware/self-unaware, stable/fluid, hierarchical/egalitarian. In addition, a range of interests attached to group privacy is also summarised in this chapter, including but not limited to: negative (no discrimination), positive (right of minorities), constitutive (essentials for constituting a group) and discontinuing (individuals are unaware of the grouping and potentially against such practice).
The major contribution of this book is, in my point of view, the offering of a new privacy paradigm timely proposed in response to recent technological developments such as big data analytics. The book successfully identifies multiple bases for differentiating group privacy from established individual-based discussions, extricating the entire journey from moving towards nonsensical reductionism. Still, despite the editors’ conclusion that “multiple paths and multidisciplinarity may be proved more productive than a search for agreement” (p. 235), teasing out a complete and coherent view of group privacy from disparate contexts in this book is an intellectually challenging and easily disorienting work. Further systematisation of the rights and interests involved in future research would be quite helpful to eventually establish a coherent, comprehensive and novel theory of group privacy.
 Alan Westin, Privacy and Freedom (London: Bodley Head, 1967).
 Edward Bloustein, Individual and Group Privacy (New Brunswick: Transaction Publishers, 1978).