Why should I care about data privacy if I have nothing to hide?
Why the "nothing to hide" argument is logically flawed
When Edward Snowden revealed the extent of government surveillance programs in 20131, defenders of mass data collection trotted out a familiar refrain: “If you have nothing to hide, you have nothing to fear.” This argument sounds reasonable on the surface, but it’s built on a foundation of logical errors that crumble under scrutiny. The “nothing to hide” defense isn’t just wrong—it’s dangerously wrong, and understanding why matters more than ever as our digital footprints grow larger each day.
📖 Definitions
Let’s establish some key definitions upfront. Terms like “argument,” “logic,” and “reason” carry both everyday and technical meanings from philosophy and mathematics. Given how misinformation saturates our information environment, being precise with language matters.
Data privacy is the principle that a person should have control over their personal data, including the ability to decide how organizations collect, store and use their data.2
Logic is the discipline within the field of philosophy that aims to distinguish good reasoning from bad reasoning.3
A fallacy is a common error in reasoning that will undermine the logic of your argument. Fallacies involve irrelevant points, lack supporting evidence, or present illegitimate arguments.4 (Here’s an extensive list of fallacies from Wikipedia with a lot of references.)
An argument is the assertion of a conclusion based on logical premises.5
Reason is the basis or motive for an action, decision, or conviction.6
🔴 Logical errors in the “nothing to hide” argument
🆚 The false dilemma (either-or fallacy)
The “nothing to hide” argument assumes you either have something illegal, shameful, or embarrassing to hide or you should be fine with surveillance. It ignores the fact that there’s an entire spectrum of legitimate privacy interests and lacks nuance. In the discipline of philosophy, this type of argument is known as an either-or fallacy or a false dilemma7, and results in a conclusion that oversimplifies the argument by reducing it to only two sides or choices.
🔍 Misunderstanding of harm
Additionally, the “nothing to hide” argument fails to recognize that privacy violations can cause harm even when no intentional wrongdoing is involved.
In 2022 alone, data breaches exposed over 22 billion records worldwide.8Among them: 3.3 million patients whose medical information was stolen from California-based Regal Medical Group in a ransomware attack. In early 2023, the company sent a letter to plan members, saying “the categories of impacted personal information may include, among other things: your name, social security number (for certain, but not all, potentially impacted individuals), address, date of birth, diagnosis and treatment, laboratory test results, prescription data, radiology reports, Medicare ID number, health plan member number, and phone number.”9
👀 Shifting burden
The “nothing to hide” argument unfairly places the burden on individuals to justify their privacy rather than on institutions to justify their data collection practices.
The argument implies that if an individual wants to exercise their right to privacy, then it is that individual’s responsibility to read the privacy policies of all the organizations they provide their personal data to, and to meaningfully opt-out accordingly. This is a massive, if not practically impossible, task.
Just think about how many accounts you’ve created just to handle everyday tasks: your bank’s online portal, government sites like your IRS taxpayer account or your city’s utility payment system, and healthcare portals like Epic’s increasingly ubiquitous MyChart.
You could call the IRS and wait on hold for an agent. You could mail a paper check to your city’s water department. If they even accept payments by mail, that is. You could refuse to access MyChart and ask your doctor to print out every referral, appointment reminder, test result, and visit summary. (Think of the poor trees!)
This approach demands an unreasonable, if not practically impossible, amount of effort from individuals. Many services now only accept electronic payments, and essential services like the IRS and monopoly utility companies offer no alternatives.
🚨 Appeal to extremes
Finally, the “nothing to hide” argument conflates all privacy concerns with criminal activity, when most privacy interests are entirely legitimate—like wanting your health information to be protected, preserving personal autonomy, and protecting against identity theft.
And we haven’t even discussed data brokers yet! Their role is a topic for another post, which I will get to writing in the not-too-distant future. (It could be the sole topic of a whole newsletter or ten, but here’s a good place to start if you’re curious about how much money they’re making selling our data.)
If you’ve previously been in the “nothing to hide” camp, I hope I have convinced you to reconsider whether you should be concerned about data privacy.
Please let me know if I missed any important points. 🍻 ‘Til next time!
Want to learn more about how you can protect your personal data? Join my new course!
I’m teaching a two-week course on Maven called Data Privacy for Citizens. Sign up by Sept. 30 and get 35% off by using the code EARLY at checkout. If you’ve taken a course with me on Maven in the past, reach out to me by email for an additional discount.
National Whistleblower Center, “The case of Edward Snowden”
From Introduction to Philosophy: Logic, Chapter 1: What is Logic?, by Benjamin Martin
There are a ton of compelling definitions of “reason”, but for the sake of this post I’m going with a concise one from the American Heritage Dictionary Of The English Language, Fifth Edition, by way of wordnik.
Texas State University Department of Philosophy, “False Dilemma”