The transparent self
- First Online:
- 2.3k Downloads
This paper critically engages with new self-tracking technologies. In particular, it focuses on a conceptual tension between the idea that disclosing personal information increases one’s autonomy and the idea that informational privacy is a condition for autonomous personhood. I argue that while self-tracking may sometimes prove to be an adequate method to shed light on particular aspects of oneself and can be used to strengthen one’s autonomy, self-tracking technologies often cancel out these benefits by exposing too much about oneself to an unspecified audience, thus undermining the informational privacy boundaries necessary for living an autonomous life.
KeywordsQuantified self Self-tracking Transparency Informational privacy Autonomy
Wearable computing, automated data gathering and larger and less expensive data storage capacity have spurred the practice of self-tracking. Self-trackers wear digital self-tracking devices that measure and monitor aspects of their bodies and everyday activities.1 The data is stored and can be shared, monitored and interpreted by the user, which gives rise to a new ‘range of relations to the self’: the ‘quantified self (QS)’.2 Self-tracking is promoted as a means to self-knowledge, self-improvement and self-control: as strengthening autonomy.3
Yet, the notion of ‘self-tracking’ is somewhat misleading. Although self-tracking appears to merely entail self-surveillance, it also involves co-veillance and surveillance. Sharing one’s data with peers is encouraged and producers of self-tracking devices often track what these devices are recording by default. Moreover, the data produced by self-tracking is increasingly shared and used outside its usual contexts. Therefore, self-tracking raises normative questions. How should we interpret technologies that encourage and facilitate extended transparency? Self-trackers celebrate the potential for self-governance by disclosing their personal information. I argue that there is tension between the idea that one should disclose personal information in order to gain more self-control and the informational privacy one needs to live an autonomous life.
I proceed in four steps. First, I describe the cultural phenomenon of self-tracking, including some of its promises. Second, I argue that self-tracking should not be perceived as ‘keeping a digital diary’ and should not be understood in terms of conventional, contextual expectations regarding informational disclosures belonging to the medical context. Third, I argue that the culture of self-tracking fosters “decontextualization”. Fourth, I explain why this is problematic from a privacy perspective. It is because the culture of self-tracking breaks down informational privacy boundaries that otherwise enable autonomous self-presentation within different social contexts.
Quantified self: the practice and promise of self-tracking
Self-tracking is often referred to as ‘quantification of the self’: a means to grasp insights about one’s self based on objective data, generated by quantifying aspects of your self with the assistance of digital devices and applications that measure aspects of one’s body and activities. The data is recorded, stored, monitored and interpreted by the user.4 This paper focuses specifically on self-tracking technologies that generate health and fitness data. These are highly popular with users and attract the attention of employers, insurance companies and public health officials. At the same time, health data is generally considered private and highly sensitive.
The use of self-tracking devices and apps is proliferating and the market is growing.5 The popularity and evolution of self-tracking devices has enabled the rise of the Quantified Self Movement (QSM), an expansive self-tracking community founded in 2007 by Kevin Kelly and Gary Wolf.6 The QSM consists of a diverse group of people, including visionaries, patients, researchers, engineers and entrepreneurs.7 Tracking is within the reach of more people, now that the supporting devices have become less expensive and easier to use.8 Devices have become less obtrusive, wearable and subsequently secured a positive consumer image as ‘cool tech toys’.9
Self-tracking devices come in all shapes and sizes. In addition to the smartphone or tablet on which you can download self-tracking apps, there are many wearables and ‘smart’ objects that enable self-tracking. There are clip-on cameras, wristbands and headbands with embedded sensors that automatically record the user’s movements and biometrics such as brain activity, blood pressure, heart rate and temperature. Many self-tracking devices appear to be ordinary objects or accessories such as watches, rings, glasses or even menstrual cups. Some devices have multiple parts: a FitBit-bracelet is wirelessly connected to a scale that correlates one’s fitness data with one’s weight.
This quote implies an underlying idea about self-tracking: collecting more data from your activities will make you more transparent to yourself. Meticulous self-surveillance will provide a new (complementary) ‘narrative’ about the self. This increases one's (accurate) self-knowledge, -awareness and -understanding.11
Now much of the data-gathering can be automated, and the record-keeping and analysis can be delegated to a host of simple Web apps. This makes it possible to know oneself in a new way.10
The promise that technologies could extend our will is also gaining traction in the philosophical domain. Hall et al. see ‘undeniable power for self-discovery in the external tools that enable the systematic gathering and processing of the data’.14 Personal data mining could empower humans. Under the computerized auspices of an external ‘third eye’, we could greatly influence our level of self-control.
… there will be a certain segment of the population that will be into the self-improvement side of things, using analytics to learn about ourselves. [W]e may have a vague sense about something, but when the pattern is explicit, we can decide, “Do we like that behavior, do we not?”13
Although concrete empirical evidence regarding the effectiveness of self-tracking is presently lacking, some studies show that accurate monitoring reduces failures of self-control.15 Moreover, being aware of the fact that others monitor one’s behaviour adds another layer of externalized control and disciplining power.
One could easily imagine that this would give us an epistemic advantage. Self-tracking could reduce confabulation, biases, illusions and ignorance. Like a diary, self-tracking could be an illuminating self-help tool in gaining accurate information about our selves and aid reflection. Additionally, self-tracking might improve efficient decision-making. These devices may encourage and enforce desired behaviors in line with users’ life choices.
A new medium, a changed practice
Self-tracking devices are often perceived as self-help tools and conceptualized as digital diaries or journals. Moreover, they are understood in terms of contextual expectations belonging to the traditional medical context. Yet, should they be conceived as such?
Motivational efficacy, self-control and access to (minimally) accurate information are all important dimensions of autonomy.16 We use strategies to obtain access to accurate information about ourselves in order to increase self-control and become more effective in carrying out our plans every day.17 One of these strategies is keeping a diary.
Medical professionals often ask their patients to keep a (medical) diary to record their eating habits, moods, physical exercises, absence or presence of pain. Scrupulous self-monitoring can prove incredibly valuable for self-help and empowerment. At a QS conference one participant shared a successful experience in which she felt more empowered. As a Parkinson’s patient, she had been in and out of hospitals for a great part of her life. Through self-tracking, she was able to contribute data about her body to the meetings with her neurologist and physician. Based on the insights drawn from the data, she was able to increase her autonomy in deciding the doses of her medication.18
Self-tracking is often understood as the digital equivalent or the evolved practice of keeping a diary or journal.19 Typically, a diary is characterized as an individual project meant to privately record one’s intimate reflections, feelings, experiences and logging of daily (personal) facts—hence the symbolic lock that often adorns the artifact. Since self-tracking enables disclosure of one’s personal information, it would be counterintuitive to parallel the practices. Yet, historically, there exist many different forms of the ego-document including diaries as communal means of expression and therefore not at all ‘private’ or ‘intimate’ in the sense of being strictly accessible to the author. In fact, ‘an essential feature of all diaries is their addressee’.20 This would be an argument supporting the claim that self-tracking devices are similar to diaries.
As I will argue, the potentialities of self-tracking technologies facilitate, enable and encourage informational disclosures to an unspecified audience rather than directed disclosures at particular addressees. Contrary to a written diary, the terms and measures we employ to self-monitor are not selected by the user, but part of the design of the device. A self-tracker cannot control or be sure that third parties will not access her data. Ignoring the change of the cultural practice along with new technological potentialities of self-tracking devices contributes to misconceptions about the way information is collected, shared and stored. Let us keep this in mind and now explore the particular domain of health and lifestyle where self-tracking devices are increasingly used.
Cultural practices or forms never simply adapt to new technological conditions, but always inherently change along with the technologies and the potentialities of their use.21
Intimate informational disclosures concerning our behaviour and bodies were formerly confined to the confidential, legally protected medical setting where one interacts with one’s doctor. Within this context a person can reasonably expect that her well-being is the number one priority and that any information shared within this sphere will not be shared in different contexts without her knowledge and without her consent. In their role, doctors are subjected to social norms for the medical setting and legally bound to protect confidentiality and trust. A breach of patient confidentiality is experienced as a violation of a special social relationship and the trust that accompanies it. It is the transgression of a social norm, in fact, of an informational privacy norm: a common, contextual understanding about what to disclose to whom and to what extent.
New self-tracking technologies for health and fitness can create confusion because they change the social practices within this particular social context. These new technologies enable informational disclosures not directed at specific audiences. It might be unclear who will have (future) access to the generated information and what their interests may be. Before, a patient could rely on legal protection, informed consent, codes of conduct, social norms, even the physical boundaries such as the structure of the physician’s office as a closed-off space. Now, these boundaries are difficult to enforce because they are completely lacking or not yet adapted to the new technological possibilities of self-tracking.
Common informational privacy norms regarding data use or distribution do not necessarily apply in the ‘cloud’. Nevertheless, users of self-tracking devices do uphold contextual (and conventional) expectations regarding how their health data is used and shared, often based on their experiences with the social conventions of the physician’s office. This, along with the failure to re-interpret the practice of self-tracking as a new cultural form, may explain why users are prone to many misconceptions with regard to the ubiquity, granularity, frequency and comprehensiveness of health data collection.22 And yet, as I will argue in the next section, the culture of self-tracking (actively) stimulates disclosure and discourages regulated disclosure.
Techno-norms of disclosure
The culture of self-tracking stimulates informational disclosure.23 I argue that the design of self-tracking technologies plays a significant role in enabling, encouraging and implementing new norms of handling information flows. Also, I argue that the community of self-trackers and the enterprises producing self-tracking technologies are equally influential in co-creating, embedding and shaping new techno-norms of disclosure. I will first describe the self-tracking community.
Of course, many individual self-trackers do not share their data. But merely consuming and not producing is not stimulated within the culture of self-tracking. In her 2004 analysis of lifelogging, José van Dijck remarked that ‘although reciprocation is certainly not a condition for participating in the blogosphere, connecting and sharing is definitely written into the technological condition’.27 This can easily be applied to the culture of self-tracking anno 2015.
At the conference, I not only saw a community ‘in love’ with numbers, but also people engaging in radical acts of self-disclosure. Standing on stage they talked about painful episodes in their lives (depression, anxiety); they showed their bodies virtually (in every sense of the word) naked; they showed their dreams, their diary entries and their meditation practices, and they talked about their physical diseases and their struggles against overweight.26
Consider now two self-tracking technologies, namely the immensely popular FitBit and Strava fitness-bracelets. First of all, self-tracking devices can be defined as scaffolding technologies, technologies that use environmental, psychological or social strategies in order to overcome deficiencies of the user’s willpower. Self-tracking relies on the assumption that willpower is distributed and that self-control can be found in more than one place, even outside the individual’s mental realm.28 I will now present three examples of scaffolding strategies, as features of FitBit and Strava, where information disclosure figures prominently.
Firstly, FitBit and Strava are designed as environmental strategies. They are artifacts that structure the user’s environment. Their design, such as being waterproof, inconspicuous and wearable (day and night), enables and stimulates continuous use. It makes the device part of one’s daily routine. Users experience a certain loss when they take off their devices, because their data might become incomplete.29 Users grow attached to the device, regarding it as belonging to their bodies. Through this attitude they become vulnerable to constant monitoring.30
Secondly, FitBit and Strava incorporate psychological strategies such as reward and warning systems, combining pleasant and unpleasant tasks and visualizing realistic targets. For instance, Strava motivates its users by turning a solitary exercise into an exciting game with both known (peers) and unknown (e.g. based on age, location, sex) competitors.31 Through features of scoring (leaderboards) and reward (awards, badges), Strava motivates users to improve their performances and to log their performances.32 The game elements motivate users to share more data with Strava and other Strava-users: users are constantly stimulated to compete with others and themselves, thus generating more data.
Finally, Fitbit and Strava employ social strategies. Through these strategies the user authorizes someone else to exercise control over her.33 Examples of social strategies are deadlines, teamwork and seeking out the ‘right’ company to support the desired behavior. Fitbit and Strava offer social media options, forums and groups where users can share information with anyone ranging from ‘friends’ to virtual strangers. Hence users can check on and encourage each other.34
This quote suggests that by sharing data, apps and devices become more powerful when they know more about the user. They then empower the user with personalized advice. However, it is important to realize that companies can share user information at whim:
With HealthKit, developers can make their apps even more useful by allowing them to access your health data, too…. you choose what you want shared. For example, you can allow the data from your blood pressure app to be automatically shared with your doctor. (…) When your health and fitness apps work together, they become more powerful. And you might, too.37
Self-disclosure is part and parcel of the culture of self-tracking. While self-disclosure is not problematic per se, self-tracking pushes users to disclose personal information outside its usual context. Self-tracking fosters decontextualization: a blurring of common privacy boundaries—consisting of particular informational privacy norms—by collapsing social contexts. This causes information that was formerly confined to and aimed at a particular social context or relationship to transgress its usual borders.39 In the next section I will explain why decontextualization is problematic by explaining the value of privacy.
Self-tracking companies can share user information with business associates, data brokers, marketers, insurance plans, employers, or even law enforcement, subject only to self-directed, self-imposed restrictions on the information flow practices decided internally and spelled out to users, often opaquely, in privacy policies. [O]nce information has reached second and third parties, there is very often no way to predict where it will land.38
Privacy: controlling one’s self-presentation
Alan Westin classically defined informational privacy as the control individuals, groups and institutions have over determining how, when and to what extent information is distributed to and, ultimately accessed by, others.40 When one’s privacy is violated, for instance by information-distribution to the state, commercial companies, an employer, classmates or unknown third parties without someone’s consent, this results in a violation of the very conditions required for autonomy.41
Many scholars have argued that informational privacy, or controlled disclosures, enables one to mediate different social relationships.42 Information shared with (say) a physician should not be passed on to someone’s employer. It would be a gross violation of privacy and a violation of the patient-doctor relationship if the physician would communicate this knowledge to the patient’s employer. Informational privacy norms demarcating the context of the doctor’s office define the relationship. When such informational privacy norms are transgressed, one loses the ability to form reasonable expectations and assessments of who has access to one’s information. Different social contexts require different behaviour and different expectations from us. We rely on these all the time. A violation of these expectations is a violation of contextual integrity.43 To foster and maintain different meaningful social relationships within distinct social contexts, one must be able to mediate different levels of disclosure.44 Privacy norms embody dynamic social negotiations of access and withdrawal.45
When self-disclosures are disclosed to an unspecified and even ‘unknown’ audience, as in the case of the classmates that secretly have access to information not intended for them, it becomes difficult for the discloser to behave in an authentic way. She loses her ability to form adequate expectations about who has access to her information and to what extent. According to Roessler, when someone cannot control who has access to her personal information, this reduces her freedom in determining her own behaviour and self-presentation in different contexts, which results in inauthentic interaction.47 Roessler states that a person can only be fully autonomous when she is able to present oneself in a self-chosen way in a self-chosen context, performing self-determined actions fitting with one’s expectations about the context in question.
(…) self-chosen diversity in one’s relations would not be possible. Nor, therefore, would self-determined, context-dependent, authentic behaviour towards others, or the variety of self-chosen forms of interaction with others, or communication and reflection on self-chosen problems and issues, graded, as it were, according to the relation in question. Nor would it be possible to find an answer authentically, to the question of how one wants to live.46
Here is a fictitious, but realistic case that most would categorize as a clear violation of privacy.48 First, consider covert observation. Imagine that Charles has logged all of his activities and biometrics onto his self-tracking device. Charles received the wearable from his employer as a playful encouragement to improve his lifestyle in exchange for free health insurance. Charles expects his medical information to remain private or be shared with his personal physician. Unbeknownst to Charles, his employer keeps track of his data and discovers that Charles is in fact a diabetic. Perceiving this as a ‘risk’ and fearing high medical costs, the employer searches for an appropriate pretext to fire Charles.
This quote from Stanley Benn clearly states that to respect Charles as a person, one should perceive him as an actual or potential chooser, an agent: a person trying to plan his own life, adjusting his behavior as his perception of the world changes. To interfere with his autonomous choices is to violate his privacy. Authentic behavior is problematized: the deceived, spied-upon person acts on reasons that ‘cannot be his reasons’, because they are the deceiver’s. Without privacy, a person can never fully and confidently claim that she has acted on reasons she has selected herself and fully identifies with.
Covert observation – spying - is objectionable because it deliberately deceives a person about this world, thwarting, for reasons that cannot be his reasons, his attempts to make a rational choice.50
Let me now present the case from a different angle. If Charles discovers that his employer is monitoring his data, he has three options. First, he can stop his self-tracking activities as a response. Second, he can continue tracking, but adjust his privacy settings or limit the activities and biometrics he is tracking, taking the potential ‘audience’ into account. Thirdly, he can mess up the data he is collecting by cheating, for instance, by letting other people wear the device. In all three cases, Charles is forced to see himself, his activities, thoughts and feelings through the eyes of another and to adjust his activities according to this audience. Charles sees himself as the object of constant examination, which changes his perception of himself and the nature of his activity.51
Whether the monitoring is covert or not, Charles’ autonomy is compromised because his employer controls the technological means and the information that it generates. Charles is subjected to the control of others and, as a consequence, his self-perception may change. Even if the employer does not actually access and disclose the information, the power imbalance is such that she could easily do so whenever she wishes to. As a result, it becomes extremely difficult for Charles to autonomously control his self-presentation within this context.
Many privacy scholars have located the value of privacy in autonomy, arguing that it is necessary for freely fostering close relationships, individual choice, creativity and other aspects of an autonomous life.52 Autonomous agents a re able to shape their lives according to those desires, beliefs and values judge to be good reasons for action. They should be able to identify with their actions and decisions. As Roger Crisp states: ‘part of what makes life worth living is running one’s own life for oneself’.53
As the practice of self-tracking becomes increasingly institutionalized, users will increasingly be able to “outsource” their self-government, as Valdman puts it, to devices and those who control and access them by making visible what was not visible before.54 My thesis is that extended transparency conflicts with the informational privacy norms necessary for full autonomy. Success stories about empowerment, self-control and self-improvement camouflage the reality of decontextualization, where we expose too much to an undefined (future) audience, which limits our capacity to run our lives for ourselves.
Self-tracking technologies could be valuable tools for strengthening one’s self-control. For instance, a user may gain more control over her body weight by tracking and sharing her calorie intake and athletic performances. Yet, the way many of these self-tracking devices and apps are currently designed and used, combining self-surveillance, co-veillance and surveillance, cancels out these promising results. Beyond her control, the information collected through self-tracking exposes her geo-location, her consumer and exercising behaviour, the time she spends in and outside of her office or home and many more variables to an unidentified audience. One can deduce many insights about a user’s personal life from the data gathered. Altogether, this constitutes a violation of her privacy that can undermine her autonomy on a more fundamental level.
Then, how should we deal with this in practice? The broader privacy problem of decontextualization deserves further normative scrutiny, yet, we must also think about how to practically negotiate the tension between transparency and limits on disclosure. Users should be educated about digitalization of cultural practices, information flows of emerging self-tracking technologies, potential purposes of one’s information and potential audiences. Furthermore, we should critically evaluate the design features of self-tracking technologies and offer alternatives, beyond the mere option for ‘consent’, whereby users have granular control over the flow of their information and the potential audiences that may be able to access their data. Users should also be able to anonymize or delete their data. It is particularly important to reconsider the institutionalization of commercial self-tracking devices within the health care sector.
I have argued that informational privacy is an important condition for leading an autonomous life. Users should be able to negotiate and control informational disclosures. Otherwise, I doubt we could interpret self-tracking as a normatively significant contribution to autonomy.
This paper makes a general assumption that self-control, self-knowledge, self-improvement and the popular notion of ‘empowerment’ often employed by self-trackers are notions that are strongly related to and important for the concept of autonomy.
It is important to stress that there are many individual self-trackers who track a particular aspect of their life but who do not identify with the community of the QSM. See Neff and Nafus (2016).
QS Europe conference, Amsterdam September 18th, 2015. Break-out session ‘Talking Data With Your Doctor’.
(Informational) disclosure is the revealing of information. It may imply information-sharing, like when a technology automatically uploads the ‘uncovered’ or collected information or when the user decides to share her (personal) information with others. I view norms of informational disclosure as ‘norms of privacy’ or ‘privacy boundaries’ since privacy norms are dynamic social norms that govern information-flows (what to disclose, to what extent and to whom) within, and therefore play an important role in mediating, different social relationships and contexts. I will speak of norms of disclosure and privacy norms interchangeably.
For the idea that monitoring or peer pressure has a disciplining effect see Foucault (2007). Foucault discusses a type of surveillance that becomes internalized and thus disciplines the subject. Self-tracking is a form of self-surveillance (watching oneself from a third person perspective) and (social) surveillance at the same time.
It is not my intention to resolve or address the concrete harms of this particular case by proposing alterations of design, policy or law, but rather to use this example to point out the very insidious, subtle and more abstract trend of decontextualization that is often not recognized as such because it does not directly cause demonstrable harm.
I would like to thank Beate Roessler, Anthonie Meijers, Philip Nickel, Sven Nyholm, Bart van der Sloot and Priscilla Regan for their immensely valuable and helpful comments on earlier drafts of this article. I am also grateful for the comments and questions raised by the audience and participants of the “Robots, Telecare and Health Data: Interdisciplinary Perspectives” workshop (University of Eindhoven, April 2015), the MANCEPT “Privacy and Transparency” workshop (University of Manchester, September 2015), and the “Value and Ethics of Privacy” track at the Amsterdam Privacy Conference (University of Amsterdam, October 2015).
Open AccessThis article is distributed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits unrestricted use, distribution, and reproduction in any medium, provided you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license, and indicate if changes were made.