Laura Moy, Social Values in the Era of Big Data: When Does “Okay by Me” Become Not Okay for Society?
Workshop draft abstract:
A web surfer consents to sharing information with a website in exchange for receiving targeted advertisements; a shopper consents to sharing information with her grocery store in exchange for receiving selected discounts on goods; and a patient consents to sharing information with her health insurance company in exchange for the benefits she enjoys. On an individual basis, these three people appear to have experienced no violation of their privacy interests.
But what if the website uses aggregate information about its visitors to display targeted content that keeps web surfers in predesigned “boxes”; the grocery store uses aggregate information about its shoppers to offer big spenders loss leaders that are subsidized by price hikes on staples; and the insurance provider uses aggregate information about patients to raise premiums on those it predicts are genetically predisposed to developing chronic illnesses? If the three people introduced above knew all of this, would they still feel confident that their personal information was being used in a way consistent with their expectations?
I argue that for a substantial number of people the answer to this question is “no.” Accordingly, while the primary use of each individual’s information by the collecting entity may be perfectly consistent with that individual’s expectations and therefore not present a privacy violation, secondary uses of that information aggregated with information about others may be inconsistent with society’s expectations and therefore present violations. This idea addresses (and responds in the resounding affirmative) to a question that arose at last year’s PLSC—a writing partner and I presented a paper at that time on the grocery store scenario briefly touched on above, and several commenters asked, “Is this even a privacy issue?”
Drawing on Priscilla Regan’s work on the social importance of privacy and Helen Nissenbaum’s theory of contextual integrity, I suggest a framework for identifying particular information uses or flows as possible violations of the social privacy value, using examples to illustrate the framework. I then explore the policy implications of the framework and seek suggestions for determining when potential benefits associated with a particular use outweigh the cost to society.