|
Law in the Internet Society
|
|
Review of Helen Nissenbaum’s essay “A Contextual Approach to Privacy Online”-- By JohnStewart - 18 Jan 2013 Link to essay: “A Contextual Approach to Privacy Online” As more services move “on-line” so does more personal information. The past 10 years have seen a meteoric rise in the amount of personal information that has moved online and the next 10 is certain to see exponentially more. This information has moved online so quickly that a system of regulations and social norms have not developed yet in the same way privacy protections and expectations exist in other contexts such as healthcare (doctor patient privilege), legal services (client confidentiality) and even the handling of sensitive tax information. The lack of a legal framework to govern the handling of personal information online has led to a variety of privacy concerns in the online context. NYU Professor of Media, Culture and Communication, and Computer Science, Helen Nissenbaum has published a series of works discussing her theory of contextual integrity which is an attempt to provide a conceptual framework to create privacy protections, whether it be through governmental regulations or a company’s privacy policy. Professor Nissenbaum explains that the traditional approaches to privacy online have been transparency and choice. Under this ideal consumers would be fully informed of how their data is being used and what is being collected. Being fully informed of the privacy implications they would then be free to choose whether they would like to utilize the service or engage in the activity, fully aware of the privacy implications of their choice. This approach is guided predominantly by two considerations: the first is that the right to privacy is generally viewed as a right to control information about oneself; and second, the notice-and-consent approach fits neatly within the paradigm of a competitive free market. However, Professor Nissenbaum argues this approach has failed. The now prevalent policy of “opt-out” doesn't model the free market ideal of a consumer freely choosing, there is a question of whether people even are able to choose to use a service or not (given that in many cases the costs, social and otherwise, of not utilizing a certain service such as LinkedIn? or Facebook may be high) and most privacy policies are not comprehensible to the average consumer, and even if they were, companies are able to change them so frequently they aren’t effective at fully informing the consumer of their rights. Professor Nissenbaum states that many view these problems as pointing to a need for changes to the current notice and consent approach, however she takes the more forceful position that the approach itself must be abandoned for one that takes into account the particularities of the relevant online activity. She argues that the notice and consent approach is doomed to fail in large part due to the information paradox. One of the fundamental features of the notice and consent approach is that the consumer is fully informed with respect to the way in which their information is going to be used and what information is going to be collected. The information paradox explains that the more understandable a privacy policy is the less it fully explains important information (and thus leaving out details that matter) but the more complete and accurate it is the less likely people are going to understand it. In the online context there are simply too many technical details of how information is collected and the various ways it may be shared with 3rd parties to effectively explain precisely what is going on. In other technical fields where the notice and consent approach has worked, such as healthcare where patients are informed about the risks of particular surgeries, the patients are able to rely on the system (medical schools, experience of the doctors etc.) whereas online the individual is effectively on their own in making the decisions. As a result of the flaws in the current system she proposes a new approach termed “contextual integrity.” The goal of the approach is to provide a path to a point where consumers are able to rely on the supporting assurances (as they exist in the healthcare context) to make an informed decision with respect to which services to use. Professor Nissenbaum argues that “the net” should not be conceptualized as a distinctive space – rather it is deeply integrated into our social life. Activities we normally performed “offline”, such as shopping or banking, may now be performed online, however there is nothing new or inherently different about them. The problem with privacy online is that the Net has created new ways in which information is collected and disseminated. The key to creating a privacy framework for the Net is to establish appropriate constraints on the flow of personal information via these new channels. Contextual integrity suggests that we should “locate contexts, explicate entrenched informational norms, identify disruptive flows, and evaluate these flows against norms based on general ethical and political principles as well as context specific purposes and values.” For example, when you deal with your bank you assume that the rules governing your banking information will not change simply because the interaction takes place online. Contextual integrity would suggest that the same norms that govern your interaction with your bank in person should govern your interaction online. In this way the various activities on the Net through which your personal information is collected should be governed by the norms that guide the activity offline. Where there are no obvious applicable norm/social precedents Professor Nissenbaum suggests we begin by looking at the ends, purposes and values of the service and pull the norms from there. Professor Nissenbaum’s theory provides a promising framework through which government and corporate actors may turn to in crafting privacy regulations. As it currently stands the United States has very little in the way of privacy regulations applicable to the handling of personal information online. The next decade will be an important period during which norms governing online privacy will begin to solidify and dictate the degree of protection we have for many years to come – the theory of contextual integrity is a good starting point.This draft isn't yet a review: it's a restatement. You engage with her ideas perfunctorily in the final paragraph, blessing them as "a promising framework." The job of the reviewer, presuming for a moment that the judgment is correct, is to show what the framework promises, and why. Here one would have wanted the essayist to have something of his or her own to say. Helen's argument works better, for example, for the sorts of information turned up in the course of traditional banking, shopping, etc. But we are now talking about new forms of information subject to new forms of analysis, about which it is already clear that people's ethical intuitions may be challenged by altered realities, and altered material possibilities. If that's true, then Helen's argument possesses a quality of nostalgia, assuming that familiar objects and activities (money, shopping, going to a movie, a billboard, a shopfront, a wallet, taking a walk in the park) are still more or less the same as they used to be, and only "the Net" (which we are not to consider something different) has been added. Perhaps what has actually happened is that the advent of a social condition (miscalled, as though it were a thing, "the Net") has changed all these other familiar objects and activities, so that they possess both previously unknown attractions (or conveniences) and previously unknown dangers, riches, conflicts, opportunities? In that case what becomes of Helen's approach, and how might it be reconstructed? Not that my review of Helen's argument as you've restated it is actually my review of Helen's article, which I'm not writing. Why don't we talk about your ideas instead of hers?
|
|
