“If you are filled with desire

Your sorrows swell

Like the grass after rain

But if you subdue desire

Your sorrows shall fall from you

Like drops of water from a lotus flower”

– Gautama Buddha

“We are governed, our minds are molded, our tastes formed, our ideas suggested, largely by men we have never heard of.”

– Edward Bernays

1 Introduction


Much has been written about artificial intelligence (AI) perpetuating social inequity, disenfranchising marginalized groups and diminishing privacy [8, 14, 32, 75]. It is a sad irony that virtually all of these critiques are exclusively couched in concepts and theories from the Western philosophical tradition (Algorithm [3, 31]. In particular, Buddhist philosophy is, with a few notable exceptions [34,35,36, 49, 59], completely ignored. This inattention to non-Western philosophy perpetuates a pernicious form of intellectual imperialism [1], and deprives the field of vital intellectual resources.

The aim of this article is twofold: to introduce Buddhist concepts and arguments to an unfamiliar audience and to demonstrate how those concepts can be fruitfully deployed within the field of AI ethics.

In part one, I develop a Buddhist inspired critique of two propositions about informational privacy [40] that undergird privacy regulations in the European Union: that the scope of privacy is defined by an essential connection between certain types of information and personal identity (i.e., what makes a person who they are), and that privacy is intrinsically valuable as a part of human dignity [19].Footnote 1 The Buddhist doctrine of not self (anattā) rejects the existence of a stable and essential self. According to this view, persons are fictions and questions of personal identity have no ultimate answer. From a Buddhist perspective, the scope and value of privacy are entirely determined by contextual norms—nothing is intrinsically private nor is privacy intrinsically valuable. This view aligns with the idea of privacy as contextual integrity advanced by Helen Nissenbaum [55].Footnote 2

In part two, I show how this shift in perspective reveals a new critique of surveillance capitalism [79]. While other ethical analyses of surveillance capitalism focus on its scale and scope of illegitimate data collection, I examine the relationship between targeted advertising and what Buddhism holds to be the three causes of suffering: ignorance, craving and aversion. From a Buddhist perspective, the foremost reason to be wary of surveillance capitalism is not that it depends on systematic violations of our privacy, but that it systematically distorts and perverts the true nature of reality, instilling a fundamentally misguided and corrupting conception of human flourishing.

2 A prefatory note

Buddhist philosophy, such as Western philosophy,Footnote 3 admits of no easy summary. With roots in India and branches that stretch into the indigenous traditions of Tibet, China, Japan and elsewhere, Buddhism comprises an assemblage of diverse, and often conflicting, concepts, doctrines and schools of thought. Indeed, as in Western philosophy, one can find almost as much conflict as consensus even when it comes to fundamental questions regarding the nature of reality or, indeed, the sort of person that Buddhist practitioners should aspire to be.Footnote 4 Nevertheless, especially when contrasted with Western traditions, what we call “Buddhist thought” is both distinctive and coherent enough to justify the appellation.

In an effort to simplify and avoid (albeit interesting) rabbit holes of textual and doctrinal hermeneutics, my discussion of Buddhist ideas will largely, though not exclusively, be guided by two key thinkers and two key texts: His Holiness (HH) the Dalai Lama’s Ethics for the New Millennium and Jay Garfield’s Engaging Buddhism. HH Dalai Lama’s text is chosen, because (a) although he does not serve as a leader for all schools of Buddhism, he is the closest there is to a central authority (b) he writes in non-technical English and (c) he is actively interested in the impact and ethics of technology, including AI, on and in society [65, 71]. Jay Garfield’s text is chosen, because it is an incredibly clear, concise yet comprehensive treatment of core Buddhist concepts written by an author who is deeply versed and highly respected in both the Buddhist and Western philosophical traditions.Footnote 5 Readers unfamiliar with Buddhist philosophy are encouraged to consult both books.

3 Who cares about a Buddhist theory of privacy?

The only sustained, philosophical analysis of the relationship between Buddhism and privacy is “A Buddhist Theory of Privacy” by Soraj Hongladarom. His goal is not to criticize the Western philosophical tradition’s approach to privacy per se. Rather, he is “looking for a way for privacy to be theorized and justified in the vocabulary of a thoroughly non-Western philosophical system, while maintaining its efficacy for today’s globalized world” [34], p. 7). In his prefatory remarks, Hongladarom orients his work within the larger project of developing a non-Western ethics of technology that is simultaneously distinct from, yet compatible with, Western ethical concepts like privacy (2016, pp. 5–6):

…imposing Western values, such as calling for the world to adopt the same guidelines on informational privacy, is seen by some to be an aspect of the continuing attempt by the West to colonize the non-Western countries. What I want to argue in this book is, however, precisely to counter this type of argument…people in non-Western cultures do not have to follow Western values, but that does not mean that they have to give up the rights and protections that some Western values, such as privacy (which is the topic of this book) affords.

While Hongladarom and I agree on many points,Footnote 6 our objectives are different. I am not interested in how Buddhist philosophy may justify the right to privacy. I am interested in how Buddhist thought draws attention to, and offers a route for reconceiving, problems with how we think about privacy in the West. I discuss some of these problems in the following section.

One objection to my argument is that it has more to do with privacy than it does with AI and surveillance capitalism. Of course, there are privacy issues that may not relate to surveillance capitalism, e.g., sharing of medical information between clinicians. In addition, there are plenty of AI ethics issues that may have nothing whatsoever to do with privacy, e.g., selecting appropriate metrics for measuring bias. However, in the context of surveillance capitalism, privacy and AI are inexorably linked: surveillance capitalism describes the economic arrangement, whereby personal data is collected and, through the application of AI, used to develop targeted advertising,

A second challenge to my argument is that the conclusions reached do not uniquely depend upon Buddhist concepts. This is true: there are plenty of non-Buddhist theories of the self that also reject the idea of any fixed, enduring entity that gives shape to personal identity, e.g., [37]. Similarly, one can develop critiques of capitalism that are completely independent of any theory of the self, and are entirely divorced from the core tenets of Buddhism. Finally, the argument from Buddhism depends upon rejecting certain intuitive and widely accepted notions (i.e., that there is a substantial self that endures and constitutes a person’s identity). If all one seeks to do is develop a compelling critique of surveillance capitalism, why bother invoking a controversial theory of the self and importing ideas from Buddhist philosophy?

In response to these objections, I offer the following. First, if AI is going to be used in settings, where the prevailing ideology is Buddhism, we should consider a Buddhist perspective on AI. “Equitable AI” should include both how AI is used (e.g., without disadvantaging particular groups) and how AI is conceived (e.g., including non-Western perspectives) [54]. More generally, one of the most pressing ethical concerns about AI is the way in which marginalized groups in general [8], and the global south in particular [6], may become systematically disadvantaged. It seems especially peculiar, then, not to consider what philosophical traditions originating in the global south (e.g., Buddhism) have to say about the matter.

Finally, Buddhism offers a clearer route for getting at the core issue of surveillance capitalism which, in the final analysis, has less to do with privacy per se and more to do with the way in which individuals’ desires are manipulated into an endless cycle of consumption and craving. Privacy, it turns out, may be a red herring to the extent that critiques of surveillance capitalism frame surveillance, rather than capitalism, as the primary object of concern. A Buddhist critique, however, reveals that surveillance capitalism is merely the latest symptom of a deeper disease.

4 Practical challenges with privacy

The European Union’s General Data Protection Regulation (GDPR) is the most significant piece of privacy legislationFootnote 7 in the world [2].Footnote 8 However, its implementation has been rife with challenges. For example, biomedical research databanks collect information that is intended to be used in multiple studies by multiple researchers [73]. Crucially, this information is supposed to be accessible without the need for obtaining additional permissions from the research subjects who originally contributed data. However, GDPR compliance “has stalled at least 40 clinical and observational studies on risk factors and exposures for cancer” [24]. The underlying cause is a lack of clarity over how to operationalize the conception of privacy outlined in the GDPR.Footnote 9 In particular, it is not clear when data should be regarded as personal (and in need of protection), because the relationship between data and individual identity is often ambiguous.Footnote 10

The confusion experienced in the medical research community extends to the corporate community at large. McKinsey research shows that few companies feel fully compliant: as many as half, feeling at least somewhat unprepared for GDPR, are using temporary controls and manual processes to ensure compliance until they can implement more permanent solutions [52].

Another complication is the apparent tension—or even incompatibility—between the GDPR’s protection of privacy and other goals, such as non-discrimination. The principle of data minimization, which is expressed in Article 5(1)(c) of the GDPR and Article 4(1)(c) of Regulation (EU) 2018/1725, is intended to protect privacy and states that [28]:

a data controller should limit the collection of personal information to what is directly relevant and necessary to accomplish a specified purpose [and] they should also retain the data only for as long as is necessary to fulfil that purpose.

On the other hand, to avoid algorithmic discrimination, algorithms ought to be audited to ensure they are not biased against protected groups. As a practical matter, it is incredibly difficult, if not impossible, to test for discrimination against protected groups without knowing the distribution of those groups within a data set. In addition, this, of course, requires collecting exactly the sort of data which the principle of data minimization discourages. As I have written elsewhere, “eliminating the collection of data revealing sensitive categories may, perversely, allow discrimination to continue and deepen by making it impossible to be detected in the first place" (B. W. [33], p. 3).

One might argue that this all arises from a poorly written piece of legislation. However, many of the confusions at the heart of the GDPR arise from the way in which privacy is conceived. As we will see in the following section, the GDPR is premised on a conception of privacy that posits an essential relationship between personal identity and certain attributes, and regards information about those attributes as categorically important. For now, however, it is enough to recognize that there is a practical need to reconceptualize privacy if we are to create a viable path for both implementing safeguards and permitting socially beneficial types of AI, such as large-scale biomedical research.

5 Privacy: a brief philosophical survey

From a philosophical perspective, any successful account of privacy needs to address two distinct questions: what privacy is, and why it is important. A division between the private and public spheres of life go back at least as far as Aristotle and the distinction between polis, where citizens engage in public affairs, and oikos, where they are occupied by domestic life [73], p. 272). However, the mere fact that life can be divided into two spheres does not explain why such a division ought to be respected. Indeed, within the liberal tradition, writing about the value of privacy is a relatively recent trend: the works of Locke, Rousseau, Kant and Mill contain extensive disquisition on the value of liberty, autonomy, welfare and justice, but say nothing of privacy [51], pp. 17–18).

Rather, as Konvitz shows, the origins of privacy as a moral concept lie in Judeo-Christian theology. He writes, “mythically, we have been taught that our very knowledge of good and evil—our moral nature, our nature as men—is somehow, by divine ordinance, linked with a sense and a realm of privacy” [42], p. 272). In the Old Testament, God knows that Adam and Eve have eaten from the tree of knowledge, because they immediately seek to cover themselves. Humans qua humans require privacy because that is what distinguishes civilized life from the animal and barbaric.

In this tradition, the need for and right to privacy are both grounded in the concept of human dignity. Human dignity is a broad and troublingly vague concept, but can be roughly glossed as the idea that humans possess special value simply in virtue of being human. The term “connotes universality (ascription to every human person), inalienability (it is a non-contingent implication of one’s status as human), unconditionality (a property requiring no performance or maintenance) and overriding (having priority in normative disputes)” [60]. From a genealogical perspective, the origin of human dignity can be traced back to the writings of Kant, Roman notions of dignitas and the Christian doctrine of imago Dei [20].Footnote 11

In its 2015 report—which provided a philosophical scaffolding for the European Union’s General Data Protection Regulation (GDPR)—the European Data Protection Supervisor writes that “the dignity of the human person is not only a fundamental right in itself but also is a foundation for subsequent freedoms and rights, including the rights to privacy and to the protection of personal data [because] privacy is an integral part of human dignity” (European Data Protection [29].

The question naturally arises: what does respect for privacy actually entail? The dominant view is eloquently summarized by Westin, who links privacy with control and personal autonomy. Privacy, he writes, is “the claim of an individual to determine what information about himself or herself should be known by others” [78], p. 431). The same sentiment is present in Article 1, Sect. 1 of the GDPR: “This Regulation protects fundamental rights and freedoms of natural persons and in particular their right to the protection of personal data” [27].

In the digital age, the right to privacy means the right to protection of personal data, which the GDPR defines as “any information relating to an identified or identifiable natural person (‘data subject’)” (Article 4, Sect. 1). In particular, Article 9, Sect. 1 delineates which categories of information are private and pro tanto protected:

Processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation shall be prohibited.Footnote 12

Under the GDPR privacy is categorical in two senses: certain categories of data (i.e., those delineated above) are private, and privacy is categorically valuable as “an integral part of human dignity” (European Data Protection [29].

The link between privacy and personal identity is clear. Both the idea of personal data and the right to privacy require an individuated entity (i.e., a person) to whom such information is related and for whom control over that information should be regarded as a fundamental right. For this conception of privacy to be workable, the individual specified must remain substantially stable over time: if I now have a unique right to control access to information about something I did then, it can only be because I am one and the same person. The right to privacy thus construed takes as given the existence of substantial, stable entities with essential qualities (i.e., natural persons), which is to say that there can only be privacy with persons.

In the following section I will argue that this conception of privacy is incompatible with Buddhism.

6 The argument for not self (anattā) in Buddhism

One of the core tenets of Buddhism is the concept of anatta or non-self. Anattā is best understood as the rejection of atman, a substantial, stable and autonomous self that gives a person their essential identity.Footnote 13 According to Buddha, attachment to the self is both misguided—there is no self—and the source of human suffering ([38], p. 38):

Knowing that each of these elements is neither "me", nor "mine",

Man detaches himself from the clinging.

He obtains peace of heart

And freedom from bondage.

One of the most famous arguments for anattā is found in the Milindapañha or Questions of King Milinda, a dialogue between Nāgasena, a Buddhist monk, and Milinda, a Bactrian king of Greek ancestry who reigned during the second century BC in the North West of India. The philosophical action starts when the King asks how he should refer to Nāgasena, who replies:

Your majesty, I am called Nāgasena; my fellow-monks, your majesty, address me as Nāgasena: but whether parents give one the name Nāgasena, or [any other name], it is, nevertheless, your majesty, just a counter, an expression, a convenient designator, a mere name, this Nāgasena: for there is no person here to be found. [63], pp. 50–51)

Nāgasena is not making a point about the way in which names attach to their referents: he is not saying that he would be the same person whether or not his name was Nāgasena or Bob. Nor is Nāgasena saying that his name is meaningless.

In the following passages, the King asks whether Nāgasena’s identity can be located in any part of his body, or any part of his mind, to which the Nāgasena replies that it cannot, for neither are stable.Footnote 14 Baffled, the King concludes that.

…although I question you very closely, I fail to discover any Nāgasena. Verily, now, sir, Nāgasena is a mere empty sound. What Nāgasena is there? Sir you speak a falsehood, a lie: there is no Nāgasena.

The King’s claim is that, if there is no substantial entity to which Nāgasena refers, it must be nonsense to speak of Nāgasena. However, as we have already noted, this is not the view of Nāgasena. Nāgasena does not think the concept Nāgasena is meaningless, just that it is nothing more than a convenient designator (more on this shortly).

In the next phase of the argument, Nāgasena sets out to distinguish between two types of entities: those with svabhāvaFootnote 15 (roughly translated as independent existence) and those that only exist in a conventional or provisional sense. He asks the King how he arrived at court, who answers that he came in a chariot. Previously, the King asked Nāgasena whether any part of him constituted his identity. Now it is Nāgasena who asks the King whether any part of a chariot constitutes its identity. “Is the chariot the wheels”, he asks. “No”, replies the king. “Is it the axle?”, Nāgasena asks. “No”, replies the king. “Is it the axle, the wheels, and all the other parts united?”, Nāgasena asks. “No”, replies the king. “Is it anything other than all the parts united?”, Nāgasena asks. “No”, replies the king. “Well”, Nāgasena says “you must be lying. For, by your account, there is no chariot that brought you here today and the word chariot is nothing but a mere empty sound.”

The argument can be broken into the following claims:

  1. (1)

    The chariot is not identical to any one part.

  2. (2)

    Therefore, you could change any one part of the chariot and it would still be a chariot.

  3. (3)

    The chariot is not identical to all of its parts. If it was, then (2) would be false.

  4. (4)

    The chariot is nothing more than all of its parts.

  5. (5)

    Therefore, the chariot is neither any one part, nor all of its parts, nor anything beyond all of its parts.

In the context of persons, the chariot argument amounts to saying that all we mean when we refer to a person or, indeed, ourselves is a jumble of psycho-physical phenomenaFootnote 16 that is only bound together insofar as we use a convenient designator to describe it. Nāgasena concludes that “according to the highest meaning the person is not found there”:

Just as when the parts are rightly set,

The word “chariot” is spoken.

So when there are the aggregates,

It is the convention to say “being”

([38], p. 40)

A few points of clarification are required. Although Buddhist thinkers ultimately reject the self (atman), they may recognize that a sense of self is useful as an organizing principle.Footnote 17 It is often convenient to use the pronoun “I” or “you” or “they”, all of which may seem to entail the belief that there is a substantial entity that “I” or “you” or “they” refer to. However, this is incorrect. In international politics, we may say that “China wants to assert regional dominance”, but we do not literally mean that there is a substantial entity, called China, that has its own thoughts and desires. That would be a category mistake [50]. However, for the purposes of discussing international relations, China is a useful conceptual fiction: talk about China “wanting this” or “doing that” is perfectly fine so long as we recognize that our talk is metaphorical, an instance of personification. According to the Buddhist, our talk of persons is metaphorical as well: we personify phenomena but, ultimately, there are no persons.Footnote 18

Within Buddhism, there is interpenetration between ethical and metaphysical understanding: our metaphysical commitments matter not just because they may fail to match up with reality, but because they may impede our liberation from suffering. Dukkha, which is often rendered as suffering or, in Garfield, “the unsatisfactoriness of life”,Footnote 19 originates in a certain kind of ignorance (avidyā), a “primal confusion about the fundamental nature of reality”. This ignorance is not passive; dukkha doesn’t just arise because we are oblivious to certain facts of existence, but because we actively (though mostly unconsciously) sustain a fundamentally confused, and thoroughly corrupting, picture of reality. The path out of dukkha thus requires “a reorientation toward ontology and an awakening (bodhi) to the actual nature of existence”. In recognizing the insubstantiality of the self, we not only acquire a more accurate picture of reality, but also escape from the suffering brought about by clinging to such delusions. In particular, anattā frees you from suffering precisely, because it frees you of the delusion that there is a “you” capable of suffering.

7 The implications of not self (Anattā) for privacy

Earlier, we saw that, for legislation like the GDPR, the value of privacy is linked to personal identity and human dignity. For thinkers like Benn [9], Westin [78] and Kupfer [44], privacy is essential for “the development of an autonomous self” [44], p. 81). As Vold and Whittlestone [77] summarize, for those that link privacy to dignity, “to be free to self-determine and maintain a robust ‘self-concept’…individuals need to be able to retain some control over what information about them is accessible to other people” [77], p. 4).

This understanding of privacy is clearly at odds with Buddhism. When Buddhists reject the self, they are rejecting the idea that persons have any essential characteristics, “that there is someone [or many] part[s] of the person that accounts for the identity of that person over time” [63], p. 33). To a Buddhist, persons are not ultimately real—they exist in a purely conventional sense. To believe in an enduring and autonomous self is not merely incorrect, but harmful.

This leaves Buddhists in an interesting position when it comes to privacy. One of the core tenets of Buddhist ethics is karuna, to act for the benefit of all sentient beings. On the surface, however, the requirement seems paradoxical: surely a Buddhist cannot simultaneously deny that people are real and also care for their wellbeing?Footnote 20

But this objection conflates the idea that persons are fictional with the idea that they are, therefore, unimportant and not worth taking seriously. When the Buddhist denies that the self exists they are just saying that there is nothing outside of convention that gives shape to personal identity. This is not the same as saying that all conventions or fictions are, ultimately, unimportant. “Conventions”, writes HH Dalai Lama, “may be said to be valid when they do not contradict knowledge acquired either through empirical experience or through inference, and when they serve as the foundation for a common discourse within which we situate such notions as truth and falsity” [46], p. 43). We may find it useful to speak of selves and persons, but this should not be taken to mean that the existence of selves and persons is a “brute fact” [4] about reality. What it does mean, however, is that the truths of conventional reality are always provisional: if our empirical experience or inference undermines a conceptual construct, we are to rid ourselves of that construct.

A Buddhist may accept that certain information is, as a matter of convention, regarded as personal and private. However, a Buddhist would deny that information is personal in virtue of its connection to a substantial, stable and autonomous self. For a Buddhist, questions of personal identity do not have an ultimate answer. There is not one true reply to the question “are the boy, the soldier, and the old man the same person?” or “if your mind is transplanted into a second, qualitatively identical body, are you one person or two?” In each case, the answer will entirely depend upon who is asking, and why. Similarly, a Buddhist cannot accept that information about certain characteristics of a person is essentially private, nor that privacy is categorically important. In each case, the value will be entirely determined by convention and context.

This approach is largely mirrored by the more recent theory of privacy as “contextual integrity” put forward by Nissenbaum, according to which privacy is the appropriate flow of personal information [55], p. 225). She argues that appropriate flows of information are not determined by individual rights per se, but contextual norms; there is no presumption in favor of “hoarding, holding or stopping flow” or “stoppage, secrecy and data minimization”. Norms can be construed as rules but, unlike rules, they may not be explicitly stated, may come from a variety of sources, may or may not have a legal basis, may be universal or particular, etc.Footnote 21 In short, norms are a more flexible concept when it comes to capturing the practices constitutive of a distinct social context.

Contextual integrity accounts for the fact that “society comprises multiple social spheres” [55], p. 226), e.g., the household, the workplace, the doctor’s office, and that privacy rules must be responsive to corresponding differences in norms. To wit, the difference between doctors sharing information about a patient within a medical setting and sharing that same information to the press does not consist in a difference in the information shared, but the relevant context. There is no intrinsically sensitive information, since the same information can be sensitive in one context but not in another.

Contextual integrity is to be distinguished from procedural and intrinsic approaches to privacy, which hold that “no matter what the substance of the practice, as long as subjects are notified and are allowed either to refuse or consent, privacy has been duly respected” [55], p. 228). According to contextual integrity, consent is not always necessary nor sufficient for legitimizing information flows. This view rejects the idea of privacy as secrecy, and so rejects trade-offs between privacy and safety, convenience, etc. Furthermore, “privacy allows for information flows that are appropriate, including flows needed to promote utility”.

Elsewhere, Julie Cohen argues that “privacy’s most enduring institutional failure modes flow from its insistence on placing the individual and individualized control at the center” [18]. She writes [16], p. 1905):

Like the broader tradition of liberal political theory in which it is situated, legal scholarship has conceptualized privacy as a form of protection for the liberal self…[However], the liberal self who is the subject of privacy theory and privacy policymaking does not exist.

Rather than grounding privacy in an autonomous self, privacy should be thought of as “an indispensable structural feature of liberal democratic political systems" that is “foundational to the practice of informed and reflective citizenship”.

In a similar vein, Hongladarom writes [34], p. 90):

The usual way privacy of an individual is justified is that, since the individual deserves respect because she is autonomous and has dignity, she thus has privacy rights as an expression of that respect. Now suppose that the individual has the same privacy rights but she is considered in the Buddhist way as not being grounded on an inherently existing self, then the privacy right and other rights can still be accorded to her because these rights are necessary components of the kind of society that we find valuable, such as a democratic one.

Privacy can be grounded in societal values, such as democratic participation, even in the absence of corresponding individual rights.

From a legal standpoint, Salome Viljoen argues that treating privacy as an individual right simply fails to protect individuals from the real harms of surveillance capitalism. Companies engaged in large scale data collection are focused on collecting personal data to derive population-level insights that “can then be applied to all individuals (not just the data subject) who share these population features” [76], p. 578). The problem with prevailing theories is that they “attempt to reduce legal interests in information to individualist claims subject to individualist remedies, which are structurally incapable of representing the interests and effects of data production’s population-level aims” [76], p. 578). Instead of treating privacy as an individual right, Viljoen recommends developing “institutional forms” that recognize the supra-individual importance of data collection and treat data as a collective resource.

All of these accounts of privacy are in accord with a Buddhist conception of the self: it is ultimately norms, conventions and other social values, and not the existence of an autonomous self, that should ground and give shape to privacy protections. In the case of biobanks, norms exist that preclude sharing genetic information with those who are outside of the medical research community (e.g., insurance companies) and maintaining a high level of security. It is also common for research involving human subjects to go through an institutional or ethics review board if it is considered to have serious ethical risks [26]. Genetic research conducted using biobanks is no exception [13, 72]. However, the ethics review board process is specifically designed to provide a contextualized judgment about individual cases based on the reasoning of informed experts, as opposed to simply following a set of explicitly defined rules.

Before moving on, an objection ought to be considered. If Buddhists believe privacy is ultimately justified insofar as it is a part of our norms and conventions, why couldn’t they also see concepts like dignity and an autonomous self as similarly justified? Is there not an inconsistency or at least an arbitrariness in deciding to value certain norms and conventions while discarding others that “run together”? If there is no fact of the matter about persons, and they only exist in a conventional sense, why should anyone set of conventions be valued over another?

The best answer might be a pragmatic one: certain norms and conventions seem, as a matter of practice, to be more or less conducive to the elimination of suffering.Footnote 22 Perhaps, since suffering is contingent on having a sense of self, those conventions that strengthen that sense are more likely to lead to suffering. Or perhaps the point is just that norms that are based upon a real, substantial autonomous self-preclude any revision, because they assume a fixed metaphysical basis. In other words, we should not tie privacy to human dignity if this means we cannot conceive of privacy as anything more or less than a fundamental right versus a set of revisable conventions.

8 A Buddhist critique of surveillance capitalism

Surveillance capitalism is, broadly, an economic arrangement, where personal information is collected by firms and used “to predict and modify consumer behavior as a means to produce revenue and market control” [79], p. 75). One of the distinguishing features of surveillance capitalism is surveillance assets, “data assets appropriated through ubiquitous automated operations” [79], p. 81). Surveillance assets attract investment in the form of surveillance capital—best exemplified by companies such as Google and Facebook [17, 61]. Firms operating within the paradigm of surveillance capitalism (as opposed to good old fashioned capitalism) are primarily focused on extracting consumers’ data rather than their money [79], p. 81).

A privacy-centric critique of surveillance capitalism would focus on how surveillance assets are “’stolen goods’ or ‘contraband’ as they were taken, not given” [79], p. 81). Corporations hoover up personal information from unwitting users, thereby disrespecting their dignity as autonomous agents.Footnote 23 On this view, we should object to surveillance capitalism, and the activities of firms, such as Facebook and Google, because our privacy is systematically eroded by their actions.

But for the Buddhist, there is no a priori reason that individuals ought to retain control over personal information because of a connection to personal identity or human dignity. Rather Buddha’s doctrine says that dukkha originates from ignorance, craving and aversion: we chase pleasure and run from pain, and this endless pursuit leaves us in a state of existential despair. This focus on the link between desire and dissatisfaction shifts attention to the way in which surveillance capitalists use the personal data that they collect from us.

Companies at the heart of surveillance capitalism, such as Google and Facebook, derive almost all of their profits from the sale of advertising [25, 66]. Consequently, the vast majority of personal data collected by such companies is put to a single use: deciding how and to whom to advertise goods and services.Footnote 24 The commercial value of surveillance capitalism is the large-scale transformation of users into consumers.

In the digital age, surveillance capitalism is the engine of consumerism, whose “cardinal feature…is acquisition and consumption as the means of achieving happiness” [47]. Consumerism arose in the twentieth century as a “solution” to the capitalist’s problem of overproduction,Footnote 25 where goods are produced faster than they can be consumed [67]. With the advent of consumerism, producers sought to not only produce goods for but also desires in consumers.Footnote 26

A more comprehensive review of consumerism is well beyond our scope. For present purposes, what matters is the link between surveillance capitalism, consumerism and the Buddhist concept of dukkha. Surveillance capitalism involves the collection of personal data, primarily for the purpose of targeted advertising which is aimed at influencing individuals to desire particular goods and services. This process, the deliberate cultivation of desire, is at direct odds with the core teachings of Buddhism. In the Dhammapada, Buddha explains the causal connection between desire and dukkha ([69], Chapter 16)Footnote 27:

Never have anything to do with likes and dislikes. The absence of what one likes is painful, as is the presence of what one dislikes.

Therefore don’t take a liking to anything. To lose what one likes is hard, but there are no bonds for those who have no likes and dislikes.

From preference arises sorrow, from preferences arises fear, but he who is freed from preference has no sorrow and certainly no fear…

From craving arises sorrow, from craving arises fear, but he who is freed from craving has no sorrow and certainly no fear.

On the other hand, proponents of consumerism have long recognized and exploited the connection between craving, consumption and dissatisfaction. In “Keep the Consumer Dissatisfied”, Charles F. Kettering, then head of research at General Motors, argued [41]:

If everyone were satisfied, no one would buy the new thing because no one would want it. The ore wouldn’t be mined; the timber wouldn’t be cut. Almost immediately hard times would be upon us. You must accept this reasonable dissatisfaction with what you have and buy the new thing, or accept hard times. You can have your choice.

For the proponents and profiteers of consumerism, Buddha’s invocation to put an end to craving is a recipe for catastrophe. Similarly, for the Buddhist, the consumerist creed animated by surveillance capitalism is a surefire path towards unending suffering.

From a Buddhist perspective, the ills of surveillance capitalism have less to do with surveillance (and individual privacy) than they do with capitalism. Privacy can even be a distraction. Companies are now developing techniques that allow for targeted advertising without the collection of individuals’ data (Anthony [5], for example using synthetic data [11], and adopting “privacy preserving” machine learning techniques, such as differential privacy [21] and homomorphic encryption [7, 68]. While companies that employ these methods may reduce their dependency on collecting personal data,Footnote 28 they are still sustaining an economic system premised upon insatiable consumer demand. Within the paradigm of consumerism, dissatisfaction is not a bug, but a feature.

To be sure, there is nothing new about Buddhist inspired critiques of consumerism. In contrast, the goal of this article is to show how Buddhist concepts, which have largely been ignored within the field of AI ethics, can be applied to develop a critique of surveillance capitalism more particularly. This is not the same as saying that this critique is uniquely Buddhist or only applicable to surveillance capitalism (it isn’t). What distinguishes the Buddhist critique from the majority of literature written about surveillance capitalism is a specific consideration of the link between suffering and the pursuit of desire. This stands out against other critiques that concern individual freedom and the inability to “opt-out” of the surveillance infrastructure, e.g., [75].

A further question to consider is whether and to what extent corporations ought to be held accountable for the harms caused by surveillance capitalism, or whether it falls upon individuals to resist manipulation on their own. This leads to a more general question: what sort of regulation would reflect the concerns developed by a Buddhist critique of surveillance capitalism? We might expect such a regime to focus not merely on how data is collected and processed but also how the use of that data affects individuals’ mental state and consumption in particular. For example, a demarcation might be made between advertising a product that serves an existing need (e.g., showing an ad for a painkiller when someone searches “how to relieve headaches”) versus cultivating new types of desire (e.g., promoting “fast fashion” websites that overtly cater to passing fads). Of the course the question then arises: who would be responsible for making such distinctions, and is there really a principled basis for doing so? How can we systematically distinguish between “genuine” and “contrived” desiring? These questions highlight the practical difficulty of trying to implement some of the more far-reaching implications of a Buddhist critique of surveillance capitalism. However, this does not diminish the core insight that, over and above harvesting data without consent, treating individuals as mere consumers is an affront to their dignity.

9 Conclusions

In this article, I have presented a Buddhist perspective on privacy, and begun to develop a Buddhist critique of surveillance capitalism. Buddhism is incompatible with the view that privacy consists in protecting certain information that is essentially connected to personal identity. This is because Buddhists deny the problem of personal identity altogether: there is no singular answer to the question “what makes me who I am?” or, for that matter, “what and how should data be protected?”, because the correct response will entirely depend upon context and custom. In other words, both the self and persons are psycho-social and are only real insofar as we treat them as such. Consequently, Buddhism favors a contextual approach to privacy: there should not be hard and fast rules for when data is regarded as private, because persons are fictions that exist only in a conventional sense (saṃvṛti-satya).

Next, I turned to surveillance capitalism. From a Buddhist perspective, attempts to legislate privacy protections are an incomplete response to the more fundamental threat posed by surveillance capitalism, namely, a consumerist world view characterized by the twin phenomena of craving and dissatisfaction. According to this line of argument, to focus exclusively on privacy is to chase a red-herring. Firms may develop new methods for securing or reducing the need to collect personal information.Footnote 29 Nevertheless, so long as the business of surveillance capitalism is turning users into consumers through the manipulation of desire, it will always run afoul of Buddha’s teachings.