Privacy as Contextual Integrity

Helen NissenbaumDepartment of Culture & Communications, NYU

http://www.nyu.edu/projects/nissenbaum

Overview

o What is privacy and why do we care about it (if we do)?o Definitionso Control versus Accesso Descriptive versus normativeo In search of a normative foundations for privacy “not a court of law

but a court of conscience…”o BUT … Conflicts, tradeoffs, balancingo Principles -- e.g. sensitivity of informationo Problem: privacy in public (aggregation, data mining, etc.)o Solution: fight it out; interest politics; revert to dogmatismo Look for guidance at societal level

What is Privacy? …. Definitions

• Privacy is not simply an absence of information about us in the minds of others; rather it is the control we have over information about ourselves. --Charles Fried

• Privacy is a limitation of others’ access to an individual through information, attention, or physical proximity. --Ruth Gavison

• Privacy is the right to control information about and access to oneself. -- Priscilla Regan

• Common Law Right to Privacy (as characterized by Samuel Warren and Louis Brandeis, 1890): An individual’s right of determining, ordinarily, to what extent his thoughts, sentiments, and emotions shall be communicated to others.

• "Privacy is the claim of individuals, groups, or institutions to determine for themselves when, how, and to what extend information about them is communicated to others." (p. 7)

• "...privacy is the voluntary and temporary withdrawal of a person from the general society through physical or psychological means, either in a state of solitude or small-group intimacy or, when among larger groups, in a condition of anonymity or reserve." (p. 7)

• Westin, Alan F. Privacy and Freedom. (New York: Atheneum, 1967)

Overview

o What is privacy and why do we care about it (if we do)?o Definitionso Control versus Accesso Descriptive versus normativeo In search of a normative foundations for privacy “not a court of law

but a court of conscience…”o BUT … Conflicts, tradeoffs, balancingo Principles -- e.g. sensitivity of informationo Problem: privacy in public (aggregation, data mining, etc.)o Solution: fight it out; interest politics; revert to dogmatismo Look for guidance at societal level

Privacy as Contextual Integrity

o Norms of Appropriateness determine what types of information are/are not appropriate for a given context

o Norms of Distribution (Flow, transfer) determine the principles governing distribution (flow, transfer) of information from one party to another. o S shares information with R at S’s discretiono R requires S to share informationo R may freely share information about So R may not share information about S with anyoneo R may share information about S under specified constraintso Information flow is/is not reciprocalo Etc.

o Contextual Integrity, is respected when norms of appropriateness and distribution are respected; it is violated when any of the norms are infringed.

Questions

Can we develop systematic ways to inform the technical mission of privacy-preserving data transactions (including data-mining) with contextual norms?

Meta-question: If this is a beginning, how do we establish meaningful, ongoing conversation across the disciplines -- despite vast differences in knowledge-bases and methodologies?