PRIVACY LABEL — Part II: Defining the Indefinable

Part II of a blog series about privacy, and how we can raise awareness through a universal privacy label.

After diving into why privacy today is problematic in our previous post, this article explores what privacy is, and how we rank it, in our mission to better inform people about data collection and privacy for our research program ‘Demystifying the Smart City’. We’ll be exploring our research on:

  • Why privacy is such a controversial term;
  • How experts have broken it down into conceptual taxonomies;
  • How we used our findings to create, and validate our own privacy ranking guidelines.

The seemingly simple term “privacy” is as deceitful as our perception of having it in today’s world.

Merriam-Webster defines privacy as “the quality or state of being apart from company or observation.” It’s a straightforward definition, but considering that it’s from the 15th century, in the past 500+ years since, times have certainly changed.

Within the academic realm, privacy is an extremely disputed term with countless ongoing debates concerning an accurate breakdown of the term.

The Privacy Debate.

Especially since the global spread and proliferation of the internet, privacy debates have only become more heated. An overwhelming amount of unclear overlaps has resulted as the types of personal information and methods of capturing it have exponentially expanded.

Despite countless attempts to understand the term, there’s still not a widely recognized explanation, let alone an acceptable set of practices when it comes to ethically handling personal information.

Model “New phase in the digital society” by Rathenau Instituut depicts the types of personal information which privacy pertains to in the 21st century.

Existing Privacy Models.

Two of the first privacy taxonomies we looked into were Rob Kitchin’s “Privacy and Big Urban Data”, and Roger Clarke’s “The Comprehensive Interpretation of Privacy.”

We immediately noticed several overlaps, and overlaps within those overlaps. They both break down privacy into slightly different terms but mostly align on the distinction between “Bodily” (the integrity of the physical person), “Identity” (personal and confidential data), “Communications” (conversation and correspondence), and “Personal Data” (tracking of spatial behavior, search queries, purchase history, and other exchanges).

The biggest difference between the two, is that there is no accounting for “Territorial Privacy” (protecting personal space, objects, and property) within Clarke’s interpretation, and Kitchin’s interpretation breaks down privacy into two additional categories more than Clarke’s.

Seeing how these interpretations were similar, yet different, we looked into additional publications to broaden our perspective on privacy, smart cities, sensor technology, and big data:

With a baseline understanding of how experts have broken down privacy types and their personal implications, we mapped out all the factors interwoven with privacy within a smart city.

Analyzing our research, it’s more evident than ever that there’s no one clear way to define privacy.

While each publication slightly helped to understand the bigger picture more, it took hours of reading, analyzing, and sketching to sort and understand it all. The takeaway was clear: in order to create an understandable breakdown and ranking of privacy for a general audience, we’d need to create our own taxonomy which simplified this seemingly indefinable topic.

Defining Our Privacy Ranking System.

Reflecting over our research notes, we empathized with individuals less informed than us about data privacy to break down the term in a universally applicable way. We settled on three overarching categories:

  1. Collection: If, what, and how personal data is collection and stored
  2. Usage: Why personal information is collected and how it’s handled
  3. Control: User’s level of accessibility to limiting personal information collection

Within each of these categories are five sub-questions we determined using Rathenau Instituut’s “Overview of ethical and societal issues related to digitization” as the foundation for. For any entity, be it a digital service like Spotify or a physical space like your local grocery store, an expert could go through to evaluate the entity by answering the corresponding questions:

Our sub-questions per each of the three privacy categories.

If a question is answered yes, then the entity gains one of the fifteen possible points. If a question is answered no or the answer is unknown, then no points are gained. The higher the total points, the more the entity minimizes the collection of, respects, provides control, secures, and is more transparent about consumer’s personal data.

With this ranking system established, a letter grading system, A being the best to F as the worst, can be tied in, allowing the general public to easily grasp how different entities treat their personal information.

Our privacy ranking guidelines in action.

We’re currently arranging a committee of experts to evaluate and improve this ranking criteria (please contact Gert Franke if you would like to be part of this). For now we used this existing framework as the foundation for our next step of the project: proposing a visual way to communicate this score.

Concerned about your privacy? Read more in our series exploring the current state of privacy in Part I, visually communicating the complex ideas of privacy in Part III, and designing a universal privacy awareness label in Part IV.

The ‘Demystifying the Smart City’ research program is supported by the Creative Industries Fund NL.