New technologies which allows for the flow of information to occur seamlessly between the individual and the public have evolved to now function as the veins through which societies lifeblood flows through. The transmission and gathering of information has become so effortless the boundary between what information is considered private and what information is considered public is under constant reinterpretation. Concurrently, privacy has become a luxury-right, and from birth children can be tagged, indexed, and tracked (meta-physically) before they take their first birth.
The most effective privacy protection frameworks understand, and allow for flexible control of privacy setting. While at the same time, allowing for a broad interpretation of what information is considered public knowledge, which facilitates the flow of information and its use for beneficial means.
As such, the interpretation of privacy as a right or a control has become the debate between the individualists and the communalists. Unfamiliar with these term communalist? Visit part one of this series on the Fundamentals of Privacy Theory.
Privacy and it value has been a topic of discussion for over 2000 years, but the primary normative perspectives and tenets of most privacy thought leadership is based in one of these three frameworks:
- the framework of fair information practices
- Harms principles
- the framework of privacy as contextual integrity
In my opinion, whereas each framework offers degrees of tangible use, the harms framework offers the most simplistic yet adaptable framework, which in turn makes it the most applicable choice in today’s globalized world(s).
Privacy Protection: As a Right vs as a Control
To understand the three frameworks and why the harms framework seem to the most balanced approach one must first understand the differences between privacy as a right versus privacy as a control.
Privacy as a right is based on the distinction between the self and society and the right of the self to protect against the society as well as the right at times choose whether or not to participate in the collective life. Privacy helps to prevent conformity and at times facilitate dissent; dissent being understood as a diversion from the ideas of the masses. I would argue privacy is a key component a a democracy.
Privacy control theory believes all information can potentially be public knowledge, yet as a safeguard flow of information, its division, and its application must be manipulated based off of context. With privacy as a control the value doesn’t lie in the individual (relationships, reputation, creativity, etc.), with control theory the value lies in the manipulation of others opinions by controlling who can obtain what information and how they use it or interpret it.
Privacy is by nature an attempts to set limits on social media’s allure, quantitative reason’s accuracy, and to remind us that technological progress is not everything. At the same time society is now fully digital. These clashes between privacy norms and tech trends creates knowledge gaps of the value of privacy. An effective framework must be specific enough to satisfy the idea of privacy as a right and a control, while remaining fluid and capable of adapting to changes in technological notions and privacy norms.
The Three Common Frameworks of Privacy Protection
The Fair Information Practices Framework
Under this framework consent is the only feature, leading data subject discrimination and misconstrued opinions of individuals, which can be potentially damaging and fails to account for people consenting to information transfers that reinforce patterns of discrimination.
With that ability organizations are able to develop externalities from the information they piece together which can lead to misconstrued opinions of individuals, which can be potentially damaging.
Used by large organizations (government and business) that allow for automated data collection. It gives individuals the control and allows for preventative protection for privacy violation.
Under this framework notice and choice are believed to be what give the framework legitimacy. Having choice allows for true consent and notice allow for individuals to stay up-to-date in their choices they make. In theory it allows for maximum individual protection since the individual chooses what information to expose, unfortunately this framework has major limitations that cannot be overlooked.
When an organization has to give notice to everyone it collects information from, the cost can be in the billions of dollars per year, while being drastically ineffective in the grand scheme, since in most cases don’t opt out.
It does not accomplish its goal of protecting the individual since it has no real way to protect people from data linkage, which allows organizations to supersede compliance requirements.
The Harms Framework
Under this framework consent is only deemed necessary based on the sensitivity of the information.
A framework that looks at applying consent, but places consequence over choice. The harms framework takes a utilitarian approach, with the understanding that all is permissible as long as it causes no harm, any unfair practice that causes substantial injury or any harm that cannot be easily avoided.
The privacy rules within this theory are designed to prevent tangible harms to individuals and to provide for appropriate recovery for those harms if they occur.
Unlike the two other principles (FIPP and Context) the harm framework remedies the limitations of control by focusing on the use of information and not the possession. Harms framers believe that information, like property ownership, should be made public so people can take into account values. Thus, if there is quantitative benefit to having the information exposed with no foreseen harm the information should be public. Even if the gathering and use of information may seem “creepy” or “appear wrong”, if it causes no real harm, as defined prior, then it is permissible.
Information that could be used for harmful purposes may also have uses that are beneficial for the data subject, the data user, and society as well. Yet as a safeguard the control prevents collection by dishonest or by deceptive means, like data linkage.
The Contextual Integrity Framework
Under the this framework, one must work from a conservative standpoint. Since the roles and activities of individuals and groups are already defined, it becomes impossible to apply this framework to new contexts and difficult to determine a system of agreement for information norms.
What is considered private and what is considered public is not dictated by consent as much as it is by the context and the expectation of the information usage within the context.
under this framework there are more contexts than just public and private and that the number of contexts are relative to the current entrenched expectations regarding the appropriate flow of information; the gray areas in society that still require information norms.
This “gray area,” where individuals and organizations are given roles (teacher, student, doctor) and their given role comes with an expectation of behavior (teach, learn, diagnose). Once the role and activities relationship is established information norms and values can be set based off the context formed from the relationship the individual has to society. These information norms are what govern the flow of personal information; they dictate the transmission, communication, and distribution from one party to another. Within these norms is a transmission principle stating what and who receives your information and under what context are they allowed access.
It is able to protect privacy rights and dictate levels of privacy control for all existing social context. Unfortunately under this context there is no room for farther interpretation when it comes to new situations that change the social context completely. This in the end stifles any form of collective rational agreement (democracy).
Follow me on these Public Spheres