Making context the central concept in privacy engineering

There is a gap between people’s online sharing of personal data and their concerns about privacy. Till now, this gap is addressed by attempting to match individual privacy preferences with service providers’ options for data handling. This approach has ignored the role different contexts play in data sharing. This paper aims at giving privacy engineering a new direction putting context centre stage and exploiting the affordances of machine learning in handling contexts and negotiating data sharing policies. This research is explorative and conceptual, representing the first development cycle of a design science research project in privacy engineering. The paper offers a concise understanding of data privacy as a foundation for design extending the seminal contextual integrity theory of Helen Nissenbaum. This theory started out as a normative theory describing the moral appropriateness of data transfers. In our work, the contextual integrity model is extended to a socio-technical theory that could have practical impact in the era of artificial intelligence. New conceptual constructs such as ‘context trigger’, ‘data sharing policy’ and ‘data sharing smart contract’ are defined, and their application is discussed from an organisational and technical level. The constructs and design are validated through expert interviews; contributions to design science research are discussed, and the paper concludes with presenting a framework for further privacy engineering development cycles.

[1]  Daniel R. Horne,et al.  The Privacy Paradox: Personal Information Disclosure Intentions versus Behaviors , 2007 .

[2]  Paul Prinsloo,et al.  Learning analytics at the intersections of student trust, disclosure and benefit , 2019, LAK.

[3]  Björn Niehaves,et al.  Design science research genres: introduction to the special issue on exemplars and criteria for applicable design science research , 2018, Eur. J. Inf. Syst..

[4]  Helen Nissenbaum,et al.  Analyzing Privacy Policies Using Contextual Integrity Annotations , 2018, ArXiv.

[5]  Patrick Brézillon,et al.  Modeling context-based security policies with contextual graphs , 2004, IEEE Annual Conference on Pervasive Computing and Communications Workshops, 2004. Proceedings of the Second.

[6]  Helen Nissenbaum,et al.  Privacy in Context - Technology, Policy, and the Integrity of Social Life , 2009 .

[7]  Tore Hoel,et al.  Privacy engineering for learning analytics in a global market , 2019, The International Journal of Information and Learning Technology.

[8]  Patrick Brézillon,et al.  Understanding Context Before Using It , 2005, CONTEXT.

[9]  Helen Nissenbaum,et al.  Privacy and contextual integrity: framework and applications , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[10]  Annett Baier Programming Language Pragmatics , 2016 .

[11]  Dave Snowden,et al.  Complex Acts of Knowing: Paradox and Descriptive Self-Awareness , 2005 .

[12]  P. Sheeran Intention—Behavior Relations: A Conceptual and Empirical Review , 2002 .

[13]  Janja Komljenovic,et al.  Making higher education markets: trust-building strategies of private companies to enter the public sector , 2018, Higher Education.

[14]  Steve Kenny,et al.  The Value of Privacy Engineering , 2002, J. Inf. Law Technol..

[15]  Robert E. Crossler,et al.  Privacy in the Digital Age: A Review of Information Privacy Research in Information Systems , 2011, MIS Q..

[16]  Ilkka Tuomi,et al.  The Impact of Artificial Intelligence on Learning, Teaching, and Education , 2018 .

[17]  Patrick Brézillon,et al.  Representation of procedures and practices in contextual graphs , 2003, The Knowledge Engineering Review.

[18]  H. Nissenbaum Privacy as contextual integrity , 2004 .

[19]  Jonghwa Park,et al.  The role of privacy fatigue in online privacy behavior , 2018, Comput. Hum. Behav..

[20]  Louise Barkhuus The mismeasurement of privacy: using contextual integrity to reconsider privacy in HCI , 2012, CHI.

[21]  A. Westin Social and Political Dimensions of Privacy , 2003 .

[22]  Romany F. Mansour Understanding how big data leads to social networking vulnerability , 2016, Comput. Hum. Behav..

[23]  Marc Langheinrich,et al.  Privacy and trust issues with invisible computers , 2005, CACM.

[24]  Pamela J. Wisniewski,et al.  Privacy in Context: Critically Engaging with Theory to Guide Privacy Research and Design , 2018, CSCW Companion.

[25]  Stefano Taddei,et al.  Privacy, trust and control: Which relationships with online self-disclosure? , 2013, Comput. Hum. Behav..

[26]  Shai Ben-David,et al.  Understanding Machine Learning: From Theory to Algorithms , 2014 .

[27]  Alan R. Hevner,et al.  Design Science Research Contributions: Finding a Balance between Artifact and Theory , 2018, J. Assoc. Inf. Syst..

[28]  Hilde van der Togt,et al.  Publisher's Note , 2003, J. Netw. Comput. Appl..

[29]  Patrick Brézillon Task-Realization Models in Contextual Graphs , 2005, CONTEXT.

[30]  L. Baruh,et al.  Online Privacy Concerns and Privacy Management: A Meta-Analytical Review , 2017 .

[31]  Vaughan Prain,et al.  Personalised learning: lessons to be learnt , 2012 .

[32]  Helen Nissenbaum,et al.  Contextual Integrity through the Lens of Computer Science , 2017, Found. Trends Priv. Secur..

[33]  Kalle Lyytinen,et al.  Design theory for dynamic complexity in information infrastructures: the case of building internet , 2010, J. Inf. Technol..

[34]  Jonothan Neelands,et al.  PERSONALISED LEARNING: AMBIGUITIES IN THEORY AND PRACTICE , 2007 .

[35]  Alan R. Hevner,et al.  POSITIONING AND PRESENTING DESIGN SCIENCE RESEARCH FOR MAXIMUM IMPACT 1 , 2013 .

[36]  David Snowden,et al.  The First Age: Information for Decision Support 1995: the Transition to the Second Age Complex Acts of Knowing: Paradox and Descriptive Self-awareness , 2022 .

[37]  Heng Xu,et al.  Information Privacy Research: An Interdisciplinary Review , 2011, MIS Q..

[38]  Paul Benjamin Lowry,et al.  Profiling the Research Productivity of Tenured Information Systems Faculty at U.S. Institutions , 2011, MIS Q..

[39]  A. Strauss Basics Of Qualitative Research , 1992 .

[40]  P. Brézillon,et al.  Contextual knowledge sharing and cooperation in intelligent assistant systems , 1999 .