Sufficient Reason

Alan Dix

Computational Foundry, Swansea University, Wales

Talk at Cardiff University, 6th February 2019.


It is not uncommon to see privacy regarded as a form of personal secrecy managed by restricting information egress: for many this has been the default response to GDPR.  When considering state or corporate secrecy these models have some validity, or at least hold traction: for example, levels of security clearance, or physical control of documents.  However, for people the value and meaning of data is often more critical than raw volume.  It may be the case that less information is more problematic and damaging than more information; we may confide in strangers things that we would not say to colleagues or friends; and even the use of anonymous aggregated data may be counter to the interests of those about whom it is collected.  These things are all obvious when considered explicitly, and even for corporate and governmental entities issues of reputational damage share many features with personal privacy.  Yet the myths seem to persist in many technical ‘solutions’ to privacy and in day-to-day actions, not least the destruction of documents that contributed to the Windrush scandal.  As technologists we need to understand the non-monotonic nature of privacy and offer support that is less about restrictions on data, but more about maintaining provenance, understanding and explaining the implications of data, and creating tools and mechanisms to allow long-term personal control.

Keywords: gdpr, information security, privacy


Being secure: some myths of privacy and personal security from Alan Dix

















Alan Dix 8/8/2019