Skip to main content

An Indirect Argument for the Access Theory of Privacy


In this paper, I offer an indirect argument for the Access Theory of privacy. First, I develop a new version of the rival Control Theory that is immune to all the classic objections against it. Second, I show that this new version of the Control Theory collapses into the Access Theory. I call the new version the ‘Negative Control Account’. Roughly speaking, the classic Control Theory holds that you have privacy if, and only if, you can control whether other people know personal information about you. Critics of the Control Theory often give counterexamples, where privacy is either not diminished even though the claimant has lost control, or where privacy is diminished even though the claimant is in control. I argue that none of these alleged counterexamples work against the Negative Control Account. However, this is not a victory for the control theorist, because the Negative Control Account collapses into the Access Theory. The paper thus adds to the recent trend in the literature of favoring the Access Theory over the Control Theory.

This is a preview of subscription content, access via your institution.


  1. According to which ‘An individual A has informational privacy relative to another individual B and to a personal fact f about A if and only if there are extraordinary limitations on B’s ability to know f’ (Matheson 2007, p. 253). This theory has been defended by prominent theorists like Ruth Gavison (1980) and Anita Allen (1988).

  2. According to which ‘An individual A has informational privacy relative to another individual B and to a personal fact f about A if and only if (1) f is undocumented and (2) B does not know f’ (Matheson 2007, p. 253).

  3. According to which ‘An individual A has informational privacy relative to another individual B and to a personal fact f about A if and only if B does not know f’ (Matheson 2007, p. 259). This theory has been put forward by Matheson himself. Several theorists have recently endorsed altered versions of this theory. See e.g. (Blaauw 2013), (Kappel 2013), and (Fallis 2013).

  4. Variations of the Control Theory can be found in (Warren and Brandeis 1890), (Westin 1970), (Fried 1968), (Rachels 1975), (Moore 2003; Moore 2010), (Gross 1971), (Parker 1974), (Matthews 2008), (Roessler 2005) (Benzanson 1991), (Goldberg, Hill, and Shostack 2001), (Altman 1976), (Calo 2011), (Miller and Weckert 2000), (Inness 1992), (Birnhack 2019), (Falls-Corbitt and McLain 1992), (Frey 2000), and (Froomkin 2000). Some of these theorists call it the ‘control account’ instead.

  5. I write ‘alleged’ counterexamples, because I do not—for reasons I will spell out in this paper—believe that they are genuine counterexamples to the Control Theory. Throughout the paper, when I write ‘counterexample’ I mean an alleged counterexample, unless specified otherwise.

  6. See (Menges 2020) for a recent defense of a novel version of the Control Theory.

  7. To see why it is important to include the part about random circumstance, consider the following example: B is about to access A’s personal information. A is not capable of preventing B from accessing, but just before B accesses, B is struck by lightning and dies. If the part about random circumstances were not included, it would follow from the definition that B diminishes A’s privacy, which seems odd (thanks to Leonhard Menges for suggesting this example to me). Similarly, it is important to include the part about incompetence. Suppose, for example, that B attempts to peep in between A’s curtains by jumping up and down on the sidewalk. But A lives on the 5th floor, so even when B jumps as high as he can, there is no chance that he will succeed. If the part about incompetence was left out, B would diminish A’s privacy. Again, that would be odd. Thanks to an anonymous reviewer for pointing this out to me, and thanks to Jens Damgaard Thaysen for suggesting the example.

  8. These definitions are revised versions of the definitions first put forward in (Mainz and Uhrenfeldt 2020).

  9. In order to fully flesh out what Negative Control consists of, it would be necessary to explain what exactly constitutes an ‘attempt’ to access f. One might think, for example, that the mere fact that I attempt to get access to my neighbor’s health records by reading his mind, does not count as a genuine attempt. Likewise, it would be necessary to explain if A loses Negative Control if the individual who attempts to access f fails for reasons unrelated to A’s intentional actions directed at preventing the individual from accessing f. I will leave these and related questions for another occasion. Note, however, that if these questions give rise to counterexamples to the definition of Negative Control, then it is a problem for the control theorist, not for the argument I make in this paper.

  10. One might think that the exhibitionist is in fact exercising control in this example. This may be true, but note that this form of control is Positive Control.

  11. Others have explored the relation between privacy and republicanism. See e.g. (Newell 2018), (Roberts 2014), (van der Sloot 2018), and (Hoye and Monaghan 2018). However, these theorists do not apply the notion of republican freedom to the notion of control as I do, but rather argue that privacy is important for retaining republican freedom.

  12. Note that in this case, both i) and ii) will not be satisfied, and therefore A’s privacy is diminished.

  13. An anonymous reviewer suggested to me that it seems strange that the definition of Negative Control implies that A has Negative Control in a situation where A does not voluntarily let someone else access f, and no one attempts to access. The definition is formulated like this because Negative Control is something that you have under normal circumstances, when no one even attempts to interfere. Plausibly to my mind, it would be even stranger to suggest that A only has Negative Control when someone actually attempts to access. Presumably, in order for A to lose control, she must have it in the first place.

  14. See the ‘Too Much Info’ cases from (Mainz and Uhrenfeldt 2020) for examples of this.

  15. An anonymous reviewer suggested to me that if A has Positive Control (is able to share information with others if she wants to), then A lacks Republican Control. I do not see how that follows. Suppose that A wants to share information f with B, and she goes on and does so. Does this mean that A did not have Republican Control? No. In order for A to lack Republican Control, it must be the case that B could just get access to f anyway, even if A had not herself decided to share f with B. But it is perfectly possible that B cannot access f if she wants to, even if A voluntarily shares f with B.

  16. These counterexamples are instances of the voluntarily divulgence cases.

  17. Note that Menges does not take this to be a counterexample to the CT. As we shall see in a later section, Menges develops a new version of the CT that he believes to be immune to counterexamples like Parent’s.

  18. According to a footnote in (Matthews 2008, p. 141), Matthews got this example from Daniel Cohen in a personal correspondence.

  19. For many more counterexamples that turn on an interpretation of control as Republican Control, see the ones discussed in (Davis 2009, pp. 456–457), and the ones in (Rickless 2007, pp. 782–786). All of these counterexamples are instances of the threatened loss cases.

  20. Lundgren makes a structurally similar move when he argues that the problems of the CT can only be averted by giving up the concept of control in favor of the concept of limited access (Lundgren 2020, p. 172).

  21. Variations of the AT can be found in (Thomson 1975), (Gavison 1980), (Bok 1989), (Allen 1988), (van den Haag 1971), (Reiman 1995), (Macnish 2018), (Lundgren 2020), and others.

  22. Menges claims that Lundgren’s argument is meant to show that the CT collapses into the AT. However, Lundgren never calls it a collapse. Supposedly, we can have a weak and a strong sense of collapsing. According to the weak one, a theory collapses into another theory if the first theory gives the same verdict as the second one. According to the strong one, a theory collapses into another theory if the first theory gives the same verdict as the second one, for the same reasons. Like Menges, I follow the weak sense of collapsing, when I say that the Negative Control Account collapses into the AT.

  23. Except perhaps with regards to the information that Jones does not use the phone. But note that Smith does access this information.

  24. An anonymous reviewer suggested to me that the point about collapse is not very interesting because Negative Control is defined in a way that makes it obvious that losing Negative Control entails that someone has access. However, I believe that this is a feature, not a bug. The point is exactly that if the control theorist wants to avoid all the classic counterexamples against the CT, then she needs to define control in a way that entails that a loss of control entails access. To see this, consider the implications of removing the parts of the definition that makes it obvious that a loss of control entails that someone has access. What you will find is that removing these parts of the definition simply reactivates some of the classic objections against the CT.

  25. See (Inness 1992, p. 46) for a similar reply to Parent.

  26. Moving Day is inspired by an example from (Floridi 2006, p. 110).

  27. Menges argues one way to think about source control in relation to privacy is that a person is the right kind of source of the information flow if the person has a first-order desire that the information flows to others, and a second-order desire that she has the first-order desire (Menges 2020, p. 9). On this version of source control, I would need to say that the citizens in Private Ville have both first-order and second-order desires that the information about what they do inside the glass houses flows to the people outside the houses. However, Menges also says that this is not the view he argues for (ibid.).


  • Allen, Anita. 1988. Uneasy access: Privacy for women in a free society. Rowman & Littlefield Publishers.

  • Altman, Irwin. 1976. Privacy: A conceptual analysis. Environment and Behavior 8 (1): 141–141.

    Article  Google Scholar 

  • Benzanson, Randall. 1991. Privacy, personality, and social norms. The Case Western Reserve Law Review. 41 (3): 681–687.

    Google Scholar 

  • Berlin, Isaiah. 1969. Two concepts of liberty. Clarendon Press.

    Google Scholar 

  • Birnhack, Michael. 2019. A process-based approach to informational privacy and the case of big medical data. Theoretical Inquiries in Law 20: 257–290.

    Article  Google Scholar 

  • Blaauw, Martijn. 2013. The epistemic account of privacy. Episteme 10 (2): 167–177.

    Article  Google Scholar 

  • Bok, Sissela. 1989. Secrets: On the ethics of concealment and revelation. New York: Vintage Books.

    Google Scholar 

  • Calo, M. Ryan. 2011. The boundaries of privacy harm. Indiana Law Journal 86 (3): 1131–1162.

    Google Scholar 

  • Davis, Steven. 2009. Is there a right to privacy? Pacific Philosophical Quarterly 90: 450–475.

    Article  Google Scholar 

  • Fallis, Don. 2013. Privacy and lack of knowledge. Episteme 10 (2): 153–166.

    Article  Google Scholar 

  • Falls-Corbitt, Margaret, and Michael McLain. 1992. God and Privacy. Faith and Philosophy 9 (3): 369–386.

    Article  Google Scholar 

  • Farber, Daniel. 1993. Book Review: Privacy, Intimacy, and Isolation. By Julie C. Inness. Constitutional Commentary 198: 510–519.

  • Floridi, Luciano. 2006. Four challenges for a theory of informational privacy. Ethics and Information Technology 8: 109–119.

    Article  Google Scholar 

  • Frey, R. 2000. Privacy, control, and talk of rights. Social Philosophy and Policy 17 (2): 45–67.

    Article  Google Scholar 

  • Fried, Charles. 1968. Privacy. Yale Law Journal 77 (3): 475–493.

    Article  Google Scholar 

  • Froomkin, Michael. 2000. The death of privacy? The Stanford Law Review 52: 1461–1544.

    Article  Google Scholar 

  • Gavison, Ruth. 1980. Privacy and the limits of law. The Yale Law Journal 89 (3): 421–471.

    Article  Google Scholar 

  • Goldberg, Ian, Austin Hill, and Adam Shostack. 2001. Trust, ethics and privacy. Boston University Law Review 81 (2): 407–422.

    Google Scholar 

  • Gross, Hyman. 1971. Privacy and autonomy. In Nomos XIII: Privacy, pp 169–181.

  • Hoye, J. M., and Jeffrey Monaghan. 2018. Surveillance, freedom and the republic. European Journal of Political Theory 17(3): 343–363.

    Article  Google Scholar 

  • Inness, Julie. 1992. Privacy, intimacy, and isolation Oxford University Press.

  • Kappel, Klemens. 2013. Epistemological dimensions of informational privacy. Episteme 10 (2): 179–192.

    Article  Google Scholar 

  • Lundgren, Björn. 2020. A dilemma for privacy as control. The Journal of Ethics 24: 165–175.

    Article  Google Scholar 

  • Macnish, Kevin. 2018. Government surveillance and why defining privacy matters in a post-Snowden world. Journal of Applied Philosophy 35(2): 417–432.

    Article  Google Scholar 

  • Mainz, Jakob, and Rasmus Uhrenfeldt. 2020. Too much info: Data surveillance and reasons to favor the control account of the right to privacy. Res Publica 27 (2): 287–302.

    Article  Google Scholar 

  • Matheson, David. 2007. Unknowableness and informational privacy. Journal of Philosophical Research 32: 251–267.

    Article  Google Scholar 

  • Matthews, Steve. 2008. Privacy, separation, and control. The Monist 91 (1): 130–150.

    Article  Google Scholar 

  • Menges, Leonhard. 2020. A defense of privacy as control. The Journal of Ethics. Online first.

  • Miller, Seuman, and John Weckert. 2000. Privacy, the workplace and the internet. Journal of Business Ethics 28: 255–265.

    Article  Google Scholar 

  • Moore, Adam D. 2003. Privacy: Its meaning and value. American Philosophical Quarterly 40 (3): 215–227.

    Google Scholar 

  • Moore, Adam. 2010. Privacy rights: Moral and legal foundations. Pennsylvania State University Press.

  • Newell, Bryce Clayton. 2018. Privacy as antipower. In pursuit of non-domination. European Data Protection Law Review 4 (1): 12–16.

    Article  Google Scholar 

  • Parent, William. 1983. Privacy, morality and the law. Philosophy & Public Affairs 12 (4): 269–288.

    Google Scholar 

  • Parker, Richard. 1974. A definition of privacy. Rutgers Law Review 27: 275–296.

    Google Scholar 

  • Pettit, Philip. 1999. Republicanism: A theory of freedom and government. Oxford University Press.

  • Rachels, James. 1975. Why privacy is important. Philosophy & Public Affairs 4 (4): 323–333.

    Google Scholar 

  • Reiman, Jeffrey H. 1995. Driving to the panopticon: A philosophical exploration of the risks to privacy posed by the highway technology of the future. Privacy. 11: 159–176.

    Google Scholar 

  • Rickless, Samuel. 2007. The right to privacy unveiled. San Diego Law Review 44 (4): 773.

    Google Scholar 

  • Roberts, A. 2014. A republican account of the value of privacy. European Journal of Political Theory 14 (3): 320–344.

    Article  Google Scholar 

  • Roessler, Beate. 2005. The Value of Privacy. Polity.

  • Solove, Daniel J. 2002. Conceptualizing privacy. California Law Review 90 (4): 1087–1156.

    Article  Google Scholar 

  • Thomson, Judith Jarvis. 1975. The right to privacy. Philosophy & Public Affairs 4 (4): 295–314.

    Google Scholar 

  • van den Haag, Ernst. 1971. On Privacy. In Privacy: Nomos XIII, 149–168.

  • van der Sloot, Bart. 2018. A new approach to the right to privacy, or how the European court of human rights embraced the non-domination principle. Computer Law and Security Review 34 (3): 539–549.

    Article  Google Scholar 

  • Warren, Samuel, and Louis Brandeis. 1890. The right to privacy. Harvard Law Review 4 (5): 193–220.

    Article  Google Scholar 

  • Westin, Alan F. 1970. Privacy and Freedom. Bodley Head.

    Google Scholar 

Download references

Author information

Authors and Affiliations


Corresponding author

Correspondence to Jakob Mainz.

Ethics declarations

Conflict of interest

There are no conflicts of interests to declare.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Mainz, J. An Indirect Argument for the Access Theory of Privacy. Res Publica 27, 309–328 (2021).

Download citation

  • Accepted:

  • Published:

  • Issue Date:

  • DOI:


  • Privacy
  • Control theory
  • Access theory
  • Personal information