Today was day 0 of the Amsterdam Privacy Conference (APC 2012). Theme of today was contextual integrity. Helen Nissenbaum explained the concept (that she introduced several years ago) during an entertaining and clear keynote. After the break a panel consisting of Judith Lichtenberg (Vodafone NL), Simon Davies (Privacy International) and Jacob Kohnstamm (Dutch Data Protection authority CBP) discussed the concept of contextual integrity in depth.

Nissenbaum’s point of view

According to Nissenbaum, the dominant approach to online privacy these days is a focus on user control through transparency and choice, which is implemented as voluntary, enforceable privacy policies. The problem with this approach is that it burdens the individual to engage in multiple unilateral contracts (which she needs to understand and review once in a while). The goals and procedures for sharing information are set by the service provider (abusing the power balance between individual users and these providers) and may go far beyond what is customary behaviour in similar contexts.

As an alternative approach, Nissenbaum advocates privacy as contextual integrity. This frames privacy not as a control or secrecy issue, but as a matter of appropriateness. The underlying premise is that sharing information is beneficial/valuable (provided it is done in an appropriate fashion). Jeff Jarvis argues a similar point of view in his book “Public parts”. Whether something is appropriate, depends on the context. The social context defines the applicable norms. At work, you expect personal information to be treated in a certain way. The same goes for banks, health care, insurances, etc. Often, such norms for particular contexts are prescribed in law. Contextual integrity violated when such informational norms are violated.

Given this framework, the importance of privacy boils down to answering the following question “Why should we respect informational norms?”. This boils down to the following two lines of reasoning. First, it sustains general moral, social, and political values (it limits harms and risks, limits unfair discrimination, supports freedoms, and promotes autonomy). Second, it serves context specific internal values, ends, purposes. For example, privacy in health care ensures that people are not afraid to speak frankly with a doctor.

Critique

Lichtenberg (Vodafone) supported Nissenbaum’s approach wholeheartedly.

Davies’ (Privacy International) main objection was “Everybody wants to use the word context in their own ‘context’ “. He agreed that context is absolutely central to the future of data protection, but only if the context is defined by the user, individually. Davies fears that large coorperations try to hijack the word in such a way that context is going to be a substitute for (user) rights (after which the user is left with no protection at all).

Jacob Kohnstamm thinks the concept is great in theory but worries about practical implementation. He raised the question (which wasn’t answered) how the cookie/DNT (Do Not Track) discussion would be viewed through contextual integrity glasses, and how it would be resolved. He also raised the issue of who decides what the norms are? This is a problem when there is an inherent
power imbalance. The benefits of the EU regulation principles are that they always apply, but that they are interpreted in a specific context. This way, there is a baseline to which all have to adhere to.

There is another issue with companies (like Google) that provide many different services (that cover many different contexts). Google consolidating its privacy policy is then bad practice, because it does not address the fact that certain information sharing practices may be against the norm in certain contexts.

I myself have similar concerns. Contextual integrity seems to intuitively capture what proper privacy protection should deliver. However, as soon as you want to make it concrete for a particular case it doesn’t give you any tools to do so. Contextual integrity may describe what you want but doesn’t tell how to achieve it.

But the problem with contextual integrity is probably more fundamental. It is build on the premise that Internet is yet another medium. It assumes that norms that apply in the offline context apply unchanged to the online context. And it assumes that all contexts in the online world have a similar (and well understood counterpart) in the offline world. The problem is that the Internet introduces a new universe in which certain laws of physics (so to speak) no longer hold (as Paul Graham very nicely argued in his essay on Defining Property, and which explains why copyright protection will never work anymore). For example, online social networks behave radically different from anything that we know offline. The concept of contextual integrity doesn’t help here because it doesn’t give is any clues how to define new norms that properly deal with the new reality.

When asked about this, Nissenbaum replied “stick with values; not with the rules” (which was probably caused by the fact that I referred to the copyright issue). But the point is that the norms themselves change: on the Internet perfect copies are possible without theft, so how do we now norm copying?