Alan Westin is the father of modern data privacy law

While we may think that data privacy is a relatively new concept that began gaining more mainstream relevancy with the dawn of the smartphone era and the coming-of-age of tech juggernauts like Amazon, Apple, and Google, the truth is that data privacy has been an issue for legal scholars way before it became a talking point in your family WhatsApp group. One of the pioneers of this field is the legal scholar Alan F. Westin, who defined what the right to privacy might look like in a data-dominated era.

If you aren’t a data-privacy aficionado, you’d be excused from not knowing who Westin was or why he was so fundamental in establishing the concept of data privacy as you know it today. Westin is perhaps best known for his canonical book “Privacy and Freedom” from 1967, where he is considered to be the first person to have laid the foundation for the field of privacy law. To put that into perspective, that’s 40 years before the first iPhone was introduced into the world, and seven years before the first personal computer was publicly available.

In an interview with the New York Times, Jeffrey Rosen, a professor of law at George Washington University, said that Westin “was the most important scholar of privacy since Louis Brandeis,” having “transformed the privacy debate by defining privacy as the ability to control how much about ourselves we reveal to others.” Louis Brandeis was a Supreme Court Justice who, in the late 19th century, became the first to define privacy as a legal right. Westin expanded on Brandeis’ foundation and adapted the concept of the right to privacy to a 20th century context, which continues to carry into the 21st century.

For a significant part of his career, including the last 40 years of his life, Westin taught at Columbia University in New York, and specialised on public law and government. He was born in New York City in 1929, and began researching consumer data privacy and data protection in the 1960s during his time at Columbia. For Westin, there was a significant aspect missing in the privacy conversation being had at that time: “Few values,” wrote Westin, “so fundamental to society as privacy have been left so undefined in social theory or have been the subject of such vague and confused writing by social scientists.”

Before his seminal text “Privacy and Freedom” was published, the concept of privacy mostly centred on limiting the government’s control over individuals’ bodily autonomy, a debate that featured most prominently in cases like Roe v. Wade. It also centered on personal rights surrounding photography and covert activities like wiretapping. But as computer technology began gaining steam in the 1960s, it was clear that the law was falling behind. The widespread computerization of legal, financial, medical and other personal records meant that people’s personal data was now more widely accessible, and more vulnerable to misuse and abuse.

In “Privacy and Freedom,” Westin defined privacy as "the claim of individuals, groups, or institutions to determine for themselves when, how, and to what extent information about them is communicated to others." This was revolutionary in its approach. Basically, Westin argued that citizens should retain ultimate control over their personal data, including how much of their personal information is disclosed and to whom, how it should be maintained and how disseminated, therefore creating the groundwork for current understandings of online privacy laws way before the Internet was even a thing.

“This concept became the cornerstone of our modern right to privacy,” Marc Rotenberg, the executive director of the Electronic Privacy Information Center, an advocacy group in Washington, told the New York Times. “Part of ‘Privacy and Freedom’ is the argument that privacy enables freedom.” The book ended up receiving two prestigious journalism prizes, the George Polk Award and the Hillman Prize.

In 1972, Westin followed up the success of “Privacy and Freedom” with his book “Databanks in a Free Society”. There, he more deeply addressed the growing practice of computerizing personal records in government, commercial and nonprofit organizations. However, he wasn’t engaging in fear-mongering, and instead noted that computerization of records was an effective and ultimately necessary innovation, but that laws needed to adapt accordingly. By 1974, the U.S. introduced federal privacy legislation. Westin worked closely with senators in drafting the Federal Privacy Act of 1974, which was the first law to delimit the gathering and use of personal information by the federal government. This would set a legislative framework for how privacy issues would be treated by the United States government, and also made Westin a popular consultant across the globe, where he was in high demand with businesses, governments, and advocacy groups.

However, he wasn’t without his contradictions. He did make certain concessions to individual privacy when it came to national security matters, particularly after the September 11th, 2001 terrorist attacks. He described the controversial Patriot Act, for example, as a “justified piece of legislation.”

As the use, storage, and subsequent privacy of consumer data became more of a prominent topic as the Internet grew in presence and prominence, so did Westin’s guidelines and theories adapt. He believed, for example, that consumers were entitled to withhold their data from corporations, but could also opt-in to having products and services targeted to their interests (seasoned Internet users will recognise this as “cookies”). While some criticised him for allying himself too closely with commercial interests, others saw a pragmatism in the approach to an over-connected society in which data is king and in which privacy had to be balanced with new technologies. The main component, he purported, was to trust in individuals’ pragmatism and allow them to make decisions for themselves, as long as they had all the information of how their data would be used.

As tech juggernauts like Google, Facebook, and co began tightening their reign on data in the 2000s, Westin purported that it would need more than just legislation for data privacy and innovation to coexist. “He recognized that the problems of protecting privacy are now so daunting that they can’t be dealt with by law alone, but require a mix of legal, social and technological solutions,” Rosen told the New York Times.

Westin passed away in 2013, but his work and his research continues to be groundbreaking in its foresight and in its shaping of modern data privacy laws.