Designing Without Privacy

69 Pages Posted: 4 Apr 2017 Last revised: 20 Mar 2018

See all articles by Ari Ezra Waldman

Ari Ezra Waldman

Northeastern University; Princeton University Center for Information Technology Policy

Date Written: March 31, 2017


In Privacy on the Ground, the law and information scholars Kenneth Bamberger and Deirdre Mulligan showed that empowered chief privacy officers (CPOs) are pushing their companies to take consumer privacy seriously, integrating privacy into the designs of new technologies. But their work was just the beginning of a larger research agenda. CPOs may set policies at the top, but they alone cannot embed robust privacy norms into the corporate ethos, practice, and routine. As such, if we want the mobile apps, websites, robots, and smart devices we use to respect our privacy, we need to institutionalize privacy throughout the corporations that make them. In particular, privacy must be a priority among those actually doing the work of design on the ground — namely, engineers, computer programmers, and other technologists.

This Article presents findings from an ethnographic study of how, if at all, technologists doing the work of technology product design think about privacy, integrate privacy into their work, and consider user needs in the design process. It also looks at how attorneys at private firms draft privacy notices for their clients. Based on these findings, this Article presents a narrative running in parallel to the one described by Bamberger and Mulligan. This alternative account, where privacy is narrow, limited, and barely factoring into design, helps explain why so many products seem to ignore our privacy expectations. The Article then proposes a framework for understanding how factors both exogenous (theory and law) and endogenous (corporate structure and individual cognitive frames and experience) to the corporation prevent the CPOs’ robust privacy norms from diffusing throughout technology companies and the industry as a whole. This framework also helps elucidate how reforms at every level — theory, law, organization, and individual experience — can incentivize companies to take privacy seriously, enhance organizational learning, and eliminate the cognitive biases that lead to discrimination in design.

Keywords: Privacy, Information Privacy, Ethnography, Privacy by Design, Engineering, Technology, Law and Society

Suggested Citation

Waldman, Ari Ezra, Designing Without Privacy (March 31, 2017). Houston Law Review, Vol. 55, No. 659, 2018; NYLS Legal Studies Research Paper No. 2944185; 55 Houston L. Rev. 659 (2018). Available at SSRN:

Ari Ezra Waldman (Contact Author)

Northeastern University

416 Huntington Avenue
Boston, MA 02115
United States

Princeton University Center for Information Technology Policy ( email )

C231A E-Quad
Olden Street
Princeton, NJ 08540
United States

Here is the Coronavirus
related research on SSRN

Paper statistics

Abstract Views
PlumX Metrics