---
layout: post
date: 2026-06-26 15:00
type: blog
title: The Privacy Observation Window
syndicate: true
---

The Privacy Observation Window categorises the forms of observation, identification and attribution UK citizens have historically accepted from government and business, what capabilities are now becoming normalised, and what still sits outside today's social contract.

Unlike the Overton Window (acceptable opinion), the Privacy Observation Window measures acceptable observability. Where acceptable means the movement from novel to ubiquity.

Like the Overton Window, normalised does not mean universally welcomed. Many privacy advocates feel negatively about recent changes to enforce ID verification for certain websites and the children's ban on social media. The window measures what society has stopped resisting, not what it has chosen.

**_By the time society debates whether a capability should exist, it is often already debating how it should be regulated rather than whether it belongs in the window at all._**

## Positioning

Every society accepts some degree of observation as technology evolves, often in exchange for reducing a negative or improving outcomes such as protection and security.

- CCTV to reduce crime or to build evidence for prosecution. Introduced in the UK following IRA bombings in the 1990s, there are now an estimated 4-6 million cameras, the third-highest density globally behind the US and China.[^1] Unremarkable to most people.
- Banking records to reduce fraud. Money Laundering Regulations 2007 mandated Know Your Customer checks. Every UK adult has now been through this process.
- ANPR (automatic number plate recognition). Around 11,000 cameras submit approximately 60 million plate reads to national systems daily.[^2] There is no opt-out and no meaningful public opposition.
- Passport control to manage immigration and terrorism. eGates at UK airports now process over 60 million journeys annually with no significant opposition.
- Tax returns for fairness, reporting and collective benefit.
- Open Banking and credit scoring. Open Banking allows data to be shared and spending monitored and categorised in order to sell financial products or assess creditworthiness.

Observation exists and is expanding. The Privacy Observation Window defines where the current line is positioned, but it moves when new technologies, commercial incentives, and security concerns make previously exceptional capabilities feel routine.

![Privacy Observation Window](images/observation-window-2026.png)

## The Four Zones

Capabilities sit in one of four zones, moving left to right over time.

### Fiction

Not yet real at scale, or so far outside the social contract that deployment would face immediate legal or political challenge.

- Social credit style behavioural scoring (1)
- Government access to encrypted private messages -- Online Safety Act attempted this; WhatsApp and Signal threatened to leave the UK; the clause was dropped (2)
- Emotion and behaviour inference (3)
- Persistent location history shared across sectors (4)
- Mandatory digital ID for general internet use (5)

### Novel

Technically real, deployed in limited contexts, but contested. Sentiment has not yet followed capability.

- Continuous facial recognition in public -- Metropolitan Police trialled this; Liberty brought a legal challenge; not normalised (6)
- AI-generated dossiers on ordinary citizens -- technically trivial via data brokers; no legal framework (7)
- Real-time stranger identification via consumer glasses -- Harvard students AnhPhu Nguyen and Caine Ardayfio demonstrated this using Meta Ray-Bans, building a tool they called I-XRAY, September 2024[^3] (8)
- AI moderation of private communications -- enabled by Online Safety Act 2023; operationally contested (9)
- Default facial recognition in public spaces -- King's Cross deployment in 2019 caused public outcry (10)
- Age assurance for online services -- Online Safety Act 2023; Ofcom now implementing; public divided but policy settled (11)

### Commodity

Commercially deployed, institutionally expected, but not yet invisible. Most people are aware and broadly accepting.

- Cross-platform fraud detection -- banks sharing data under PSR and Fraud Act mandates (12)
- Liveness detection -- standard in banking apps, expanding to government services (13)
- Digital driving licences -- DVLA piloting; voluntary; limited opposition (14)
- Cloud identity verification -- Yoti, Onfido standard in financial services, expanding to rental and healthcare (15)
- Biometric login -- approximately 80% of UK smartphone users use Face ID or fingerprint unlock (16)
- Employment background checks -- DBS checks expected in most professional roles (17)
- Mobile phone metadata under lawful access -- Investigatory Powers Act 2016; specialist media awareness; public largely indifferent (18)

### Ubiquity

Expected, unremarkable, effectively invisible as a point of contest.

- Airport biometrics -- eGates, 60m+ journeys annually (19)
- Bank AML / KYC checks -- mandated since 2007; every UK adult has been through this (20)
- HMRC records -- self-assessment, PAYE, NI; universal (21)
- Electoral register -- public record; used for credit checks (22)
- Fraud monitoring on bank transactions -- real-time; universal; customers now expect it (23)
- Passport checks (24)
- CCTV -- an estimated 4-6 million cameras; third-highest density globally[^1] (25)
- ANPR -- ~11,000 cameras; ~60 million plate reads daily[^2] (26)

## What Drives Movement

Three forces drive movement into the window. Nothing reliably moves capabilities back out.

### Government

National security, serious organised crime, fraud, illegal migration, child protection, adversarial state actions, cyber warfare.
The modern security landscape has expanded well beyond military defence. Digital spaces are now active front lines, and the mandate to protect children and communities from organised crime provides powerful justification for extending state powers. The challenge for any democratic society is ensuring the tools used to keep us safe do not erode the freedoms they are meant to protect.

### Business

Data as a currency, shareholder pressure, fraud reduction, personalisation, technological advances, targeted advertising.
Identity has become commercially valuable. A bank verifies identity to reduce fraud; a platform uses the same data to refine its advertising. These motives often coexist within the same company. The rapid pace of technological change has outstripped traditional privacy boundaries, and the challenge for consumers and regulators is to ensure commercial innovation does not come at the expense of fundamental privacy rights.

### Citizens

Convenience and speed, security and protection, less to carry and manage, technology-savvy generations replacing more cautious ones.
Privacy is rarely lost in a single dramatic moment. It is traded away in increments measured by seconds saved or minor daily conveniences. Younger generations, for whom data sharing is a natural part of connected life, are increasingly replacing demographics that approached it with more caution. The challenge lies in recognising the cumulative effect of these small trades, and understanding what is genuinely being given up.

## Conclusion

### The Test

Every proposal can be assessed with one question: does this increase someone's ability to identify, authenticate or observe me?

Whether a proposal is well-intentioned or surveillance overreach is debatable. But the framing is capability not the motive. A capability that enables identification is the same capability regardless of who deploys it or why.

The Privacy Observation Window is not a measure of surveillance. It is a measure of normalisation.

Every capability enters the window the same way:

1. Solves a real problem.
1. Becomes commercially useful.
1. Becomes operationally valuable to the government.
1. Becomes expected.
1. Becomes invisible.

CCTV followed this path in full. It entered as an anti-terrorism measure, was adopted by retailers, became mandatory in licensed premises, spread to transport networks, and is now simply part of the landscape. No one debates whether it should exist. They debate how footage should be retained.

Age assurance is on that path now. Facial recognition in public spaces is two steps behind it.

#### Footnotes

[^1]: British Security Industry Association estimate, via [CCTV.co.uk](https://cctv.co.uk/how-many-cctv-cameras-are-there-in-the-united-kingdom/)

[^2]: National ANPR Service figures, via [Metropolitan Police](https://www.met.police.uk/advice/advice-and-information/rs/road-safety/automatic-number-plate-recognition-anpr/) and [GOV.UK DPIA](https://www.gov.uk/government/publications/national-anpr-service-data-protection-impact-assessment/national-anpr-service-data-protection-impact-assessment-accessible)

[^3]: AnhPhu Nguyen and Caine Ardayfio, [I-XRAY project](https://www.theregister.com/2024/10/04/harvard_engineer_meta_smart_glasses/), The Register, October 2024