The complexity of privacy decisions

As we reach half way through the class this semester, I noticed that I was increasingly questioning why achieving privacy was so hard and if we will ever achieve reasonable expectations of privacy for end users. Motivation, knowledge and awareness are at the heart of privacy related issues but I wanted to dig deeper to find the cause of the frustration and helplessness I started feeling. Coincidentally, I read a recent ACM blogpost on this very topic, and Contextual Integrity by Helen Nissenbaum [1] has been an on and off reading through this class that helped develop some of these thoughts.

Alongside the issue that privacy is a broad fuzzy term, I believe there are a wide variety of stakeholders in each individuals’ privacy decisions which is ironic considering how privacy is a single person’s right. For example, when I think about data holders the list ranges from online companies that provide services, offline brick-and-mortar services, companies that build products that I use, my employer, the state and the country. Each of these data holders has a stake in my privacy decisions and choices. Their motivations are largely monitory but can also be around concerns such as national security or surveillance. Further, as an individual, I do not consider this ginormous list of stake holders in my everyday privacy choices. A whole new category of stakeholders are other individuals or users whose privacy is also affected by my own decisions. This includes family members’ usage of shared devices, connections on social networks whose information can be inferred through my association with them etc. Finally, there are regulations and mandates that I might have to follow as an employee such as HIPPA, COPPA, GDPR to protect the privacy of others. Given these multitude of stakeholders that have an implicit say in my privacy decisions, the complexity of privacy decisions in everyday life becomes mind boggling once we start caring and thinking more deeply. And it makes sense why one might give up and stop caring.

The contextual integrity framework was one theory that helped in thinking through and navigating some of these questions. Contextual integrity is a philosophical account of privacy in terms of the transfer of personal information. Some early papers on the application of this framework note that “ It is not proposed as a full definition of privacy, but as a normative model, or framework, for evaluating the flow of information between agents (individuals and other entities), with a particular emphasis on explaining why certain patterns of flow provoke public outcry in the name of privacy (and why some do not)” (Barth et al. 2006) [2]. At the heart of the framework is identifying appropriate information flows so that data leakage can be minimized and privacy can be protected. This idea reduces the complexities of privacy decisions into thinking about two aspects, the context and the information flow. Once the context and information flow is understood other entities such as data subject, sender, recipient, information type and transmission principle can be embedded into the privacy related scenario. For example, consider the case of social media. The context here is not social or professional but more personal activities an individual engages in. The data subject in this case is the end user or individual, the sender of the data is the social media company, the recipient can be internal to the sender such as researchers or employees but also third-party agents such as advertising agencies, information type can be demographic, activities on social media (that can infer interests, mental states etc.), biographical, financial etc. Finally, possible transmission principles could be consent, coerced, stolen, buying, selling, confidentiality or stewardship. With this breakdown one can now reason whether sharing information that is demographic is appropriate to be shared with third-party ad agencies without consent from the data subject. Breaking down the situation in this manner was a helpful exercise to navigate complex, multi-faceted privacy decisions both as individual users as well as researchers or designers.

I believe future work in the space of usability privacy and security can adopt this framework and use it as an ontology to understand and establish privacy norms. For instance, based on online data from say social media, a contextual integrity framework using the above five entities can be populated in an intelligent data driven manner. Similarly, the framework can be used to identify privacy norms and then mechanisms can be designed to maintain the specific privacy norms. Summarily, this conceptual framework helped me personally in articulating and thinking through complex privacy decisions but also presented interesting future directions in applying it to the HCI domain.

References

1. Nissenbaum, H. (2009). Privacy in context: Technology, policy, and the integrity of social life. Stanford University Press.
2. Barth, A., Datta, A., Mitchell, J. C., & Nissenbaum, H. (2006, May). Privacy and contextual integrity: Framework and applications. In 2006 IEEE Symposium on Security and Privacy (S&P’06) (pp. 15-pp). IEEE.