Book Review: Paul Bernal's "Internet Privacy Rights – Rights to Protect Autonomy"


In 1984’s sci-fi novel “Neuromancer”, William Gibson had become one of the first authors to provide a definition of the internet – to which he referred to as “cyber space”. At the time, he described it as “A consensual hallucination experienced daily by billions of legitimate operators, in every nation, by children being taught mathematical concepts… A graphic representation of data abstracted from the banks of every computer in the human system. Unthinkable complexity. Lines of light ranged in the non-space of the mind, clusters and constellations of data. Like city lights, receding.”[1]. However, despite his accurate prediction on the scale development of the global inter-connected digital network, the author had only presented the ways in which the internet eases human interactions. What he did not include as a part of his narrative is the series of political debates that arise once an all-encompassing and ever-growing medium projects reality into a network that, through its complexity and consistent development, is able to substitute human interactions, fundamentally change business models, and make the flow of information transcend national borders and governmental control.


Paul Bernal’s 2014 book, “Internet Privacy Rights – Rights to Protect Autonomy”, published by Cambridge University Press as a part of the “Cambridge Intellectual Property and Information Law Series”, comes in to provide a series of bold principles that can serve as solutions for the internet’s current privacy issues, based on a model that doesn’t bring about radical changes for any of the parts involved. “The Symbiotic Web”, as the author calls it, is a reflection of increased demands of privacy and autonomy on behalf of the internet users, so that governments have to become more accountable and transparent when collecting data, whilst businesses must adapt to the new market scheme and make sure that they alternate anonymity and personal data storage in a way that is both profitable and desirable by the users.

The book is structured in 10 chapters, each of them covering either principles of how the internet functions and the legislative framework/business practices behind, or proposals for a new way of approaching the two most crucial dimensions of the debate, that are turned into leitmotifs: privacy and autonomy.

What is groundbreaking about the model proposed by Mr. Bernal is the immovable claim that privacy should be the default position. Whilst the extent to which privacy had been absolute throughout the development of the internet is debatable, such a result can only be achieved once governments, businesses, and users reach a collaborative consent. In order to achieve the desired result, governments should change their surveillance methods and switch to a minimized, more efficient targeted system that also involves allowing the monitored the right to be informed about the process. Conversely, businesses should also combine transparency with opacity – in the sense that internet users shall be allowed to choose when and where they want to provide their real name and personal data (whilst the trend seems to go into the other direction, the author claims that “real name policy” should be a mere exception of the collaborative consent, and not the general rule).

In a reenactment of the Juvenalian question “Quis custodiet ipsos custodes?”, Mr. Bernal argues for a further empowerment of the users, so that at any time they should know whether they are being tracked, by whom, and the purpose of the tracking. Under no circumstances does the model imply a principle of reciprocity, so that the average user can enter the computer of the legitimate tracker and have a similar ease of access. Instead, as bold as this claim can be in the contemporary context when there is a growing tendency of surrendering fundamental rights under the pressure of security threats and in the interest of national security, it is feasible and easy to implement – as it provides a transparent way for the intelligence agencies and ministries of defense to legitimize their activity, while also maintaining the inviolability of the classified information.

On the commercial side, the relationship is simpler in comparison: instead of providing a “Terms of Agreement” that is unlikely to be thoroughly read by the users, the companies should respect the principles of privacy and autonomy by providing services accordingly. However, in the case of business models that function solely on the collection of data, consent should be reached – so that the users willingly give up on their rights and empower the company with the required data, in exchange for services.

Another highlight of the book is the paradigm shift that is made by the author in chapter 7, “Data Vulnerability and The Right to Delete”. Contrary to the current state of affairs (in which the users can ask for certain pieces of information to be removed from internet websites and search engines), data should only be kept online if there is a proper justification on behalf of the subject or part concerned. The solution, however, is not presented in a straight-forward way, as a debate on who owns the data can arise at any time – the author explains how, for every piece of digital information, there is a gatherer, a holder, and a subject. It is usually the one to whom the data relates to that makes demands to have data removed, yet in certain instances the rightful owner is not as easy to determine. Therefore, if one is to make a request to retain data in The Symbiotic Web, then all the three parts must reach a consensus. Mr. Bernal argues that the right to delete is not synonymous with censorship or the rewriting of history, and should be viewed as a mean of increased control on behalf of the users – and in the process businesses and governments become more efficient in storing data.

In a digital environment that perpetually tries to impose norms involving the provision of real names and personal data, Paul Bernal comes in with an audacious defense of the internet users through the proposed mode, the Symbiotic Web. In one of the most memorable statements from the book, it is stipulated that the users should be able to “create, assert, and protect” their online identity. Whilst the claims contained are neither utopian nor dystopian, and they can only be put into practice through increased demands of and lobbying by the users, the evolution of privacy and autonomy on the internet is a topic that is unpredictable due to the shifting dynamics of the internet. The three main stakeholders involved (users, businesses, and governments) can bring about major changes, and only time will tell whether the future version of the internet will resemble the Symbiotic Web.

“Internet Privacy Rights: Rights to Protect Autonomy” is a rather accessible book that requires little prior knowledge of the field. In many ways, between the explanations of the phenomena and technical provisions, it becomes a manifesto that draws teachings from the John Perry Barlow classic “A Declaration of the Independence of the Internet”[2], and adapts them to the status-quo with the purpose of making them more feasible. The content can be informative for any scholar or student who is interested in the bourgeoning field of internet law, but can also empower lobbyists for internet rights with new means and ideas to support their arguments.

A hard copy of the book can be ordered from Amazon for 75 British Pounds[3], but there is also a cheaper e-book version for those who prefer the digital format.



[1] William GIBSON, “Neuromancer”, Ace Books, New York, 1984, p.69

[2] John Perry Barlow, “A Declaration of The Independence of The Internet”, 1996, Available at:


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.