Abstract
In February 2012, the Obama White House endorsed a Privacy Bill of Rights, comprising seven principles. The third, “Respect for Context,” is explained as the expectation that “companies will collect, use, and disclose personal data in ways that are consistent with the context in which consumers provide the data.” One can anticipate the contested interpretations of this principle as parties representing diverse interests vie to make theirs the authoritative one. In the paper I will discuss three possibilities and explain why each does not take us far beyond the status quo, which, regulators in the United States, Europe, and beyond have found problematic. I will argue that contextual integrity offers the best way forward for protecting privacy in a world where information increasingly mediates our significant activities and relationships. Although an important goal is to influence policy, this paper aims less to stipulate explicit rules than to present an underlying justificatory, or normative rationale. Along the way, it will review key ideas in the theory of contextual integrity, its differences from existing approaches, and its harmony with basic intuition about information sharing practices and norms.
Similar content being viewed by others
Notes
Anxiety over the digital age, and more specifically, big data, is a major theme in mainstream tech and business journalism as of 2013. For more information, see The New York Times’ special section “Big Data 2013.” http://bits.blogs.nytimes.com/category/big-data-2013/.
The remaining six principles are Individual Control, Transparency, Security, Access and Accuracy, Focused Collection and Accountability.
July, 2012. Multistakeholder Process To Develop Consumer Data Privacy Code of Conduct Concerning Mobile Application Transparency. Symposium conducted at the open meeting of The National Telecommunications and Information Administration, Washington, DC.
For a further discussion on spheres, see Nissenbaum (2010 pp. 80, 131, 166–169, 198–200, 240–241).
In practice, we may omit explicit mention of one or two of the parameters where these are obviously understood, or tedious to fully specify.
Greater detail can be found in Privacy in Context (Nissenbaum 2010), however, the role and scope of transmission principles deserves even fuller coverage elsewhere.
For development of this point, see Nissenbaum (2010).
Nissenbaum (2010).
“Appendix B: Comparison of the Consumer Privacy Bill of Rights to Other Statements of the Fair Information Practice Principles (FIPPS),” White House Privacy Report 2012.
In fairness, others in the policy arena have noted the indeterminacy of the linchpin purpose specification and use limitation principles and are attempting to set substantive standards. For example, the EU Article 29 Working Party in Opinion 03/201d on purpose limitation and aspects of the problem discussed in Rauhofer (2013).
18 USC § 2511(2)(a)(i) 2011, (i): “It shall not be unlawful under this chapter for an operator of a switchboard, or an officer, employee, or agent of a provider of wire or electronic communication service, whose facilities are used in the transmission of a wire or electronic communication, to intercept, disclose, or use that communication in the normal course of his employment while engaged in any activity which is a necessary incident to the rendition of his service or to the protection of the rights or property of the provider of that service, except that a provider of wire communication service to the public shall not utilize service observing or random monitoring except for mechanical or service quality control checks.” Thanks to Chris Hoofnagle for calling attention to this crucial point.
Thanks to Ira Rubinstein for suggesting Google Buzz as an illustration of the different thinking generated different interpretations of context. Also, see Ira Rubinstein and Nathan Good (2013).
References
Angwin, J., & Valentino-Devries, J. (2012). New tracking frontier: Your license plates. The Wall Street Journal. http://online.wsj.com/article/SB10000872396390443995604578004723603576296.html. Accessed June 12, 2014.
Brooks, H. (1980). Technology, evolution, and purpose. Daedalus, 109, 65–81.
Cate, F. (2006). The failure of fair information practice principles. In Consumer protection in the age of the information economy, July 8. http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1156972. Accessed July 1, 2013.
Center for Democracy and Technology. (2012). White House Unveils ‘Consumer Privacy Bill of Rights’; Industry Embraces Do Not Track. February 23. https://cdt.org/press/white-house-unveils-consumer-privacy-bill-of-rights-industry-embraces-do-not-track/.
Chavez, P. L. (2011). Comments of Google Inc. to US Department of Commerce. Electronic filing, January 28. http://www.ntia.doc.gov/files/ntia/comments/101214614-0614-01/attachments/FINALCommentsonDepartmentofCommercePrivacyGreenPaper%20%283%29.pdf. Accessed June 11, 2013.
Civil, C. (2012). President Obama’s Privacy Bill of Rights: encouraging a collaborative process for digital privacy reform. Berkeley Technology Law Journal. http://btlj.org/2012/03/12/president-obamas-privacy-bill-of-rights-encouraging-a-collaborative-process-for-digital-privacy-reform. Accessed June 11, 2013.
Cohen, J. (2012). Configuring the networked self: Law, code and the play of everyday practice. New Haven: Yale University Press.
Department of Commerce and National Telecommunications & Information Administration. (2012). Consumer data privacy in a networked world: A framework for protecting privacy and promoting innovation in the global digital economy. White House Privacy Report, February 23. http://www.whitehouse.gov/sites/default/files/privacy-final.pdf. Accessed June 11, 2013.
Department of Homeland Security. (2013). Web site privacy policy. http://www.dhs.gov/privacy-policy. Accessed June 12, 2013.
Dwork, C., & Mulligan, D. K. (2013). It’s not privacy, and it’s not fair. Stanford Law Review Online, 66, 35.
Electronic Privacy Information Center (2012) White house sets out consumer privacy bill of rights. https://epic.org/2012/02/white-house-sets-out-consumer-.html. Accessed July 9, 2015.
Ellul, J., & Merton, R. K. (1964). The technological society. New York: Vintage Books.
European Union. (2013). Committee on Civil Liberties, Justice and Home Affairs. In On the Proposal for a Regulation of the European Parliament and of the Council on the Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of Such Data (General Data Protection Regulation). By Jan Phillipp Albrecht. Vol. (COM(2012)0011—C7-0025/2012—2012/0011(COD)).
Federal Trade Commission. (2012). Protecting consumer privacy in an era of rapid change: Recommendations for businesses and policymakers. FTC Report. http://www.ftc.gov/os/2012/03/120326privacyreport.pdf. Accessed June 11, 2013.
Federal Trade Commission, Plaintiff, v. Wyndham Worldwide Corporation, Et Al., Defendants. 2:13-cv-01887-ES-JAD. US District Court, District of New Jersey. 7 Apr. 2014.
Friedman, M. (1970). The social responsibility of business is to increase its profits. The New York Times Magazine. http://www.colorado.edu/studentgroups/libertarians/issues/friedman-soc-resp-business.html. Accessed June 11, 2013.
Gavison, R. (1980). Privacy and the limits of the law. Yale Law Journal, 89, 421–471.
Google Inc v. Joffe Et Al. 13 1181. US Supreme Court. 30 June 2014.
Hoffman, D. (2012). White House releases framework for protecting privacy in a networked world. Post on Policy@Intel blog. http://blogs.intel.com/policy/2012/02/23/white-house-privacy. Accessed June 12, 2013.
Horan, P. Re: Information and Privacy in the Internet Economy. Online Publishers Association, January 28. http://www.ntia.doc.gov/files/ntia/comments/101214614-0614-01/attachments/OPA%20Comments%20in%20DOC%20Privacy%20Proceeding%20(Docket%20No.%20101214614-0614-01).pdf. Accessed July 9, 2015.
Intel. (2011). RE: FTC Staff Preliminary Report on Protecting Consumer Privacy. Intel Comments to FTC, January 26. http://www.ftc.gov/os/comments/privacyreportframework/00246-57451.pdf. Accessed June 11, 2013.
Katz, v. United States, (1967), 389 U.S. 347.
Kiseleva, J., Thanh Lam, H., Pechenizkiy, M., & Calders, T. (2013a). Discovering temporal hidden contexts in web sessions for user trail prediction. In Proceedings of the 22nd international conference on World Wide Web companion (pp. 1067–1074). International World Wide Web Conferences Steering Committee.
Kiseleva, J., Lam, H. T., Pechenizkiy, M., & Calders, T. (2013b). Predicting Current User Intent with Contextual Markov Models. In Data mining workshops (ICDMW), 2013 IEEE 13th international conference on (pp. 391–398). IEEE.
Lawler, B. (2011). Request for comments: Information privacy and innovation in the internet economy. Intuit Comments before the Department of Commerce, Office of the Secretary National Telecommunications and Information Administration, January 28. http://www.ntia.doc.gov/files/ntia/comments/101214614-0614-01/attachments/Intuit.pdf. Accessed June 11, 2013.
Maier, F. (2010). Comments in Response to the Department of Commerce’s Green Paper—Commercial Data Privacy & Innovation in the Internet Economy: A Dynamic Policy Framework. Electronic filing, January 28. http://www.ntia.doc.gov/files/ntia/comments/101214614-0614-01/attachments/DoC%20Green%20Paper%20Comments%20(20110128)-Signed.pdf. Accessed 9 July, 2015.
National Telecommunications and Information Administration. (2012). Multistakeholder process to develop consumer data privacy code of conduct concerning mobile application transparency. Notice of meeting published by Federal Register, June 28. https://www.federalregister.gov/articles/2012/06/28/2012-15767/multistakeholder-process-to-develop-consumer-data-privacy-code-of-conduct-concerning-mobile. Accessed June 11, 2013.
Nissenbaum, H. (2010). Privacy in context: Technology, policy and the integrity of social life. Stanford, CA: Stanford Law.
Nissenbaum, H. (2011). A contextual approach to privacy online. Daedalus, 140(4), 32–48.
Nissenbaum, H. (2012). From preemption to circumvention: If technology regulates why do we need regulation (and Vice Versa)? Berkeley Technology Law Journal, 26, 3.
OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data. (September 23 1980). http://www.oecd.org/internet/ieconomy/oecdguidelinesontheprotectionofprivacyandtransborderflowsofpersonaldata.htm. Accessed on June 11, 2013.
Olmstead, v. United States, (1928), 277 U.S. 438.
Rauhofer, J. (2013). One step forward, two steps back: Critical observations on the proposed reform of the EU data protection framework. Journal of Law and Economic Regulation, 6(1).
Raul, A. C., McNicholas, E. R., Brown, C. T., & Adams, J. P. (2011). Comments of AT&T Inc. Before the Department of Commerce Internet Policy Task Force. Federal Trade Commission, January 28. https://www.ftc.gov/sites/default/files/documents/public_comments/preliminary-ftc-staff-report-protecting-consumer-privacy-era-rapid-change-proposed-framework/00420-58060.pdf. Accessed 9 July, 2015.
Re: Netflix Privacy Litigation. No. 11-00379. US District Court, Northern District of California. 6 July 2012. Print.
Regan, P. M. (1995). Legislating privacy: Technology, social values, and public policy. Chapel Hill: University of North Carolina Press.
Rubinstein, I. (2010). Privacy and regulatory innovation: Moving beyond voluntary codes. I/S a Journal of Law and Policy for the Information Society, 6(3), 356–423.
Rubinstein, I. S., & Good, N. (2013). Privacy by design: A counterfactual analysis of Google and Facebook privacy incidents. Berkeley Technology Law Journal, 28, 1333–1583.
Schoeman, F. D. (1984). Philosophical dimensions of privacy: An anthology. Cambridge: Cambridge University Press.
Selbst, A. D. (2013). Contextual expectations of privacy. Cardozo Law Review, 35, 643–897.
Solove, D. (2006). A taxonomy of privacy. University of Pennsylvania Law Review, 154, 477–560.
US Const. amend. VI.
US National Telecommunications and Information Administration. (July, 2013b). Short form notice. http://www.ntia.doc.gov/files/ntia/publications/july_25_code_draft.pdf. Accessed June 11, 2013.
US National Telecommunications and Information Administration. Nov. (2013a). Privacy multistakeholder process: Mobile application transparency—Background. http://www.ntia.doc.gov/other-publication/2013/privacy-multistakeholder-process-mobile-application-transparency. Accessed June 11, 2013.
USC § 2511(2)(a)(i)—Interception and disclosure of wire, oral, or electronic communications prohibited (2)(a)(i). http://www.gpo.gov/fdsys/granule/USCODE-2011-title18/USCODE-2011-title18-partI-chap119-sec2511/content-detail.html.
Valentino-Devries, J., & Singer-Vine, J. (2012, December 7). They know what you're shopping for. The Wall Street Journal. http://www.wsj.com/articles/SB10001424127887324784404578143144132736214.
Van den Hoven, J. M. (1998). Privacy and the varieties of informational wrongdoing. Austria Journal of Professional and Applied Ethics, 1(1), 30–43.
Ware, W. H. (1967). The computer in your future. Defense Technical Information Center.
World Economic Forum. (2012). Rethinking personal data: Strengthening trust. Report, May. http://www.weforum.org/docs/WEF_IT_RethinkingPersonalData_Report_2012.pdf. Accessed June 11, 2013.
Acknowledgments
An early version of this paper was presented at the Privacy Law Scholars Conference 2013 where James Rule, Mike Hintze, and other participants provided excellent commentary. I have benefitted from deep insights of many colleagues and from opportunities to present the work at the Amsterdam Privacy Conference, University of Washington, Fondation Télécom Seminar on The Futures of Privacy, and the EU JRC Ispra Workshop on Emerging ICT for Citizen Veillance. Thanks to Emily Goldsher-Diamond for outstanding and invaluable research assistance.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Nissenbaum, H. Respecting Context to Protect Privacy: Why Meaning Matters. Sci Eng Ethics 24, 831–852 (2018). https://doi.org/10.1007/s11948-015-9674-9
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11948-015-9674-9