Habit and Performative Privacy, Ari Ezra Waldman

Garfield Benjamin’s provocative paper, “From Protecting to Performing Privacy” (2020), challenges us to think differently. Where many scholars seeking to reinvigorate privacy do so through new definitions and conceptualizations (Solove 2008; Strahilevitz 2005; Richards and Hartzog 2016; Nissenbaum 2009; Waldman 2018), Benjamin pushes us to think about privacy not as something we protect, but as something we do. To do so, he bridges privacy and performance theory to take the first steps toward a robust conception of privacy in a world that seems downright hostile to it … [please read below the rest of the article].

Image credit: Mike Lawrence via Flickr / Creative Commons

Article Citation:

Waldman, Ari Ezra. 2021. “Habit and Performative Privacy.” Social Epistemology Review and Reply Collective 10 (10): 43-50. https://wp.me/p1Bfg0-6el.

🔹 The PDF of the article gives specific page numbers.

This article replies to:

❧ Benjamin, Garfield. 2020. “From Protecting to Performing Privacy.” Journal of Sociotechnical Critique 1 (1): 1–30. https://doi.org/10.25779/erx9-hf24.

Performing Privacy

For Benjamin, performing privacy offers new opportunities for social justice. Informed by queer theory, Benjamin notes that “[p]erforming privacy in action is to critique existing structures of data collection and exploitation with new utterances of identity and consent in socio-relational networks built on choice, agency, and respect” (21). He envisions specific privacy performances that tear down traditional hierarchies of power that lead to discrimination and precarity of identity for marginalized populations and create “a space in which information norms can be questioned” (22). The point is to create new contexts that “expect and respect privacy” (23).

Specifically, performing privacy is “overcoming menu-driven collection and quantified identities in favour of more narrative, relational, and culturally embedded forms of collecting, storing, and using data. It is a matter of social justice, therefore, to, for example, replace limited dropdown menus of characteristics with qualitative and narrative options. This is particularly the case for gender, which if necessary should be an open text box rather than any given set of prescribed options” (22). Even more emancipatory would be questioning whether a given piece of data should be collected in the first place. Therefore, performing privacy is resisting today’s sociolegal norms—defined by the liberal, choosing self and manifesting in illusory “notice and consent”—that create environments where choices about data disclosure are essentially meaningless.

It is worth exploring how we can actually do that—namely, what is the process through which we resist the status quo and change things. Benjamin’s essay dives deep into theory, but floats on the surface of practicalities. It also focuses on the actions and utterances of individuals ostensibly seeking privacy in informational capitalism, but elides the practices and behaviors of individuals working inside for-profit organizations responsible for eroding our privacy in the first place. Both sets of individuals do privacy, but their contexts are different. It’s one thing to adapt the periperformative for users; scholars have considered the role of design, law, and culture to do just that (Hartzog 2018; Citron 2009). I want to push Benjamin to dig deeper, to fully explore the multifaceted connections and implications of performing privacy as he continues this important research agenda.

Specifically, I ask: What if performing privacy can be both emancipatory and subordinating? Once we start doing privacy, how can we ensure we’re doing it in a way that builds meaningful privacy rather than undermines it? As Garfield notes, the contexts in which privacy performances occur matter; but the periperformative is far more diverse and problematic than we might think. To answer these questions and to enhance Benjamin’s work, we need to develop a more nuanced understanding of performativity, identify the mechanism of performance and change, and consider different contexts in which some version of privacy is performed.

Performance and Performativity

It is axiomatic that identity is dependent on performance, on what we say and do (Austin 1962; Goffman 1959; Butler 1990). For Judith Butler, gender is not fixed or defined. Rather, we “perform” gender, sometimes in accordance with prevailing social norms and sometimes in ways that subvert society’s dominant frameworks (Butler 1988). In both cases, identity is constructed over time. In Bodies That Matter, Butler (1993) clarifies that gender is something that “materializes” gradually through small acts and utterances (1-2). In our society’s “heterosexual matrix”, norms associated with the gender binary “materialize” into our bodies, that is, we come to identify as either “man” or “woman” (19). Individuals who defy those norms are subversive because their mere existence and their nonnormative gender performances can disrupt the governing discourses, expectations, and systems based on the gender binary.

Butler’s theory of performativity is relevant to our discussion of Benjamin’s essay not simply because he relies on to suggest that privacy is something that we can perform rather than merely protect. Two related assumptions underlying performativity theory also help us challenge and engage Benjamin in an ongoing conversation about how performativity actually works.

The first assumption is about agency. The process of identity construction is not entirely passive. Indeed, in her Notes Toward a Performative Theory of Assembly, Butler suggests that there are two phases of performativity. A passive phase involves social norms acting upon us, where society’s strictures try to “normalize” us in line with its sociocultural histories. The more “voluntarist” phase involves the capacity to react to those norms. Performativity, then, is both the “process of being acted upon” and “the conditions and possibilities for acting.”

In both cases, though, performances must be iterated and repeated. The performative nature of identity—in Butler’s case, gender—implies that identity is unstable. It isn’t automatic or inborn; it isn’t set. It emerges from speech and behavioral acts that, cumulatively and over time, construct the identity of the individual. Identity, therefore, has to be performed repeatedly. This is the second assumption of the performativity thesis. Traditional norms and power structures impose themselves repeatedly, aiming to “materialize” in the body and construct to conform (Butler 1993, 1). At the same time, that this “forcible reiteration” is necessary at all demonstrates the precarities and “instabilities” of the entire process (Butler 1993, 2). Performances have to be repeated over and over in order to create the identities associated with those performances.

Benjamin uses the performativity thesis to suggest that privacy can escape its negativity problem by seeing it as a series of iterated, repeated speech acts and practices that ultimately challenge the power asymmetries of the status quo. But it is worth asking how this process happens. What is the mechanism through which we are “acted upon” and “act” to construct privacy? I argue that it is through the phenomenological account of habit.

Performativity and Habit

Theories of habit date back to at least Aristotle who saw habit as essential for promoting virtue. Habitually acting morally, that is, repeating over and over again the moral act, constructs a character that has internalized the norms embodied by those moral acts (Aristotle 2000; 1103b1-1103b5, 1094a20, 1094b6, 1098a15). His account was a positive one, where repetitive actions create something essential to the good life. A more negative understanding of habit as automatic, unthinking repetition arguably is indebted to Kant, who saw the ability to move beyond mechanized, instinctual actions as one of the dividing lines between man and beast (Bennett et al. 2013, 7; Dewsbury 2015, 31; Kant 2006, 229-300).

Sociological approaches to habit are somewhere in between. For Deleuze (2004), habits allow our past lived experiences to be “accumulated and stabilized” (Bennett et al. 2013, 8). For Elizabeth Grosz, those repeated actions over our lived experiences are “anchor[s]” for present action, allowing us to anticipate others’ actions and engage in a world that can be unpredictable, unruly, and unsafe (Grosz 2013). Bourdieu distinguished between “habit” and “habitus”, understanding the latter as a “generative dynamic structure” that helps us move and act within a sociohistorical context (Croce 2015, 327; Bourdieu 1990, 53). Habitus was the ongoing negotiation of the past relative to the present contexts that shape our current actions, but habits were the stuff of individual conduct, the things we do over again within those contexts (Crossley 2013). Dewey (2002) rejected this dichotomy, arguing that habits cooperate “with external materials and energies” (26). Our actions, Dewey wrote, are “means only when they enter into organizations with things which independently accomplish definite results. Those organizations are habits” (26).

Therefore, many sociological conceptions of habit follow similar patterns. They recognize that habits are repeated actions. They also presuppose the existence of social contexts that influence and can be changed by our actions. Habits, then, may offer what Maren Wehrle (2021) called a “bottom-up account” of bodily performativity (376). Butler’s first, more passive, “normalizing” stage of performativity, describes a top-down phenomenon whereby society imprints its norms on us. As a practical matter, that imprinting happens through repetitive acts that comply with social norms.

Butler’s second, “voluntarist” stage of performativity involves the capacity to resist dominant rules. Wehrle argues that his too happens through habit. We “reproduce … norms in ways we might choose” from the ground up, sometimes in accordance with dominant paradigms and sometimes subverting them directly. We develop new ways of walking, dressing, thinking, speaking, behaving. They become typical for us, becoming part of who we are and how we define ourselves to others. Either way, whether we are affirming or disrupting social norms, our performances must be repeated, iterated, and habituated in order to situate ourselves and our actions within society. This is, for Wehrle, our “habitual identity” (367, 376).

Butler’s “materialization” happens precisely because we generate habits (380). We generate habits within existing power structures. When a future Olympian learns to swim, they have to practice, drill, and repeat. Eventually, their body becomes habituated to the movements of their arms and legs and holding their breath and turning their head at specific times during those motions. But they accumulate these habits within certain rules and limits, whether imposed endogenously (they can only hold their breath for so long) or exogenously (they have to stay in their lane in the pool). We can also acquire new habits that make us excel. In grade school, we learn to write under strict rules: Never end a sentence with a preposition; always have a thesis, body, and conclusion; never start a sentence with “and”. And yet, as we read more, write more, and learn more, we develop new “ways of being” that may challenge the rules in which we learned to write in the first place. Those new ways of writing become part of who we are as writers, generating our habitual identities from the ground up.

Performance, Habit, and Privacy

The takeaways from this literature are particularly important for privacy. First, performances are everywhere. As Butler (1990) noted, “to understand identity as a practice … is to understand culturally intelligible subjects as the resulting effects of a rule-bound discourse that inserts itself in the pervasive and mundane signifying acts of . . . life” (143). It makes sense then to consider privacy’s practices as performances.

Second, performances are expressive. Performances “signify[]” identities by demonstrating to the self and to others how performers understand and occupy their roles (143-44). This suggests that to see we need to look at actual practices to understand the meaning of privacy.

Third, performances must be widespread, repeated, and pervasive. Butler noted that we are so compelled to engage in and repeat performative acts because that is how we communicate—both to ourselves and to others—that this is who we are (Butler 1993, 15).

Finally, performativity offers opportunities for both the maintenance and subversion of dominant paradigms through the phenomenological process of habituation. Repeated performances imposed on us can induce a process of normalization whereby whatever practices we repeat or are repeated come to be seen as ordinary, common sense, obvious, and objectively good (Foucault 1995). Political scandals are good examples. As psychologists Adam Bear and Joshua Knobe (2017a) have written, when a politician “continues to do things that once would have been regarded as outlandish, [his] actions are not simply coming to be regarded as more typical; they are coming to be seen as more normal. As a result, they will come to be seen as less bad and hence less worthy of outrage.”

Similarly, when workers and those around them repeatedly cut corners, break rules, and ignore risks, workers stop seeing those behaviors as deviant and come to see them as normal (Vaughan 1997). This happens in our daily lives, too: studies show that the more television we watch, the more likely we are to think that watching a lot of television is normal (Bear and Knobe 2017b, 29). In other words, normalization is the confusion of frequency with propriety, nudging us to think that the things we do or see happen often are the normal, ordinary, and normatively good things people do. It is true that we can develop new practices and, over time, new habits that challenge traditional norms. But, at a minimum, any account of performativity must also take into account the normalizing capacities of performances within subordinating periperformative contexts.

Consider, for example, the way we do privacy law. From our (the users’) perspective, privacy is a series of iterated, repeated performances of clicking “I Agree” buttons, toggling back and forth, and (not) reading privacy policies. Websites and apps deploying notice-and-consent designs “present[] an information environment in which individuals see themselves as functioning autonomously, treating personal information as a low-value, purely personal good they can easily trade for other desired goods and services” (Hull 2015, 96). But we don’t actually control anything; indeed, as Facebook has proven time and time again, clicking buttons and changing privacy preferences sometimes doesn’t do anything at all.

We take actions like we’re in control by clicking “accept” or clicking “agree” or changing certain default sharing functions. And every time we do, we are inculcated with the belief that this is how privacy works. “Characterizing privacy as a question of formal autonomy,” Hull continues, “and then offering an endless number of opportunities to enact that characterization,” which precisely describes the scaled detritus of privacy-as-control, “is … the process of subjectification” (97). For Foucault (1985), our actions do not just achieve their immediate effects, as in clicking “Agree” does more than just grant access to a platform. It normalizes it, makes it seem like common sense and ordinary. Our actions “establish[] … a moral conduct that commits an individual, not only to other activities always in conformity with values and rules” associated with those actions, “but to a certain mode of being, a mode of being characteristic of the ethical subject” (28). That is, clicking agree, closing a cookie pop up, accepting terms, and leaving defaults in place are repeated actions (performances) that habituate us into thinking that we are autonomously choosing the normal, common-sense thing to do.

Each repetition of the performance of privacy further entrenches the performance and its lack of privacy protection as the norm. And by keeping the performance of privacy at a surface level, these seemingly autonomous acts keep hidden what’s going on behind the scenes—namely, the asymmetry of the market for data, the vast wealth companies generate, and the risks data processing and transfer pose to our future. This, Hull (2015, 97) notes, “is a paradigmatic instance of the operation of power” in the Foucauldian sense: “it is a total structure of actions brought to bear upon possible actions; it incites, it induces, it seduces” (Foucault 1982, 220).

Benjamin knows this. The periperformative practices of website design provide a context for the privacy performances of notice-and-consent. His theory of privacy performance would see the status quo for exactly what it is: something to be resisted with new, emancipatory performances. He calls for questioning whether companies should collect certain data in the first place. He suggests narratives instead of constraining drop-down menus. He wants society to consider privacy as a proactive force rather than something that need protecting.

If those suggestions are to become realities, the contexts for user performances of privacy are not the only things that need to change. The habituated norms of those designing digital spaces must also change. In today’s privacy legal regime, privacy professionals working inside technology companies are supposed to do that. Ostensibly, they are the bulwarks against corporate data-extractive practices that would violate privacy law. But they too are habituated. They work inside organizations that are designed, manipulated, and leveraged by informational capitalists to be extractive.

I argue that privacy professionals are habituated into performing privacy in accordance with the interests of their data extractive employers (Waldman 2021). Privacy offices focus their privacy work on the trappings of “notice-and-consent”, giving their workers tasks within a narrow privacy agenda. As workers perform those tasks, they become accustomed to the idea that privacy is about control, transparency, and choice. Put another way, repeating corporate-friendly privacy work normalizes the idea that privacy work is notice work. Similarly, by tasking their software engineers with making security and encryption fixes after privacy scandals, technology company executives inculcate the idea that privacy is security, when the latter is only a small subset of the former.

Outsourcing privacy compliance to artificial intelligence and engaging in ongoing vendor management achieve both specific goals—enhancing efficiency, automating compliance, and reducing compliance costs—and “commits” privacy professionals to “a certain mode of being”—namely, the idea that privacy should be outsourced to technology vendors. And talking about privacy in terms of risks to the company as opposed to privacy risks to users normalizes the idea that privacy law is about helping companies avoid responsibility rather than protecting individuals from data-extractive excess. And when tech companies focus solely on engagement and maximizing clicks and then assign teams of software engineers to build interfaces that achieve those goals, dark patterns and manipulation become the norm.

The more a company says it cares about privacy and reminds its employees to tell each other and the public that they care about privacy, the more tech company workers are likely to believe it and likely to commit themselves to believing their work serves the goal of caring about privacy. Every additional motion and brief in which a privacy lawyer argues that users have no privacy rights because they agreed to terms of service or used a platform having clicked “Agree” inculcates the corporate-friendly idea that privacy doesn’t exist online. Lawyers then become committed to this idea, justified as zealous advocacy or channeled into a dogmatic belief in the power of consent. And the more a company misdirects the public with performances of accountability, like Facebook’s Oversight Board or papers trails and check-box impact statements, the more the company’s employees will perceive that this is what companies are and should be doing. With every additional hour spent on notice enhancements and with every additional assignment on better encryption, the rank-and-file perform management’s vision of privacy, normalizing it in their everyday practice. Corporate surveillance becomes the norm. Privacy is erased.

When offered alternative ways of doing privacy, many privacy professionals balk: “But that’s just not how it’s done”. In other words, “that’s just how it’s done” becomes not only a mantra, but a dogma, and one that excludes privacy performances that could emancipate both users and industry workers from hegemonic data-extractive capitalism. Anti-privacy work is ordinary and banal throughout the rank-and-file of the information industry, even as many workers do not realize the full consequences of their actions and views. They become acculturated to serving corporate interests by performing tasks given to them within a constraining organization (Waldman 2021).


How does the arguable relationship between habit and performativity and the subordinating privacy performativity inside data-extractive corporations impact Benjamin’s theory of performative privacy? I am eager for him to fill this space with his voice. My challenge to Benjamin is to investigate performative privacy and the periperformative from perspectives beyond the user, to consider (and, if necessary, push back) on my account of the link between performativity and habit, to develop specific recommendations for how together we can create a more emancipatory privacy law.

Author Information:

Ari E. Waldman, a.waldman@northeastern.edu, Northeastern University.


Aristotle. 2000. The Nicomachean Ethics. Cambridge: Cambridge University Press.

Bear, Adam and Joshua Knobe. 2017a. “The Normalization Trap.” New York Times, https://www.nytimes.com/2017/01/28/opinion/sunday/the-normalization-trap.html.

Bear, Adam and Joshua Knobe. 2017b. “Normality: Part Descriptive, Part Prescriptive.” Cognition 167: 25-37.

Benjamin, Garfield. 2020. “From Protecting to Performing Privacy.” Journal of Sociotechnical Critique 1 (1): 1–30. https://doi.org/10.25779/erx9-hf24.

Bennett, Tony et al. 2013. “Habit and Habituation: Governance and the Social.” Body & Society 19: 3-29.

Butler, Judith. 1993. Bodies That Matter: On the Discursive Limits of Sex. New York: Routledge.

Butler, Judith. 1990. Gender Trouble: Feminism and the Subversion of Identity. New York: Routledge.

Citron, Danielle K. 2009. “Cyber Civil Rights.” Boston University Law Review 89 (2): 61-125.

Crossley, Nick. 2013. “Habit and Habitus.” Body & Society 19: 131-161.

Deleuze, Gilles. 2004. Difference and Repetition. London: Continuum.

Dewey, John. 2002. Human Nature and Conduct: An Introduction to Social Psychology. New York: Prometheus Books.

Dewsbury, J.D. 2015. “Non-Representational Landscapes and the Performative Affective Forces of Habit: From ‘Live’ to ‘Blank’.” Cultural Geographies 22 (1) 29-47.

Foucault, Michel. 1985. The Use of Pleasure. Translated by Robert Hurley. New York: Vintage Books.

Foucault, Michel. 1982. “The Subject and Power.” In Michel Foucault: Beyond Structuralism and Hermeneutics Edited by Hubert L. Dreyfus and Paul Rabinow, 108-226. Chicago, IL: University of Chicago Press.

Goffman, Erving. 1959. Presentation of Self in Everyday Life. New York: Anchor Publishing.

Grosz, Elizabeth. 2013. “Habit Today: Ravaisson, Bergson, Deleuze and Us.” Body & Society 19: 217-239.

Hartzog, Woodrow. 2018. Privacy’s Blueprint: The Battle to Control the Design of New Technologies. Cambridge, MA: Harvard University Press

Hull, Gordon. 2015. “Successful Failure: What Foucault Can Teach Us About Privacy Self-Management in A World of Facebook And Big Data.” Ethics and Information Technology. 17 (2): 89–101.

Kant, Immanuel. 2006. Anthropology from a Pragmatic Point of View. Translated by Robert B. Louden. Cambridge: Cambridge University Press.

Nissenbaum, Helen. 2009. Privacy in Context: Technology, Privacy, and the Integrity of Social Life. Redwood City: Stanford University Press

Richards, Neil M. and Woodrow Hartzog. 2016. “Taking Trust Seriously in Privacy Law.” Stanford Technology Law Review 19 (3): 431-72

Solove, Daniel. 2008. Understanding Privacy. Cambridge, MA: Harvard University Press.

Strahilevitz, Lior. 2005. “A Social Networks Theory of Privacy.” University of Chicago Law Review 72: 919-988.

Vaughan, Diane. 1997. The Challenger Launch Decision. Chicago, IL: University of Chicago Press.

Waldman, Ari Ezra. 2021. Industry Unbound: The Inside Story of Privacy, Data, and Corporate Power. New York: Cambridge University Press.

Waldman, Ari Ezra. 2018. Privacy as Trust: Information Privacy for an Information Age. New York: Cambridge University Press.

Wehrle, Maren. 2020. “‘Bodies (That) Matter’: The Role of Habit Formation for Identity.” Phenomenology and Cognitive Science 20: 365-386.

Categories: Critical Replies

Tags: , , , , , , , , , , , ,

Leave a Reply