3.1 Being a networked practitioner: sharing vs privacy
As we saw in Section 2, computer system designers and policy makers have a complicated job trying to weigh up the importance of open access to information while maintaining different needs for privacy. The traditional approach to privacy protection, based on political science, takes a procedural, step by step approach rather than reviewing deeper, fundamental issues. The individual (whose privacy requires protecting) is defined as the ‘data subject’ and the organisation using the data as the ‘data user’. There are two issues that are traditionally reviewed by political science with regard to privacy:
- Limiting access to identifiable data about individuals (the data subject). The need for secrecy for personal information is often noted as one of the common characteristics of privacy
- Open disclosure of organisational (data user) information usage. Organisational secrecy in information usage is often noted as the root cause of privacy invasion.
Access policies and technical mechanisms, such as access authentication and data encryption, are often seen as ways to limit access to identifiable data. Concepts of identifiable data or personal information, however, are often based upon simplified assumptions about the data subject and perceptions of privacy invasion risks, such as personal exposures to risk and perceptions or fears of risk.
The personal information approach assumes that the problem is the initial control of releasing information. However, research by Adams (2005) identified that maintaining privacy when sharing relies on an accurate awareness of practices with regard to the receiver of the information, how the information is used and the sensitivity of the information. Perceived sensitivity also relies upon who receives the information and how it is used.
Some privacy experts have sought to review specific sharing behaviours in the light of privacy and trust issues. Joinson and Paine (2006) evaluate the act of self-disclosure; making what was previously unknown about the self, known. Along with issues of control over personal information, they suggest trust and vulnerability are important issues, as well as cost and benefit trade-offs made around the act of sharing.
The personal information perspective approach has directed many activities for protecting online privacy in the digital information sharing and usage, especially those related to marketing. For example, cookies have been used in online systems for several decades and we’ll consider these next.