[This is Part 2 of my discussion of the theory of “Privacy as Contextual Integrity”]
Norms of Information Flow
“Privacy as contextual integrity” is not a full theory of privacy; rather, it is a benchmark theory, a conceptual framework that links the protection of personal information to the norms of specific contexts. Rejecting the broadly-defined public/private dichotomy noted previously, contextual integrity recognizes that all of the activities people engage in take place in a “plurality of distinct realms”:
They are at home with families, they go to work, they seek medical care, visit friends, consult with psychiatrists, talk with lawyers, go to the bank, attend religious services, vote, shop, and more. Each of these sphere, realms, or contexts involves, indeed may even be defined by, a distinct set of norms, which governs its various aspects such as roles, expectations, actions, and practices. (Nissenbaum, 2004, p. 137)
Within each of these contexts, norms exist – either implicitly or explicitly – which both shape and limit our roles, behaviors and expectations. It might be acceptable for me to approach a stranger and offer her a hug at a religious service, but not in the grocery store. A judge willingly accepts birthday gifts from co-workers, but would hesitate to accept one from a lawyer currently arguing a case in her courtroom. It is deemed appropriate for a physician to ask me my age, but not for a bank teller. While it is necessary for an airline to know my destination city, it would be inappropriate for them to ask where I will be staying, whom I will be meeting with, or what will be discussed.
The latter examples reveal the ways in which norms govern personal information in particular contexts. Whether in discussions with a physician, purchasing items in a store, or simply walking through a public park, norms of information flow govern what type and how much personal information is relevant and appropriate to be shared with others. The theory of contextual integrity is built around the notion that there are “no arenas of life not governed by norms of information flow.” My being in a public place does not imply that “anything goes” in terms of my personal information. To illustrate this point, we can identify two types of informational norms within the theory of contextual integrity: norms of appropriateness, and norms of distribution.
Norms of Appropriateness
Within any given context, norms of appropriateness distinguish between personal information that is appropriate to divulge and information deemed inappropriate. Norms of appropriateness “circumscribe the type or nature of information about various individuals that, within a given context, is allowable, expected, or even demanded to be revealed” (Nissenbaum, 2004, p. 138). In medical contexts, for example, it is appropriate to share details of my personal physical condition, but not my salary or investment portfolio. The opposite is true in the context of meeting with my financial adviser. Even in the most public places, norms of appropriateness apply: it remains in appropriate to ask someone standing among the bustle of Times Square their name. In some contexts, norms of appropriateness are very open, such as in a personal friendship where personal information tends to flow freely. In other contexts, such as the job interview or classroom, more explicit and restrictive norms of appropriateness prevail, and the flow of appropriate personal information is more highly regulated. Nevertheless, norms of appropriateness apply in all situations: among both strangers and loved ones, in personal and professional interactions, in private and public.
Norms of Distribution
In addition to appropriateness, the flow or distribution of personal information is also governed by norms in any given context. As noted above, the norms of appropriateness might be relatively open in the context of a personal friendship: the minutiae of my everyday activities are freely shared, my political opinions, my emotions, perhaps even my sexual history. This openness in norms of appropriateness does not imply equally open norms of flow or distribution. While such personal information is considered appropriate to be shared within the context of a friendship, more restrictive norms of flow prevent my friend from distributing my personal information to a third person. Similarly, norms of flow or distribution allow my physician to share only some of my personal information with other doctors: she might share my symptoms or family history to aid in diagnosis, but not my name. More restrictive norms have been codified into our legal systems, such as the burden necessary for law enforcement to obtain my detail phone records. In such cases, norms of flow protect open distribution of my personal information unless certain requirements are met. Just as with norms of appropriateness, all of our interactions rely on norms of flow to govern how personal information is shared within any given context.
Maintaining Contextual Integrity
Contextual integrity is maintained when both the norms of appropriateness and the norms of flow are respected. Conversely, if either norm is violated in a particular context, the contextual integrity of the flow of personal information is violated. Contextual integrity, then, is a benchmark theory of privacy where claims of a breach of privacy are sound only in the event that one or the other types of informational norms have been violated. Rather than aspiring to universal prescriptions for privacy in public, contextual integrity works from within the normative bounds of a particular context. It is designed to consider how the introduction of a new practice or technology into a given context impacts the governing norms of appropriateness and flow to see whether and in what ways either of the norms is breached. To illustrate this, the next posts will consider the existing contextual integrity of the flow of personal information in the context of highway travel, and examine how these governing norms might shift with the introduction of new vehicle surveillance technologies.