I’ve been meaning to blog about the Privacy Roundtable for a while and now with the New Year and all I’m finally getting around to it. The Privacy Roundtable is – similarly to the iii – an interdisciplinary group of PhD students (there are eight of us to be precise: Lea Aeschlimann, Rehana Harasgama, Flavius Kehr, Christoph Lutz, Veselina Milanova, Severina Müller, Pepe Strathoff & Aurelia Tamò) from the University of St.Gallen who meet more or less regularly to talk about privacy issues of our day and age.
During the last year we put all our know-how and efforts towards an article we named “Re-Setting the Stage for Privacy – A multi-layered Privacy Framework and its Application” that was published in this year’s edition of the “Schriften der Assistierenden der Universität St.Gallen” which is a book published and composed by researchers of the University of St.Gallen. Our paper turned out to be the starting point for our envisioned Privacy Framework and basically sets the stage for further thought in the approach we took. The aim was to construct an interdisciplinary framework that analyses privacy on different levels from an individual’s perspective.
“This study sets out to examine individual online privacy behavior as an outcome of various aspects of life and society rooted in different levels of investigation. That is, it not only considers psychological influences on the individual level but includes economic, societal, cultural, and governmental aspects that may affect individuals’ information privacy behavior. We define individual privacy behavior in terms of the decision-making process of whether and why individuals reveal personal information.”
The starting point for our research paper was Urie Bronfenbrenner’s ecological multi-level model of human development which we adapted accordingly to explain individual’s behavior when it comes to privacy.
“In this perspective, human development is described as a process in which an active, evolving person constantly interacts with his or her immediate environment (on a micro-, exo-, meso- and macro-level).”
Based on Bronfenbrenner’s model, our paper assumes that individual privacy considerations are influenced by (1) individual cognitions and emotions at a micro-level, (2) stakeholders interested in personal data, such as economic organisations requesting information at an exo-level, (3) societal norms and values indirectly guiding individual decision-making at a meso-level, and (4) governmental decisions, regulations and laws at a macro-level.” After applying Bronfenbrenner’s model to privacy decisions and analysing the different levels, we took a look at the interactions between the various layers of the framework in order to make some suggestions to make improvements on all four levels in a privacy-friendly manner. To exemplify the interplay of the different layers with each other we used examples from the day-to-day challenges for privacy such as the CJEU decision on the Right to be Forgotten, the difference in usage of Twitter in different countries, the usage of different cloud service providers, the implementation of new legislation and government surveillance and so on.
We came to the conclusion that understanding online privacy as a phenomenon that is affected by many different levels is a promising approach to account for its complexity.
“Particularly, the dependency and strong ties of the individual (privacy decision) to a broader context of various systems or actors [can be] depicted [through this framework]. Thus, [our framework] complements actor-centric views of online privacy with a much needed systemic perspective.”
Our analysis showed that there have to be different methods on how to handle privacy in the future. We cannot tackle privacy problems from only one of the four levels, that would be insufficient and would not account for the different interests involved. Any approach trying to solve privacy issues on a larger scale will have to account for all levels of individual privacy decisions and thus a multi-level approach should be adapted. We concluded the paper with a table (see below) that illustrates a few of the practical recommendations we could think of for each interaction level. The model and recommendations are still an ongoing project, might I add. “On the one side, these recommendations are very demanding and not easy to implement; however, they embrace a vision of information privacy as a social value reflected in the actions of individuals, organisations, society and the state as a whole”.
|Individual||Transparent and easy to understand privacy policies; literate and educate users; Internet companies should be easy (easier) to approach and open for user inputs and concerns; context-aware interfaces and specific solutions for specific groups (e.g., elderly, adolescents etc.); Company ethics boards and mechanisms for whistle-blowing||Listening to individuals’ privacy needs and attitudes; putting privacy on the political agenda; Increasing privacy literacy and knowledge via campaigns or curricula in schools; Public hearings and political and legal representation of privacy experts in commissions||Media and civil society actors: portraying current developments in a balanced way; sensitising users about their rights and duties towards the state and organisations when it comes to privacy; shaping individual privacy perception|
|Organisations||–||Regular exchange between regulators and companies to enable a more forward-looking legislation (dialogues/discourse)||More reflection on the social implications of the interplay between people and software; more diverse hiring practices; companies should show more engagement and commitment in the public debate|
|State||–||Legislative adaptions to keep pace with technology (flexibility); protect individuals’ privacy and at the same time ensure economic growth and innovation||Accurate adjustment of the regulatory structures, taking into account the country-specific perceptions and concerns towards privacy|