During the last decade in particular, the levels of critical engagement with the challenges new technologies pose for privacy have been on the rise. Many have continued to explore the big themes in a manner that typifies the complex interplay between privacy, identity, security and surveillance. This level of engagement is both welcome and timely particularly in a climate of growing public mistrust of state surveillance activities and business predisposition to monetize information relating to the on-line activities of users. This volume is very much informed by the range of discussions being conducted at scholarly and policy levels. The essays illustrate the value of viewing privacy concerns not only in terms of the means by which information is communicated but the political processes that are inevitably engaged and the institutional, regulatory and cultural contexts within which meanings regarding identity and security are constituted. Privacy scholarship has dealt with topics posed by emerging technologies and addressed a number of questions and issues raised as a consequence.

In the next four parts a snapshot will be provided of topics and issues that can provide a springboard for further research and studies. A caution should be noted at the outset – privacy, identity and security are multidimensional. The categories chosen are not exhaustive or determinative since privacy concerns often overlap and multiple perspectives can be presented to offer different insights. The diversity in the narratives chosen for this volume serves as a reminder that various policy frames could be used to address core privacy concerns such as identity and security.

The dilemma for L. Jean Camp in 'Designing for Trust' (Chapter 1) is not so much to do with ascertaining the nature of privacy but the steps that must be taken to bridge the trust deficit. Camp draws on her considerable experience in computer science and social sciences to set the context for the way we ought to think about concepts such as identity and security. She moves away from orthodox treatments of the privacy dilemma and directs attention towards addressing the trust deficit that undermines users' confidence in networks and information systems. What does trust have to do with the way individuals manage the security and integrity of personal information and on-line activities? Camp adopts a techno-anthropology approach and shows that trust norms lie at the intersection of privacy, security and reliability. In the context of the privacy debate, Camp urges policy-makers and designers to operationalize trust by taking account of user perceptions of privacy and opportunities for designing confidence enhancing tools at user and network level. There are two policy implications to be noted. First, the governance strategy in formulating, implementing and embedding trust enhancing designs in networks and communication platforms. Second, the emphasis placed on the value of design solutions that accommodate human-centric needs, values and perceptions. Both raise valid governance challenges given consumers' concerns about identity theft and security lapses regarding the storage of personal data by data controllers. Let us pull back briefly. It is useful to recall some of the ways digital technologies enable information about individuals to be collected, processed and analysed. Designing for trust also ensures, among other things, that individuals can continue to define their identities and values. Privacy enables individuals to exhibit their freedoms and develop the 'self'. This should, rightly, extend to the right to create our digital identities. IT disrupts this norm.

Roger Clarke, a renowned specialist in the strategic and policy aspects of IT, surveillance and privacy introduces the concept of a digital persona in 'The Digital Persona and Its Application to Data Surveillance' (Chapter 2). This foreshadows the European Commission's proposal for a right to forget. The digital persona concept helps us frame the concerns and issues posed by the dynamics of the networked environment, particularly in acting as a catalyst for the formation of personas. Clarke stresses the need for policy-makers to undertake a critical assessment of the way IT processes can make inroads into fundamental freedoms often without transparency or accountability. It is this lack of democratic oversight that concerns Clarke, which he describes as capable of undermining the essence of human flourishing. The surveillance of individuals through their digital footprints is one manifestation of the normalization of surveillance – a common feature perhaps, of the concerns surrounding the pervasive nature of data surveillance via on-line profiling, behavioural targeting and information sharing.

The next three essays pick up the recurring themes of transparency, visibility and accountability. Privacy lawyers have long explored these themes in privacy debates; scholars increasingly turn to other disciplines to generate critical policy perspectives. In 'Privacy, Visibility, Transparency, and Exposure' (Chapter 3) Julie E. Cohen draws inspiration from philosophers such as Langdon Winner, and urges us not to overlook the political character of networked technologies and the values and interests these perpetuate. In real space, privacy norms aim to create a space, which enables individuals to control who, what and how information about them is accessed or made visible. According to Cohen, we need to reconceptualize risks and harms to privacy since erosions can be incremental, passive and often go unnoticed. Furthermore, calling for privacy policies that promote informational transparency, she concludes, does not bring to an end the risks to an individual's 'right to be left alone'. Cohen argues any move towards framing privacy rules and governance mechanisms must bring into the equation both spatial and informational dimensions. Cohen is right to point to the spatial dimension in privacy since convergence and mobile technologies now blur contexts. We can infer here that the experienced space is an integral aspect of privacy and may not necessarily fit into ordinary conceptions of 'public' and 'private' spaces. What Cohen, carefully brings to the foreground, is the possibility that in the experienced space, individuals should continue to determine the circumstances when their identities become visible to others. Data mining is not simply about the collection of personal data with the aim of formalizing consumers' identities and refining their choices, preferences and values. A different set of questions are generated if we consider the significance of the exponential growth in the data mining industry for the junctures between the social dynamics of power and the new wealth of the digital economy – personal data.

Oscar Gandy, 'Exploring Identity and Identification in Cyberspace' (Chapter 4), views the emergence of new technologies as normalizing discrimination, and designed to avoid regulatory scrutiny and accountability. This essay is a careful study of the ethics of surveillance and highlights approaches that enable privacy harms to be anticipated. Gandy suggests that we scrutinize the values and preferences hidden in data aggregation and profiling practices. He urges regulators to problematize data mining and surveillance activities so that a proper privacy impact assessment can be made between the risks and the benefits of surveillance and monitoring. Gandy's essay also reignites ongoing concerns that policy-makers often fall short of grappling with the central problem resulting from the use of panoptic surveillance tools by industry, namely, the creation of a hierarchical structure of relations, and automating and normalizing surveillance. His reference to the ethics of surveillance is apt – given the scale of data mining activity now taking place, it is imperative that policy-makers and industry take the lead in contending with the privacy concerns associated with digital curation (Marx, 1998, p. 174). One suggestion Gandy offers, and which is now emerging as a legitimate policy response is that data controllers be required to make clear how they balance their legitimate economic and security interests with the expectation of individuals that their civil liberties are not compromised.

The final essay in this part serves to remind us that privacy is about managing trust and expectations in social relations. Helen Nissenbaum, 'A Contextual Approach to Privacy Online' (Chapter 5), brings her philosophical and computer science expertise to illustrate the benefits of focusing on the context in which privacy concerns emerge. Do we need specific privacy rules for the on-line environment? One shortcoming in drafting a set of privacy rules particularly for the on-line environment is that we may end up losing sight of the raison d'être of privacy principles and norms – which is to provide individuals with adequate safeguards to their personal information and privacy. Nissenbaum stresses that emphasizing the distinctiveness of on-line and off-line privacy is the wrong way of addressing the privacy challenges in contemporary society. She suggests that we should concentrate on the subjects of privacy protections – individuals. She has a point. New communication tools and social media disrupt the way we have traditionally managed our identities and security. Nissenbaum envisages that all stakeholders have an important role in brokering spaces for meaningful social and economic activity while being alert to the value and significance of informed consent. Since many individuals have social media accounts, we could, l...