Just as a burn is an injury caused by heat, so is privacy harm a unique injury with specific boundaries and characteristics. This Essay describes privacy harm as falling into two related categories. The subjective category of privacy harm is the perception of unwanted observation. This category describes unwelcome mental states—anxiety, embarrassment, fear—that stem from the belief that one is being watched or monitored. Examples of subjective privacy harms include everything from a landlord eavesdropping on his tenants to generalized government surveillance.
The objective category of privacy harm is the unanticipated or coerced use of information concerning a person against that person. These are negative, external actions justified by reference to personal information. Examples include identity theft, the leaking of classified information that reveals an undercover agent, and the use of a drunk-driving suspect’s blood as evidence against him. The subjective and objective categories of privacy harm are distinct but related. Just as assault is the apprehension of battery, so is the perception of unwanted observation largely an apprehension of information-driven injury. The categories represent, respectively, the anticipation and consequence of a loss of control over personal information.
This approach offers several advantages. It uncouples privacy harm from privacy violations, demonstrating that no person need commit a privacy violation for privacy harm to occur (and vice versa). It creates a “limiting principle” capable of revealing when another value—autonomy or equality, for instance—is more directly at stake. It also creates a “rule of recognition” that permits the identification of a privacy harm when no other harm is apparent. Finally, this approach permits the measurement and redress of privacy harm in novel ways