Increasingly powerful technologies of data mining and analysis are being used to learn information and make decisions about people across all areas of life—ranging from employment and policing, to housing and health insurance—and it is widely thought that the key problems with this are privacy-related. There is also an emerging consensus in the literature that privacy rights lack a unified core. This Article demonstrates that these are both mistaken conclusions that derive from the conflation of privacy losses and violations, and it develops a theory of privacy that untangles these misunderstood concepts at the heart of privacy law. In clarifying the outcome-based criteria for privacy losses and their relationship with the path-based criteria for privacy violations, this theory provides value across two domains. First, regarding the coherence of the law, it demonstrates that a unified theory of privacy rights is possible despite significant disagreement about their content. Second, regarding the law’s content, it challenges the orthodox views about how privacy rights are violated by the aggregation, use, and inference of personal information.