Where It Began: A Medical Student's Discomfort
My interest in patient privacy did not begin in a philosophy seminar. It began in the clinic, with a feeling of unease I could not yet name.
As a medical student, I was struck by how casually private information circulated—between students, between floors, between departments. I began researching the dilemmas that medical students face: when do you speak, when do you stay silent, and who does the information belong to in the first place? That research became my first formal presentation on patient privacy, and it planted a seed that took years to fully grow.
Shortly after, I had the opportunity to co-edit what became the first Turkish-language book dedicated to patient privacy. It was a formative experience, and not only because of the subject matter. As we worked through the chapters, I noticed something troubling: the authors—clinicians, lawyers, ethicists—were struggling to frame privacy consistently. They had no shared vocabulary for classifying breaches. They could not easily distinguish between what happened when a patient's record was left on a screen versus when their data was silently transferred to a third-party analytics platform. The categories available to them—public versus private, disclosed versus undisclosed—were simply too blunt. Digital care had already moved faster than the conceptual tools used to think about it.
A Problem Left to Brew
During my doctoral years, I wrote an essay exploring this gap more systematically. I had become fascinated by Edward T. Hall's proxemics—his theory of how human beings organize space and proximity in social interaction—and I began to wonder whether its logic could be extended into digital environments. The intimate zone, the personal zone, the social, the public: these were not just spatial categories but normative ones, encoding what we expect others to see, hear, and know about us. Could cyberspace be mapped onto such a gradient?
The essay was promising but preliminary. My doctorate was focused on AI and clinical decision-making, and privacy was a companion concern rather than the central one. So I did something that I think is underappreciated in academic life: I left the idea to mature. I defended my thesis, caught my breath, and returned to the problem when I could give it the attention it deserved.
Finding a Collaborator, Building a Framework
The return was not solitary. My friend and colleague Ebubekir M. Deniz joined me, and together we moved from intuition to argument. What had been a preliminary sketch became a structured theoretical framework. The key move was introducing what we call cyberspatial privacy not as a separate category to be added onto existing models, but as a transversal dimension—a layer that permeates and reshapes all four of Hall's spatial zones simultaneously.
This distinction matters. Existing privacy literature tends to treat digital privacy as something that happens in a distinct domain, governed by separate rules. But that is not how patients actually experience it. When a woman undergoes a gynecological examination and leaves wearing a biometric monitoring device, she does not step out of intimate privacy into some other kind. The intimate zone follows her—but it is now also a cyberspatial zone, with entirely different vulnerabilities. Her heart rhythm data, encrypted or not, sits on a server. Her genetic results, consented to under vague research clauses, may quietly inform insurance risk models she will never see. The spatial logic of the clinic and the algorithmic logic of digital infrastructure are not separate; they are entangled.
To make this concrete, we developed the case of Patient X: a 35-year-old woman receiving hybrid gynecological care. Her journey through the framework traces how privacy risks accumulate and differ across zones—from the bodily intimacy of the examination room to the distributed exposure of cloud-stored wearable data, from a telemedicine consultation in the relative privacy of her home to the institutional data breach that may eventually expose her records without her knowledge or consent. Patient X is hypothetical, but her situation is not. Everything in her story has happened, is happening, to real patients in real healthcare systems.
Why Classical Theories Fall Short
One of the harder intellectual tasks in writing this paper was being fair to the frameworks we were critiquing. Westin, Altman, Petronio, Nissenbaum—these are foundational thinkers, and their contributions remain indispensable. But they were built for a world of bounded contexts, identifiable agents, and deliberate disclosure. In digital health environments, none of those conditions reliably hold. Data collection is continuous and automated. Consent is often captured in broad, ambiguous forms. Context collapses: information shared within a clinical relationship migrates, without the patient's awareness, into commercial and institutional domains that carry none of the relational norms of medicine.
What these theories lack is not empirical detail but spatial and relational granularity—a way of thinking about how exposure differs in kind and ethical weight depending on where in the spectrum of proximity it occurs. A breach of intimate biometric data is not the same, morally or practically, as the incidental visibility of a public-facing appointment list. Current frameworks give us few tools to articulate that difference rigorously.
What the Framework Offers
The proxemics-based model we propose is not a replacement for prior theory but a corrective lens. It allows clinicians to think about privacy not only as a legal compliance question but as a relational and spatial one. It gives system designers a structured basis for layered security protocols—stricter and more persistent protections for intimate-zone data, greater transparency mechanisms at the social and public levels. It gives policymakers a normative infrastructure for zone-sensitive regulation that moves beyond the abstraction of principles like "data minimization" toward something more operationally specific.
Perhaps most importantly, the framework reframes what privacy actually is. Not a right to secrecy. Not a transactional commodity managed through one-time consent. But a spatio-ethical relation—something that must be maintained, dynamically, across shifting proximities and digital mediations. In a healthcare system that increasingly collects, processes, and shares patient data at scales and speeds no patient can meaningfully oversee, that reframing is not only conceptually useful. It is morally necessary.
Looking Ahead
This paper is a beginning, not an endpoint. The framework needs empirical testing across different clinical contexts and healthcare systems. It needs to be stress-tested against edge cases—non-Western notions of privacy, collective rather than individual data subjects, the specific vulnerabilities of pediatric or geriatric patients in digital care. And it needs to be translated into practical tools: privacy dashboards, design guidelines, training curricula for clinicians who must navigate these questions daily.
The question I first encountered as a medical student—whose information is this, and what do we owe the person it belongs to?—has only become more urgent. The digital clinic has not made privacy simpler. It has made it more complex, more consequential, and more in need of careful thought. This paper was out contribution to that thinking. I hope it is useful to others doing the same work.