Data Promiscuity: How the Public-Private Distinction Shaped Digital Data Infrastructures and Notions of Privacy

The widespread digitization of modern life has led to unprecedented datafication, creating new information exchange pathways and transforming economic and political infrastructures. This paper argues that these changes are significantly influenced by the public-private distinction, which is used not only to describe but also to prescribe solutions to societal problems. This distinction, however, often poorly captures the complexities of citizens' interests in a datafied society. Therefore, this study focuses on the public-private distinction's role in shaping digital data infrastructure and explores alternatives. The analysis differentiates between informational aspects (what is kept secret versus what is shared) and institutional aspects (state-owned and for common good versus private ownership and profit-driven). These two aspects are examined together because changes in ownership and purpose directly affect information sharing. The EU's General Data Protection Regulation (GDPR), for example, illustrates the attempt to balance a data market with privacy rights, showing the intertwined nature of these aspects. The paper then delves into the concept of data promiscuity and uses Denmark as a case study to highlight the implications of this phenomenon.

The paper draws upon existing literature on datafication, the public-private distinction, and privacy. It references works by Ruckenstein and Schüll (2017) and van Dijck (2014) on the pervasive nature of datafication. The work of Geertz (1973) informs the understanding of the public-private distinction as both a model of and for reality. Ariès (1989) and Johansen and Andrews (2016) provide context for the various meanings of the public-private distinction in relation to data. Leonelli (2016) and Prainsack (2019) are cited regarding the relational nature of data and its inherent multiplicity, laying the groundwork for the concept of data promiscuity. Simmel's (1950a) work on the dialectic between secrecy and the manifest provides a framework for understanding the control of information sharing. Warren and Brandeis's (1890) seminal work on the right to privacy is also referenced, along with Sennett's (1974, 2017) insights on the right to privacy in public spaces. The paper also considers the implications of New Public Management and its influence on datafication, referencing the work of Mazzucato (2015). Finally, it draws on the works by Andrejevic (2013, 2015), Bowker (2005), and Pasquale (2015) relating to data infrastructures, security and privacy.

The research employs a qualitative methodology, combining policy analysis with ethnographic methods. The author participated in over 35 events, conducted more than 60 interviews with stakeholders from various sectors (ministries, health data organizations, industrial partners, data analysts, and activists), and constructed an archive of reports, news stories, policy papers, and institutional materials from homepages and minutes. This mixed-methods approach allowed for a rich understanding of the interplay between policy, practice, and lived experiences. The focus on Denmark allows for an in-depth exploration of a highly digitalized and datafied context, providing a strong case study to explore the broader implications of the public-private distinction on data infrastructure.

The study reveals that the public-private distinction in Denmark, coupled with digitization, has fundamentally reshaped welfare state infrastructures, including healthcare. The 'modernization program' (1983), inspired by New Public Management, incentivized data-intensive governance and clinical care. This resulted in the outsourcing of data infrastructures to commercial companies. The Central Person Register (CPR), while ostensibly 'public,' is managed by private IT companies, illustrating the blurring of public and private ownership. The informational implications include the increased accessibility of data, transforming the negotiation of secrecy and the manifest. The creation of digital platforms like Sundhed.dk, while aiming to empower citizens, paradoxically introduced new vulnerabilities by making medical data more readily available to family members, employers, and insurance companies. The case of the tabloid magazine Se og Hør illustrates how the datafication of financial infrastructures can lead to illegal data trade and breaches. The institutional implications highlight how 'public' and 'private' have become morally distinct zones, with private companies often profiting despite failures and public authorities bearing the blame. Examples cited include the sale of KMD and NETS to equity funds, resulting in significant personal gains for executives while public services suffered from technological failures and data breaches. This uneven distribution of profit and responsibility undermines social sustainability and health research reliant on data access.

The findings demonstrate that the public-private distinction, while seemingly providing a framework for understanding data management, actually shapes political logics and creates inequalities. The concept of data promiscuity highlights the inherent instability and multiple uses of data, challenging the notion of individual control over personal data. The GDPR's focus on data as private property is insufficient, as data are relational and inherently promiscuous. Individual responsibilization for privacy protection is ineffective, given the complex and often opaque nature of data flows. The study underscores that solutions focusing solely on individual control are inadequate. It emphasizes the need to move beyond the public-private binary to address data management issues. This requires a shift from a focus on individual rights to a consideration of shared legal safeguards and potentially the creation of data custodians to negotiate data uses on behalf of citizens.

This research reveals the performative effects of the public-private distinction on digital data infrastructures, particularly regarding privacy and data sharing. The concept of data promiscuity and its implications in Denmark show the need for moving beyond the public-private framework to address the challenges of data governance in a digital age. Future research should explore alternative models of data custodianship, legal mechanisms to mitigate harm, and strategies for preventing unproductive data use. The social sustainability of health research requires collective solutions that address inequalities and protect individuals' interests in the context of datafication.

The study focuses primarily on Denmark, potentially limiting the generalizability of its findings to other contexts. The qualitative nature of the data means that the results should be interpreted within the specific circumstances of the case study. The ethical considerations of the research prevented the sharing of full interview transcripts, potentially impacting the depth of analysis accessible to external readers.