27 Pages Posted: 28 Nov 2016 Last revised: 11 Jul 2017
Date Written: July 1, 2017
The construct of an information dichotomy has played a defining role in regulating privacy: information deemed private or sensitive typically earns high levels of protection, while lower levels of protection are accorded to information deemed public or non-sensitive. The theory of contextual integrity challenges this dichotomy by associating privacy with complex typologies of information, each connected with respective social contexts. Moreover, it contends that information type is merely one among several variables that shape people’s privacy expectations and underpin privacy’s normative foundations. Other contextual variables include key actors -- information subjects, sources, and recipients -- as well as the principles under which information is transmitted, such as whether with subjects’ consent, as bought and sold, as required by law, and so forth. Our prior work revealed the systematic impact of these other variables on privacy assessments, thereby debunking the defining effects of so-called private information.
In this paper we shine a light on the opposite effect, challenging conventional assumptions about public information. The paper reports on a series of studies that probe attitudes and expectations regarding information that has been deemed public. As a case in point, public records established through the historical practice of federal, state, and local agencies are afforded little privacy protection, or possibly none at all. Our work underscores the need for more concentrated and nuanced privacy assessments, motivated by progressive digitization and creation of online portals through which these records have been made publicly accessible. This work is even more urgent in the face of vigorous open data initiatives, which call on federal, state, and local agencies to provide access to government records in both human and machine-readable forms. Guided by the theory of contextual integrity and working within research suggesting guardrails for open data initiatives, our work provides insight into factors systematically shaping individuals’ expectations and normative judgments concerning appropriate uses of and terms of access to information and, in turn, factors that should be considered when establishing policies guiding collection of, and access to such information.
Using a factorial vignette survey, we asked respondents to rate the appropriateness of a series of scenarios in which contextual elements were systematically varied; these elements included the data recipient (e.g. bank, employer, friend, car dealer.), the data subject, and the source of the information (e.g. individual, government, data broker). Because the object of this study was to highlight the complexity of people’s privacy expectations regarding so-called public information, information types were drawn from data fields frequently held in public government records (e.g. voter registration, marital status, criminal standing, and real property ownership).
Our findings are noteworthy on both theoretical and practical grounds. First, they reinforce key assertions of contextual integrity about the simultaneous relevance to privacy of other factors beyond information types. Second, they reveal discordance between truisms that have frequently shaped public policy relevant to privacy. For example: Ease of accessibility does not drive judgments of appropriateness. Thus, even when respondents deemed information easy to access (marital status) they nevertheless judged it inappropriate (“Not OK”) to access this information under certain circumstances. Even when it is possible to find certain information in public records, respondents cared about the immediate source of that information in judging whether given data flows were appropriate. In particular, no matter that information in question was known to be available in public records, respondents deemed inappropriate all circumstances in which data brokers were the immediate source of information. Younger respondents (under 35 years old) were more critical of using data brokers and online government records as compared with the null condition of asking data subjects directly, debunking conventional wisdom that “digital natives” are uninterested in privacy.
One immediate application to public policy is in the sphere of access to records that include information about identifiable or reachable individuals. This study has shown that individuals have quite strong normative expectations concerning appropriate access and use of information in public records that do not comport with the maxim, “anything goes.” Furthermore, these expectations are far from idiosyncratic and arbitrary. Our work calls for approaches to providing access that are more judicious than a simple on/off spigot. Complex information ontologies, credentials of key actors (i.e. sources and recipients in relation to data subject), and terms of access – even lightweight ones – such as, identity or role authentication, varying privilege levels, or a commitment to limited purposes may all be used to adjust public access to align better with legitimate privacy expectations. These expectations should be systematically considered when crafting policies around public records and open data initiatives
Suggested Citation: Suggested Citation
Martin, Kirsten E. and Nissenbaum, Helen, Privacy Interests In Public Records: An Empirical Investigation (July 1, 2017). Harvard Journal of Law & Technology, Forthcoming. Available at SSRN: https://ssrn.com/abstract=2875720 or http://dx.doi.org/10.2139/ssrn.2875720