Respecting Context to Protect Privacy: Why Meaning Matters
In February 2012, the Obama White House endorsed a Privacy Bill of Rights, comprising seven principles. The third, “Respect for Context,” is explained as the expectation that “companies will collect, use, and disclose personal data in ways that are consistent with the context in which consumers provide the data.” One can anticipate the contested interpretations of this principle as parties representing diverse interests vie to make theirs the authoritative one. In the paper I will discuss three possibilities and explain why each does not take us far beyond the status quo, which, regulators in the United States, Europe, and beyond have found problematic. I will argue that contextual integrity offers the best way forward for protecting privacy in a world where information increasingly mediates our significant activities and relationships. Although an important goal is to influence policy, this paper aims less to stipulate explicit rules than to present an underlying justificatory, or normative rationale. Along the way, it will review key ideas in the theory of contextual integrity, its differences from existing approaches, and its harmony with basic intuition about information sharing practices and norms.
KeywordsPrivacy Contextual integrity Privacy law Public policy Protecting privacy Networks
An early version of this paper was presented at the Privacy Law Scholars Conference 2013 where James Rule, Mike Hintze, and other participants provided excellent commentary. I have benefitted from deep insights of many colleagues and from opportunities to present the work at the Amsterdam Privacy Conference, University of Washington, Fondation Télécom Seminar on The Futures of Privacy, and the EU JRC Ispra Workshop on Emerging ICT for Citizen Veillance. Thanks to Emily Goldsher-Diamond for outstanding and invaluable research assistance.
- Angwin, J., & Valentino-Devries, J. (2012). New tracking frontier: Your license plates. The Wall Street Journal. http://online.wsj.com/article/SB10000872396390443995604578004723603576296.html. Accessed June 12, 2014.
- Brooks, H. (1980). Technology, evolution, and purpose. Daedalus, 109, 65–81.Google Scholar
- Cate, F. (2006). The failure of fair information practice principles. In Consumer protection in the age of the information economy, July 8. http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1156972. Accessed July 1, 2013.
- Center for Democracy and Technology. (2012). White House Unveils ‘Consumer Privacy Bill of Rights’; Industry Embraces Do Not Track. February 23. https://cdt.org/press/white-house-unveils-consumer-privacy-bill-of-rights-industry-embraces-do-not-track/.
- Chavez, P. L. (2011). Comments of Google Inc. to US Department of Commerce. Electronic filing, January 28. http://www.ntia.doc.gov/files/ntia/comments/101214614-0614-01/attachments/FINALCommentsonDepartmentofCommercePrivacyGreenPaper%20%283%29.pdf. Accessed June 11, 2013.
- Civil, C. (2012). President Obama’s Privacy Bill of Rights: encouraging a collaborative process for digital privacy reform. Berkeley Technology Law Journal. http://btlj.org/2012/03/12/president-obamas-privacy-bill-of-rights-encouraging-a-collaborative-process-for-digital-privacy-reform. Accessed June 11, 2013.
- Cohen, J. (2012). Configuring the networked self: Law, code and the play of everyday practice. New Haven: Yale University Press.Google Scholar
- Department of Commerce and National Telecommunications & Information Administration. (2012). Consumer data privacy in a networked world: A framework for protecting privacy and promoting innovation in the global digital economy. White House Privacy Report, February 23. http://www.whitehouse.gov/sites/default/files/privacy-final.pdf. Accessed June 11, 2013.
- Dwork, C., & Mulligan, D. K. (2013). It’s not privacy, and it’s not fair. Stanford Law Review Online, 66, 35.Google Scholar
- Electronic Privacy Information Center (2012) White house sets out consumer privacy bill of rights. https://epic.org/2012/02/white-house-sets-out-consumer-.html. Accessed July 9, 2015.
- Ellul, J., & Merton, R. K. (1964). The technological society. New York: Vintage Books.Google Scholar
- European Union. (2013). Committee on Civil Liberties, Justice and Home Affairs. In On the Proposal for a Regulation of the European Parliament and of the Council on the Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of Such Data (General Data Protection Regulation). By Jan Phillipp Albrecht. Vol. (COM(2012)0011—C7-0025/2012—2012/0011(COD)).Google Scholar
- Federal Trade Commission. (2012). Protecting consumer privacy in an era of rapid change: Recommendations for businesses and policymakers. FTC Report. http://www.ftc.gov/os/2012/03/120326privacyreport.pdf. Accessed June 11, 2013.
- Federal Trade Commission, Plaintiff, v. Wyndham Worldwide Corporation, Et Al., Defendants. 2:13-cv-01887-ES-JAD. US District Court, District of New Jersey. 7 Apr. 2014.Google Scholar
- Friedman, M. (1970). The social responsibility of business is to increase its profits. The New York Times Magazine. http://www.colorado.edu/studentgroups/libertarians/issues/friedman-soc-resp-business.html. Accessed June 11, 2013.
- Google Inc v. Joffe Et Al. 13 1181. US Supreme Court. 30 June 2014.Google Scholar
- Hoffman, D. (2012). White House releases framework for protecting privacy in a networked world. Post on Policy@Intel blog. http://blogs.intel.com/policy/2012/02/23/white-house-privacy. Accessed June 12, 2013.
- Horan, P. Re: Information and Privacy in the Internet Economy. Online Publishers Association, January 28. http://www.ntia.doc.gov/files/ntia/comments/101214614-0614-01/attachments/OPA%20Comments%20in%20DOC%20Privacy%20Proceeding%20(Docket%20No.%20101214614-0614-01).pdf. Accessed July 9, 2015.
- Intel. (2011). RE: FTC Staff Preliminary Report on Protecting Consumer Privacy. Intel Comments to FTC, January 26. http://www.ftc.gov/os/comments/privacyreportframework/00246-57451.pdf. Accessed June 11, 2013.
- Katz, v. United States, (1967), 389 U.S. 347.Google Scholar
- Kiseleva, J., Thanh Lam, H., Pechenizkiy, M., & Calders, T. (2013a). Discovering temporal hidden contexts in web sessions for user trail prediction. In Proceedings of the 22nd international conference on World Wide Web companion (pp. 1067–1074). International World Wide Web Conferences Steering Committee.Google Scholar
- Kiseleva, J., Lam, H. T., Pechenizkiy, M., & Calders, T. (2013b). Predicting Current User Intent with Contextual Markov Models. In Data mining workshops (ICDMW), 2013 IEEE 13th international conference on (pp. 391–398). IEEE.Google Scholar
- Lawler, B. (2011). Request for comments: Information privacy and innovation in the internet economy. Intuit Comments before the Department of Commerce, Office of the Secretary National Telecommunications and Information Administration, January 28. http://www.ntia.doc.gov/files/ntia/comments/101214614-0614-01/attachments/Intuit.pdf. Accessed June 11, 2013.
- Maier, F. (2010). Comments in Response to the Department of Commerce’s Green Paper—Commercial Data Privacy & Innovation in the Internet Economy: A Dynamic Policy Framework. Electronic filing, January 28. http://www.ntia.doc.gov/files/ntia/comments/101214614-0614-01/attachments/DoC%20Green%20Paper%20Comments%20(20110128)-Signed.pdf. Accessed 9 July, 2015.
- National Telecommunications and Information Administration. (2012). Multistakeholder process to develop consumer data privacy code of conduct concerning mobile application transparency. Notice of meeting published by Federal Register, June 28. https://www.federalregister.gov/articles/2012/06/28/2012-15767/multistakeholder-process-to-develop-consumer-data-privacy-code-of-conduct-concerning-mobile. Accessed June 11, 2013.
- Nissenbaum, H. (2010). Privacy in context: Technology, policy and the integrity of social life. Stanford, CA: Stanford Law.Google Scholar
- Nissenbaum, H. (2012). From preemption to circumvention: If technology regulates why do we need regulation (and Vice Versa)? Berkeley Technology Law Journal, 26, 3.Google Scholar
- OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data. (September 23 1980). http://www.oecd.org/internet/ieconomy/oecdguidelinesontheprotectionofprivacyandtransborderflowsofpersonaldata.htm. Accessed on June 11, 2013.
- Olmstead, v. United States, (1928), 277 U.S. 438.Google Scholar
- Rauhofer, J. (2013). One step forward, two steps back: Critical observations on the proposed reform of the EU data protection framework. Journal of Law and Economic Regulation, 6(1).Google Scholar
- Raul, A. C., McNicholas, E. R., Brown, C. T., & Adams, J. P. (2011). Comments of AT&T Inc. Before the Department of Commerce Internet Policy Task Force. Federal Trade Commission, January 28. https://www.ftc.gov/sites/default/files/documents/public_comments/preliminary-ftc-staff-report-protecting-consumer-privacy-era-rapid-change-proposed-framework/00420-58060.pdf. Accessed 9 July, 2015.
- Re: Netflix Privacy Litigation. No. 11-00379. US District Court, Northern District of California. 6 July 2012. Print.Google Scholar
- Regan, P. M. (1995). Legislating privacy: Technology, social values, and public policy. Chapel Hill: University of North Carolina Press.Google Scholar
- Rubinstein, I. (2010). Privacy and regulatory innovation: Moving beyond voluntary codes. I/S a Journal of Law and Policy for the Information Society, 6(3), 356–423.Google Scholar
- Rubinstein, I. S., & Good, N. (2013). Privacy by design: A counterfactual analysis of Google and Facebook privacy incidents. Berkeley Technology Law Journal, 28, 1333–1583.Google Scholar
- Selbst, A. D. (2013). Contextual expectations of privacy. Cardozo Law Review, 35, 643–897.Google Scholar
- US Const. amend. VI.Google Scholar
- US National Telecommunications and Information Administration. (July, 2013b). Short form notice. http://www.ntia.doc.gov/files/ntia/publications/july_25_code_draft.pdf. Accessed June 11, 2013.
- US National Telecommunications and Information Administration. Nov. (2013a). Privacy multistakeholder process: Mobile application transparency—Background. http://www.ntia.doc.gov/other-publication/2013/privacy-multistakeholder-process-mobile-application-transparency. Accessed June 11, 2013.
- USC § 2511(2)(a)(i)—Interception and disclosure of wire, oral, or electronic communications prohibited (2)(a)(i). http://www.gpo.gov/fdsys/granule/USCODE-2011-title18/USCODE-2011-title18-partI-chap119-sec2511/content-detail.html.
- Valentino-Devries, J., & Singer-Vine, J. (2012, December 7). They know what you're shopping for. The Wall Street Journal. http://www.wsj.com/articles/SB10001424127887324784404578143144132736214.
- Van den Hoven, J. M. (1998). Privacy and the varieties of informational wrongdoing. Austria Journal of Professional and Applied Ethics, 1(1), 30–43.Google Scholar
- Ware, W. H. (1967). The computer in your future. Defense Technical Information Center.Google Scholar
- World Economic Forum. (2012). Rethinking personal data: Strengthening trust. Report, May. http://www.weforum.org/docs/WEF_IT_RethinkingPersonalData_Report_2012.pdf. Accessed June 11, 2013.