Ethics and Information Technology 1: 275–281, 1999.

© 2000 Kluwer Academic Publishers. Printed in the Netherlands.

KDD: The challenge to individualism

Anton Vedder
Tilburg University, Faculty of Law / Eindhoven University of Technology, Faculty of Technology Management, The Netherlands
E-mail: anton.vedder@kub.nl

Abstract. KDD (Knowledge Discovery in Databases) confronts us with phenomena that can intuitively be
grasped as highly problematic, but are nevertheless difficult to understand and articulate. Many of these problems
have to do with what I call the “deindividualization of the person”: a tendency of judging and treating persons on
the basis of group characteristics instead of on their own individual characteristics and merits. This tendency will
be one of the consequences of the production and use of group profiles with the help of KDD. Current privacy
law and regulations, as well as current ethical theory concerning privacy, start from too narrow a definition of
“personal data” to capture these problems. In this paper, I introduce the notion of “categorical privacy” as a
starting point for a possible remedy for the failures of the current conceptions of privacy. I discuss some ways in
which the problems relating to group profiles definitely cannot be solved and I suggest a possible way out of these
problems. Finally, I suggest that it may take us a step forward if we would begin to question the predominance
of privacy norms in the social debate on information technologies and if we would be prepared to introduce
normative principles other than privacy rules for the assessment of new information technologies. If we do not
succeed in articulating the problems relating to KDD clearly, one day we may find ourselves in a situation where
KDD appears to have undermined the methodic and normative individualism which pervades the mainstream of
morality and moral theory.

Introduction these phases, a search hypothesis is used to guide the

Knowledge discovery in databases (KDD) is the non-
trivial extraction of implicit, previously unknown,
and potentially useful information from data (Frawley,
Piatetsky-Shapiro and Matheus, 1991). The greatest
opportunities of KDD are description and – foremost
– prediction of behavior (Fayyad, Piatetsky-Shapiro
and Smyth, 1996). The process of KDD focuses
on finding understandable patterns, especially when
working with large databases. In recent years, KDD
has been acknowledged as an important set of tech-
niques in analyzing data for purposes such as dir-
ect marketing and credit scoring. Other applications
include checking for patterns in criminal behavior for
forensic and judicial purposes and analyzing med-
ical data or data about medical drug consumption in
combination with demographic data to predict poten-
tial risk groups. The KDD process is usually divided
into three phases: the data warehousing phase, the
data mining phase, and the interpretation phase. Con-
fusingly, the whole process of KDD, i.e., all three
phases together, are often referred to also as “data
mining.” It may be better to use the latter notion
only for the middle phase of KDD. In the data ware-
housing phase, data is collected, enriched, checked,
and coded. The data is analyzed in the data min-
ing phase. Finally, the results are interpreted. During
process.
Much has been written already about the technical
ins and outs of KDD. In this paper, I want to draw
attention to another side of KDD. I will focus on
ethical, legal, and public policy aspects. I will start
by giving some preliminaries in order to delimit the
phenomena and problems I want to discuss.
First, it should be noted that the views which I
will put forward do not apply to all forms of KDD.
Throughout this paper, I will treat of KDD only insofar
as it involves the use of personal data. I include KDD
insofar as it involves the use of personal data in com-
bination with other data, but I will not address KDD
involving no personal data at all. For instance, KDD
focusing on production processes exclusively with the
help of data about machines and materials will not be
of my concern, here.
Secondly, by “personal data” I do not exclusively
mean data immediately relating to individually iden-
tifiable persons. I refer to personal data in a broader
sense, also including data which originally, at some
time, has been linked to individual persons, but at
some other time has been processed and become part
of a set of anonymous data and complied data. These
types of data originally contained or were accompan-
ied by identifiers of individual persons. At some stage
of aggregation or processing, the data was disconnec-
276 A NTON V EDDER
ted from these individual identifiers and was combined
with an identifier of a group of individuals. These
group identifiers can be group or class characteristics
as diverse as a certain age, the ownership of a certain
type of car, the residency in a certain area with a certain
postal code, a certain position, characteristics indicat-
ing the use of a certain medicine or a combination of
some such characteristics.
I will argue that it is precisely the use of these
group-linked data and the production of generaliz-
ations and profiles of data or information subjects
defined by such group characteristics, which can be
highly problematic. However, I will first point out
that the current privacy law and regulations are based
on a narrow definition of personal data. Next, I will
draw attention to the serious social problems that may
arise from the production and application of certain
personal data in the broader sense. I will show that
these problems cannot be captured on the basis of
current conceptions of privacy in law, regulation or
even ethical theory for that matter. As to this, I will
introduce the notion of “categorical privacy” as a start-
ing point for a possible remedy for the defects of the
current conceptions of privacy. To this, I will add
some remarks about the way in which the problems
referred to certainly cannot be solved. I will close with
the suggestion that our normative framework for the
assessment of modern information technology stands
in need of extension. The contemporary one-sidedness
resulting from the preponderance of privacy norms, to
my mind, should be counterbalanced by invoking addi-
tional normative principles, e.g. principles regarding
social justice, equality, and fairness.
Personal data, law, and ethics
Personal data is often considered to be the exclusive
kind of data eligible for protection by privacy law and
privacy norms. Personal data, furthermore, is com-
monly defined as data and information relating to an
identified or identifiable person. A clear illustration
of this rather narrow starting point can be found in
the highly influential European Directive 95/46/EC of
the European Parliament and of the European Council
of 24 October 1995 “on the protection of individuals
with regard to the processing of personal data and on
the free movement of such data.” With regard to the
processing of personal data, the Directive poses some
basic principles. For the purposes of this paper, I will
highlight some of these. It is important to notice that
– as may be expected from the definition of personal
data – most of these principles lean heavily on the idea
that there is some kind of direct connection between a
person and his or her data.
First, there are some principles regarding data qual-
ity. Personal data should only be collected for spe-
cified, explicit, legitimate purposes and should not be
further processed in a way incompatible with these
purposes. No excessive amounts of data should be col-
lected, relative to the purpose for which the data is
collected. Moreover, the data should be accurate and,
if applicable, kept up to date. Every reasonable step
must be taken to ensure that inaccurate or incomplete
data is either rectified or erased. Also, personal data
should be kept in a form which permits identification
of data subjects for no longer than is necessary for the
purpose for which the data was collected.
Secondly, some principles apply for legitimizing
personal data processing. If an individual has unam-
biguously given his or her consent, data processing is
legitimate. Without such consent, there are only a few
situations in which data processing is legitimate. For
instance, personal data processing is legitimate if it
is needed for the performance of a contract to which
the data subject is a party, for compliance with a legal
obligation, to protect a vital interest of the data subject,
for the performance of a task which is carried out in
the public interest, or for the purposes of the legitimate
interests pursued by the controller or by third parties to
whom the data is disclosed.
Thirdly, the data subject has some specific rights
with regard to “his or her” personal data. Among these
rights are the right of access (knowing what data is
being stored and whether the data relating to the data
subject are being processed), the right of rectification,
the right to know to whom the data has been disclosed,
and the right to object to the processing of data relating
to the data subject.
The definitions and principles formulated in the
European Directive are mirrored in the national pri-
vacy laws and regulations of the European Union
countries, since a Directive must be implemented in
national law and regulation. Therefore, the impact of
the Directive’s definition and principles should not be
underestimated.
The Directive’s definitions and principles them-
selves certainly reflect ideas about informational pri-
vacy currently held amongst legal and ethical theorists.
Sometimes, these theoretical views on informational
privacy are not much more than implicit assump-
tions. However, things are different and more articulate
where theorists define informational privacy as being
in control over (the accessibility of) personal inform-
ation, or where they indicate some kind of personal
freedom, such as the preference freedom in the vein
of John Stuart Mill’s individuality, as the ultimate
point and key value behind privacy (see, for instance,
Parent, 1983; Johnson, 1989). These theorists con-
sider privacy to be mainly concerned with information
 KDD: T HE C HALLENGE TO I NDIVIDUALISM
relating to designated individuals. They also tend to
advocate protective measures in terms of safeguarding
an individual’s control and consent vis-à-vis certain
dispersions of personal information.
Now, applying the narrow definition of personal
data and protective measures like the Directive’s and
some philosophers’ to the KDD process is not without
difficulties. Of course, as long as the process involves
personal data in the strict sense of data relating to
an identified or identifiable individual, the principles
apply without reservation. However, as soon as the
data has ceased to be personal data in the strict sense, it
is not at all clear how the principles should be applied.
For instance, the right of rectification applies to the
personal data in the strict sense itself; if does not
apply to information derived from this data. The same
goes for the requirement of consent. Once the data has
become anonymous, or has been processed and gener-
alized, an individual cannot exert any influence on the
processing of the data at all. The rights and require-
ments make no sense regarding anonymous data and
group profiles.
Deindividualization
KDD confronts us with a paradoxical situation. The
data used and the generalizations and profiles created
do not always qualify as personal data. Nevertheless,
the ways in which the generalizations and profiles are
applied may have a serious impact on the persons from
whom the data was originally taken or, even more for
that matter, to whom the generalizations and profiles
are eventually applied. In fact, since these general-
izations and profiles are often used as if they were
personal data while in fact they are not, the impact
on individual persons is sometimes even stronger than
with the use of “real” personal data. Let me elaborate
on this.
First of all, where generalizations and profiles are
used as a basis for formulating policies of public and
private organizations, or where they just slip into the
body of public knowledge, individuals are affected
indirectly. Persons are judged and treated more and
more as members of a group (i.e. the reference group
that makes up the data or information subject) rather
than as individuals with their own characteristics and
merits. This consequence of KDD using or produ-
cing personal data in the broad sense may, at first
sight, seem rather innocent. It loses, however, much
of its innocent appearance where the information con-
tained in the generalizations or profiles is of a sensitive
nature, because it is typically susceptible of prejudice
and taboo or because it can be used for selections
in allocation procedures. So, for instance, inform-
277
ation about persons having a certain probability of
manifesting certain diseases, lifestyles, etc. may eas-
ily give rise to stigmatization and discrimination. The
information may also be used for giving or deny-
ing access to provisions, like insurances, loans, or
jobs.
Secondly, increasing the use and production of
generalizations and profiles on the basis of personal
information can lead to growing unfairness in social
interaction. This is poignantly clear in the case of what
I will call nondistributive generalizations and profiles,
as opposed to distributive generalizations and profiles.
Distributive generalizations and profiles assign certain
properties to a data or information subject, consist-
ing of a group of persons however defined – in such
a way that these properties are actually and uncondi-
tionally manifested by all the members of that group.
Distributive generalizations and profiles are put in
the form of down-to-earth, matter-of-fact statements.
Nondistributive generalizations and profiles, however,
are framed in terms of probabilities and averages and
medians, or significant deviances from other groups.
They are based on comparisons of members of the
group with each other and/or on comparisons of one
particular group with other groups. Nondistributive
generalizations and profiles are, therefore, signific-
antly different from distributive generalizations and
profiles. The properties in nondistributive generaliza-
tions and profiles apply to individuals as members of
the reference group, whereas these individuals taken
as such need not in reality exhibit these properties.
For instance, in a credit-scoring application a loan can
be refused on the basis of the fact that an applicant
belongs to a reference group, e.g. having a certain
kind of job, which is the information subject of a
nondistributive profile of a bad debtor, whereas the
applicant himself is in fact an extremely trustworthy
person who has not missed an instalment on a loan
in his whole life. Or an applicant may be refused a
life insurance on the basis of a nondistributive gen-
eralization of certain health risks of the group (e.g.
defined by a postal code) to which he or she happens
to belong, whereas he or she is a clear exception to the
average risks of his or her group. In all such cases,
the individual is judged and treated on the basis of,
coincidentally, belonging to the “wrong” category of
persons.
Of course, these problematic consequences are not
unique to KDD. As a matter of fact, they are inherent
to many forms of matching and profiling, and even to
certain forms of noncomputerized generalizations of
personal data (Vedder, 1995, 6–11, 105–114, 1997).
What is new with KDD, however, is the enormous
scale on which data can be processed and generaliz-
ations and profiles can be produced. Relatively new,
278 A NTON V EDDER
also, are the ever-growing possibilities of discovering
hitherto unnoticed relationships between characterist-
ics and features of persons, created by KDD. This,
by the way, also creates ample opportunities of cov-
ering up or hiding the use of certain delicate pieces
of information. On the basis of a statistical correlation
between the ownership of a certain kind of car and
belonging to a high-risk group for a certain disease,
an insurance company could for instance allocate its
health insurance according to the type of car owned
by a candidate. The company would then be able to
select candidates without asking or checking for their
health condition and prospects; it would not arouse
the suspicion of selecting on the basis of health cri-
teria. This possibility may be used in countries where
selection on the basis of health is forbidden for health
insurances.
However this may be, the generalizations and pro-
files will be used more and more as a basis for policy-
making by public and private organizations. In this
way, they may ultimately give rise to a new social strat-
ification. Although many uses of the products of KDD
are morally acceptable, and even desirable, many other
possible applications are at odds with commonly held
values regarding the individuality of human persons.
I think, therefore, that the time has come for a new
orientation in data protection, or, perhaps even better,
in the moral and legal assessment of information tech-
nology in general. I am not in a position to provide
clear-cut solutions, but I will suggest a starting point
for a discussion of these problems and indicate ways
in which they definitely cannot be solved.
Categorical privacy
Most conceptions of individual privacy currently put
forward in law, regulation, and ethical debate have
one feature in common: not only do they assume that
the personal data with which privacy is concerned ori-
ginally contains statements about states of affairs or
aspects accompanied by indicators of individual nat-
ural persons, but they also assume that the data as a
result of processing continues to contain statements
about states of affairs or aspects accompanied by iden-
tifiers of individual natural persons. This feature of
current privacy conceptions has two important con-
sequences: it makes it difficult to label the problematic
aspects of using data abstracted from personal data
and producing and applying group profiles and gen-
eralizations; it also makes it difficult to fathom the
seriousness of these problems in practice.
It should be observed that group profiles and gen-
eralizations may occasionally be incompatible with
respect for individual privacy and laws and regula-
tions regarding the protection of personal data, as it
is commonly conceived of. For instance, distributive
generalizations and profiles may sometimes be right-
fully thought of as infringements of (individual) pri-
vacy when the individuals involved can easily be
identified through a combination with other informa-
tion available to the recipient or through spontaneous
recognition.
In the case of nondistributive profiles and general-
izations, however, the information remains attached to
an information subject constituted by a group. It can-
not be traced back to individual persons in any straight-
forward sense. The groups which are the information
subjects of nondistributive profiles and generalizations
can often only be identified by those who defined them
for a special purpose. From the perspectives of others
than the producers and certain users of the profiles and
generalizations, the definition of the information sub-
ject will remain hidden because they do not know the
specific purposes of the definition. When coincident-
ally found out by the latter, they will probably think of
the definition as being arbitrarily chosen. Most import-
antly, however, the information contained in the profile
or generalization envisages individuals as members of
groups; it does not envisage the individuals as such.
Supposing for the sake of argument that the profile
or generalization has been produced in a methodically
sound and reliable way, it only tells us some truth about
individual members of those groups in a very qualified,
conditional manner. Therefore, privacy rules and con-
ventions, as they are traditionally conceived of, do not
apply.
Regarding the privacy of the information subject,
i.e. the reference group as a whole, one might think
that perhaps we could be saved by a notion of col-
lective privacy. However, collective privacy will not
do the job properly. The notion of collective privacy
is too easily associated with the concept of collective
rights. The subjects of collective rights are groups or
communities. In order to make sense of the idea of
collective rights, these subjects are often treated as
beings analogous to persons or moral agents, or at
least as conglomerates having certain characteristics
which cannot ultimately and exhaustively be explained
by the input of the individual members. Furthermore,
they are often thought to be structured or organized
in some way so as to be able to exercise their rights
or let their rights be advocated by vicarious agents
(Hartney, 1991). All of these properties are out of the
question as regards the reference groups of the pro-
files and generalizations we are considering. From the
perspective of their members, these groups are mostly
randomly defined. Their members do not have any spe-
cial ties of loyalty among one another. They do not
have organizational structures either. Therefore, they
 KDD: T HE C HALLENGE TO I NDIVIDUALISM
are not capable of taking decisions or acting in their
quality of collectivities.
In order to remove the deficiencies of current con-
ceptions of individual privacy as regards analytical and
distinctive evaluative potential, we would be better off
by something which I would prefer to call “categorical
privacy”. I suggest that we conceive of categorical pri-
vacy as a value, in many respects similar to individual
privacy, except that it relates to data or information
to which two conditions do apply: (1) the informa-
tion was originally taken from the personal sphere of
individuals, and – after aggregation and processing
according to statistical methods – is no longer accom-
panied by identifiers of individual natural persons, but,
instead, by identifiers of groups of persons; (2) when
attached to identifiers of groups and when disclosed,
the information is apt to carry with it the same kind
of negative consequences for the members of those
groups as it would for an individual natural person
if the information were accompanied by identifiers of
that individual.
Categorical privacy is strongly connected with indi-
vidual privacy. The values which oppose infringements
of individual privacy, such as personal autonomy, indi-
viduality, and certain social interests, equally oppose
infringements of categorical privacy. Unlike collect-
ive privacy, however, categorical privacy has its points
in respecting and protecting the individual rather than
in respecting and protecting the group to which the
individual belongs. Furthermore, the conception of
categorical privacy presented here – just like many
current conceptions of individual privacy – builds on
a conventionally predefined conception of (informa-
tion concerning) the personal sphere (Johnson, 1992).
Categorical privacy, however, is different from its indi-
vidual counterpart in that it draws attention to the
attribution of generalized properties to members of
groups, which, however, may result in the same effects
as the attribution of particularized properties to indi-
viduals as such. In this respect, categorical privacy
resembles stereotyping and wrongful discrimination
on the basis of stereotypes (Harvey, 1991).
Infringements of categorical privacy cannot be
dealt with in ways similar to those in which indi-
viduals are protected against possible infringements
of individual informational privacy. The application of
principles and rights of, for instance, rectification and
consent to potential infringements on categorical pri-
vacy is to a large extent impossible. Even if it were
possible, it would nevertheless be unacceptable for
obvious reasons. First, as has been explained above,
the reference group of the generalization or profile
will only rarely be able to reach and enact collective
decisions because of its lack of organizational structure
and personal or social ties. Secondly, if one were to
279
turn from the group as such to the individual members
of the groups, then an individual’s possibility of refusal
or opting out could be harmful to other members of the
reference group as well as to the very person refusing
to allow personal information to be used in produ-
cing the profile. For, actual refusal will reduce the
reliability of the profile or generalization, while, never-
theless, all members of the reference group, including
the individual who opted out, are at risk of being
judged and treated on the basis of just this profile or
generalization with reduced reliability. Of course, the
possibility of opting out may also, in some respects,
benefit the members of the reference group. If, in the
case of profiles or generalizations intended for applic-
ation in selection procedures, only people with bad
risks actually refuse the use of their information this
may turn out to be rather advantageous for the healthy
and well-to-do. This, however, does not diminish the
wrongfulness of, for instance, judging and treating per-
sons on the basis of properties which they do not, if
only with a decreased probability, instantiate.
Perhaps then the only way to protect individu-
als against the possible negative consequences of the
use of generalizations and profiles based on personal
information in the broad sense lies in a careful case-
by-case assessment of the ways in which abstracted
personal data, group profiles and generalizations are in
fact used and can be used. By meticulously investigat-
ing and evaluating these applications one may hope to
find starting points for restrictions of the purposes for
which these data, profiles, and generalizations may be
produced and applied. An elaborate proposal concern-
ing such acceptable and unacceptable purposes cannot
be provided here. It is important, however, to keep
in mind that solutions will not be found only in for-
bidding the production and application of profiles and
generalizations for certain purposes. In many cases, it
may be more appropriate to reconsider those purposes
themselves. Sometimes it may be easier or even mor-
ally more desirable to do something about social and
economic arrangements that induce wrongful applic-
ations of information technologies like the ones used
for KDD than abolishing those applications. This is
the case especially where, for instance, profiles and
generalizations can be used for desirable purposes and
for undesirable purposes at the same time. Also, in
such situations where there is a possibility of good use
and bad use of the same newly produced information,
doubtlessly some help is to be expected from crypto-
logists. Sometime in the future it must be possible to
make the information in certain profiles and generaliz-
ations accessible to some people and not to others, for
some purposes and not for others, and to protect data-
bases against the possibility of applying certain types
of queries.
280 A NTON V EDDER
Closing remarks
I have tried to draw attention to the problems of KDD
using personal data in terms of categorical privacy, and
I have indicated the shortcomings of traditional privacy
conceptions. My main concern was to define some
important problematic consequences which KDD may
have for the ways in which individuals are judged and
treated, so that they may not be overlooked, but be
critically assessed. In this way I hope to have con-
tributed to a fruitful discussion of the solution of these
problems.
There is one other point I would like to make. I have
tried, in a sense, to extend the notion of privacy and the
traditional privacy norms. Of some of the problematic
aspects of KDD I am still not completely sure whether
they are best articulated in terms of privacy at all, be
it individual or categorical. Especially regarding those
problems where producing the information is not so
much the problem, but applying it for certain purposes
is, other normative principles may be more appropri-
ate. For instance, articulations in terms of social justice
and fairness may sometimes be more to the point than
those in terms of (categorical) privacy.
My reason for still adhering to privacy is in a sense
a strategic one. The notion of privacy is overwhelm-
ingly dominant in the legal and moral vocabularies
and conceptual frameworks of those working in the
fields of information technology and law, information
technology and public policy, and even to large extent
information technology and ethics. In these circles,
the privacy vocabulary has almost become the lingua
franca for the assessment of information technology.
This is a good thing in many ways. It facilitates com-
munication and guarantees in some respects a clear
discussion. However, it also has its dark side. The one-
sidedness that comes with the privacy vocabulary is apt
to create an imbalance in our capacities to perceive,
analyze, and articulate the multifarious moral aspects
of information technology. Although in this paper I
have chosen the compromise of staying within some
limits of the privacy vocabulary, I hope to have shown
by way of an exemplary case that the traditional pri-
vacy notion is not sufficient for grasping the problems
relating to information technology.
Returning to KDD in particular, I think that becom-
ing conscious of the problems of KDD is all but a
luxury. A bigger danger is lurking, if we do not
become alert to problems described here. It is a
danger that may affect our moral outlook as a whole.
The unreflected and undirected production of gener-
alizations about groups of persons with the help of
KDD may in the end show itself to be a threat to
some of the basic premises of traditional morality and
moral theory. KDD may through its steadily ongo-
ing deindividualizing effects, little by little, undermine
both methodic and normative individualism, which
are the hallmarks of the still dominant utilitarian and
(neo-)Kantian moral frameworks.1 Perhaps that is the
inevitable outcome of an unavoidable process of which
we are now experiencing the beginnings and to which
we will grow accustomed in the end. If, however,
there are possibilities of influencing the process, then
those possibilities will certainly start with gradually
becoming more articulate.
Acknowledgements
I am grateful to Robert van Kralingen and Eric
Schreuders, Tilburg University, for their suggestions
and contributions to an earlier version of this paper
relating to my reading of the European Directive
95/46/EC. I presented this earlier version of the paper
at the CEPE Conference, December 1998 at the Lon-
don School of Economics. I also want to thank Her-
man Tavani, Rivier College, Nashua, for his inspiring
comments on that occasion.
Note
1. Another interesting topic relating to KDD is that it chal-
lenges our traditional views and definitions of knowledge
by depersonalizing knowledge. This might in turn affect
our views about the relationship between knowledge and
moral responsibility and the status of the moral actor. I
will address questions concerning the depersonalization of
knowledge and its moral consequences elsewhere.
References
U. Fayyad, G. Piatesky-Shapiro and P. Smyth. Knowledge Dis-
covery and Data Mining: Towards a Unifying Framework. In
E. Simoudis, J. Hian and U. Fayyad, editors, Proceedings of
the Second International Conference on Knowledge Discov-
ery & Data Mining. AAAI Press / MIT Press, Menlo Park,
Cal., 1996.
W. J. Frawley, G. Piatetsky-Shapiro and C. J. Matheus. Know-
ledge Discovery in Databases: An Overview. In G. Piatetsky-
Shapiro and W. J. Frawley, editors, Knowledge Discovery
in Databases. AAAI Press/MIT Press, Menlo Park, Cal,
Cambridge, Mass/London, 1991.
M. Hartney. Some Confusions Concerning Collective Rights.
Canadian Journal of Law and Jurisprudence 4: 293–314,
1991.
J. Harvey. Stereotypes and Group-claims: Epistemological and
Moral Issues and Their Implications for Multiculturalism in
Education. Journal of Philosophy and Education 24: 39–50,
1991.
 KDD: T HE C HALLENGE TO I NDIVIDUALISM 281

J. Johnson. Privacy, Liberty and Integrity. Public Affairs
Quarterly 3: 15–34, 1989.
J. Johnson. A Theory of the Nature and Value of Privacy. Public
Affairs Quarterly 6: 271–288, 1992.
W. A. Parent, Recent Work on the Concept of Privacy. American
Philosophical Quarterly 20: 341–356, 1983.
A. H. Vedder. The Values of Freedom. Thesis, Utrecht Univer-
sity, 1995.
A. H. Vedder. Privatization, Information Technology and Pri-
vacy: Reconsidering the Social Responsibilities of Organiz-
ations. In Geoff Moore, editor, Business Ethics: Principles
and Practice, pp. 215–226. Business Education Publishers,
Sunderland, 1997.