No full-text available
To read the full-text of this research,
you can request a copy directly from the author.
Abstract
Almost every information privacy law provides special protection for certain categories of "sensitive information," such as health, sex, or financial information. Even though this approach is widespread, the concept of sensitive information is woefully undertheorized. What is it about these categories that deserves special protection? This Article offers an extended examination of this question. It surveys dozens of laws and regulations to develop a multi-factor test for sensitivity. From this survey, the Article concludes that sensitive information is connected to privacy harms affecting individuals. Consistent with this, at least for the case of privacy in large databases, it recommends a new "threat modeling" approach to assessing the risk of harm in privacy law, borrowing from the computer security literature. Applying this approach, it concludes that we should create new laws recognizing the sensitivity of currently unprotected forms of information-most importantly, geolocation and some forms of metadata because they present significant risk of privacy harm.
... However, several other dimensions are also introduced to explain how users perceive sensitivity including: perceived risk, possibility of harm or public availability of data can lead information to be perceived as sensitive (Ohm, 2014;Rumbold and Pierscionek, 2018). In addition to studies which explore the factors leading to a high perceived sensitivity, it is possible to report two other research themes in this area. ...
... One notable study on sensitive information, Ohm (2014) aimed to understand what makes information sensitive and focused on a list of categories of information that have been legally treated as sensitive, primarily from the United States. This list of sensitive categories was then employed to infer the characteristics of information types that result in it being considered sensitive. ...
... The bank account credential, credit card number appeared in the top three most sensitive items (see Figure 2). They also confirm prior study which reported the possibility of harm as one of the main factors considered when assessing sensitivity (Ohm, 2014). ...
The perceived sensitivity of information is a crucial factor in both security and privacy concerns and the behaviors of individuals. Furthermore, such perceptions motivate how people disclose and share information with others. We study this topic by using an online questionnaire where a representative sample of 491 British citizens rated the sensitivity of different data items in a variety of scenarios. The sensitivity evaluations revealed in this study are compared to prior results from the US, Brazil and Germany, allowing us to examine the impact of culture. In addition to discovering similarities across cultures, we also identify new factors overlooked in the current research, including concerns about reactions from others, personal safety or mental health and finally, consequences of disclosure on others. We also highlight a difference between the regulatory perspective and the citizen perspective on information sensitivity. We then operationalized this understanding within several example use-cases exploring disclosures in the healthcare and finance industry, two areas where security is paramount. We explored the disclosures being made through two different interaction means: directly to a human or chatbot mediated (given that an increasing amount of personal data is shared with these agents in industry). We also explored the effect of anonymity in these contexts. Participants showed a significant reluctance to disclose information they considered “irrelevant” or “out of context” information disregarding other factors such as interaction means or anonymity. We also observed that chatbots proved detrimental to eliciting sensitive disclosures in the healthcare domain; however, within the finance domain, there was less effect. This article's findings provide new insights for those developing online systems intended to elicit sensitive personal information from users.
... Given this, we propose a new lens to examine and understand information sensitivity and exchanges (see Fig. 1). We go beyond recent studies that examine consumer reactions to PII/ non-PII (anonymous) data (Markos, Milne, and Peltier 2017;Milne et al. 2017;Ohm 2014;Schwartz and Solove 2011), to examine these information exchanges from a public and private self-schema. This lens, grounded in self-concept theory (Belk 1988(Belk , 2013Jung 1953;Marx 2001;Petronio 2012), reflects much of the basis of the information contained in consumers' digital footprints. ...
... Existing agency provisions focus mostly on protecting personally identifiable information (PII), as it is perceived as most vulnerable (FTC 2000;Ohlhausen 2014). While it is well established that PII is considered sensitive, 1 and privacy guidelines and protections are in place so businesses act accordingly (Culnan and Bies 2003;FTC 2000FTC , 2012Ohm 2014;Reagle and Cranor 1999), this does not preclude anonymous information from being considered or safeguarded as sensitive (Ohm 2014;Schwartz and Solove 2011). ...
... Existing agency provisions focus mostly on protecting personally identifiable information (PII), as it is perceived as most vulnerable (FTC 2000;Ohlhausen 2014). While it is well established that PII is considered sensitive, 1 and privacy guidelines and protections are in place so businesses act accordingly (Culnan and Bies 2003;FTC 2000FTC , 2012Ohm 2014;Reagle and Cranor 1999), this does not preclude anonymous information from being considered or safeguarded as sensitive (Ohm 2014;Schwartz and Solove 2011). ...
Given technological advances, consumers' sensitivity around personal information is shifting, whereby information once considered innocuous, is now considered more sensitive and warrants more protection. This research examines the self-concept and exchange context as a new lens to understand consumer sensitivity to anonymous and personal identifying information exchange. Two studies examine the role of the public and private self in predicting attitudes toward sharing PII and non-PII items, and across different information exchange contexts. Implications for business and policy makers are provided.
... In his extended examination of sensitive information, Ohm (2014) asserts that the sensitivity of information relates to the possible harms connected to that information. In his explication, he provides a four-factor test for assessing the kinds of information that may be considered sensitive: ...
... Fourth, sensitive information tends to involve harms that apply to the majority of data subjects. (Ohm 2014(Ohm , 1131 This analysis is supposed to allow the creation of "privacy threat models" related to the possibility of harm from certain categories of information. ...
... How does this conception of information sensitivity comport with the ideas and assertions of those seeking to have information removed from online news archives? Using Bing's (1972) categories of sensitive information and Ohm's (2014) four-factor test, it would appear that the higher the information sensitivity, the higher the likelihood of harm and issues with invasion of privacy, and therefore the more likely an individual is to ask that information be unpublished. Of course, this is not an assertion that all information that individuals ask to be unpublished is a matter of harm related to the publication. ...
This article explores the conflict between traditional ethical news values and unpublishing requests, which have arisen as a result of the availability of digital news archives. In so doing, this article provides a framework for how news organizations can make unpublishing decisions by weighing the sensitivity of the information published against its news value.
... Legal scholars often debate the adequacy of these laws in light of rapid technological advancements that could outpace regulatory measures. 69 Furthermore, international collaboration is increasingly necessary as data flows across borders, requiring harmonization of laws to effectively manage global surveillance and privacy concerns. 70 These legal frameworks are essential not only for setting boundaries for government and private actions but also for building public trust in digital systems. ...
This review article explores the balance between security enhancement and privacy concerns in the context of modern surveillance technologies. As these technologies evolve from rudimentary systems to complex digital tools like CCTV, drones, and AI-powered analytics, they play a pivotal role in crime prevention and national security. However, their widespread deployment raises profound ethical questions, particularly concerning privacy infringement and the potential for misuse. This article examines the dual nature of surveillance technologies, assessing their benefits in enhancing safety and their risks to individual privacy and civil liberties. Through a comprehensive exploration of the historical evolution, current state, and future outlook of surveillance technologies, the paper outlines the critical need for robust policy frameworks. These frameworks are essential to safeguard against potential overreach and ensure that the use of surveillance aligns with democratic values and respects human rights.
... Furthermore, "sensitivity" varies between individuals and is subjective, being based on individual psychological and cognitive characteristics. Demographic differences (Markos et al. 2017;Kang et al. 2022), perceived privacy risks (Robinson 2017), privacy concerns (Gopal et al. 2018), and social influence may lead to personal data being considered sensitive (Ohm 2014;Rumbold and Pierscionek 2018). These challenges have necessitated an understanding of users' perspectives on personal data sensitivity, both within local contexts and on a global scale, providing a reference for the design and improvement of privacy systems. ...
The ubiquitous monitoring and collection capabilities of the IoE, as well as its innovative scenarios, have led to changes in the content and type of personal data. Personal data sensitivity, as a standard for measuring privacy attitudes, can provide a reference for the design and improvement of privacy systems. This study aims to evaluate individuals’ personal data sensitivity in the IoE context, to better understand individuals’ current privacy attitudes. This study uses a questionnaire survey to study personal data sensitivity and the antecedents affecting personal data sensitivity among 1921 Chinese citizens. Research suggests that, within the spectrum of 41 personal data categories, identifiers such as ID numbers and home addresses are deemed highly sensitive. Furthermore, within the IoE context, emerging types of personal data, including behavioural and facial recognition data, also demonstrate significant sensitivity. With respect to sensitivity levels, personal data can be categorized into four tiers: very highly sensitive data, highly sensitive data, medium sensitive data, and low sensitive data. The study also finds that perceived privacy risks, privacy concerns, and social influences have a significant impact on personal data sensitivity, and there are differences in public perception of personal data sensitivity among different genders, ages, and educational levels.
... Contrary to predominant accounts of privacy that focus on aspects such as protecting sensitive information types [43], enforcing access control [45] or mandating procedural policies and purposes [13], the theory of CI defines privacy as an appropriate flow of information as governed by established societal norms [41]. According to CI, privacy is prima facie violated only when an information flow breaches an established contextual informational norm (aka CI norms or privacy norms), which reflect the values, purposes and function of a given context. ...
Large language models (LLMs), while memorizing parts of their training data scraped from the Internet, may also inadvertently encode societal preferences and norms. As these models are integrated into sociotechnical systems, it is crucial that the norms they encode align with societal expectations. These norms could vary across models, hyperparameters, optimization techniques, and datasets. This is especially challenging due to prompt sensitivitysmall variations in prompts yield different responses, rendering existing assessment methodologies unreliable. There is a need for a comprehensive framework covering various models, optimization, and datasets, along with a reliable methodology to assess encoded norms. We present LLM-CI, the first open-sourced framework to assess privacy norms encoded in LLMs. LLM-CI uses a Contextual Integrity-based factorial vignette methodology to assess the encoded norms across different contexts and LLMs. We propose the multi-prompt assessment methodology to address prompt sensitivity by assessing the norms from only the prompts that yield consistent responses across multiple variants. Using LLM-CI and our proposed methodology, we comprehensively evaluate LLMs using IoT and COPPA vignettes datasets from prior work, examining the impact of model properties (e.g., hyperparameters, capacity) and optimization strategies (e.g., alignment, quantization).
... Some governments, including national and federal levels, and recently some states have enacted laws that guarantee the data subjects' rights to know if and what data about them are retained and modify the data if necessary (for example chap- COUNCIL, 2016)). Some laws provide the same rights for sector-specific sensitive data, such as educational and financial data (Ohm, 2015). However, in the context of OGD, we could not find any practical cases of engaging data subjects in their personal data processing and release. ...
This study presents a narrative review of the literature on privacy concerns of Open Government Data (OGD) programs and identifies suggested technical, procedural, and legal remedies. Peer-reviewed articles were identified and analysed from major bibliographic databases, including Web of Science, Digital ACM Library, IEEE Explore Digital Library, and Science Direct. Included articles focus on identifying individual information privacy concerns from the viewpoint of OGD stakeholders or providing solutions for mitigating concerns and risks. Papers that discussed and focused on general privacy issues or privacy concerns of open data in general or open science privacy concerns were excluded. Three streams of research were identified: 1) exploring privacy concerns and balance with OGD value propositions, 2) proposing solutions for mitigating privacy concerns, and 3) developing risk-based frameworks for the OGD program at different governmental levels. Findings suggest that contradictions with Fair Information Practices, reidentification risks, conflicts with OGD value propositions, and smart city data practices are significant privacy concerns in the literature. Proposed solutions include technical, legal, and procedural measures to mitigate privacy concerns. Building on the findings, practical implications and suggested future research directions are provided.
... Additionally, the remaining component is the perception of bribery as a habitual occurrence in a given company's business environment. If asked directly, this would require a firm to give sensitive personal information usually kept secret, and its exposure would affect the respondent (Ohm, 2015). Thus, for this research, an indirect measurement technique was carried out (Biscarra et al., 2016) in which the perception of companies about the habitual occurrence of bribery in their economic sectors was asked. ...
Purpose-This article aims to report on the development and validation of a bribery measurement index for the business sector, which, based on institutional theory, seeks to overcome the limitations of traditional measurements, recognizing the dynamics that originate the phenomenon and identifying process components. Design/methodology/approach-To construct the index, correlational and principal component analysis techniques were used, as well as rigorous statistical tests, validating the instrument in a sample of 2,963 companies in Latin America, including Argentina, Colombia, Chile, Ecuador, Guatemala, Mexico and Peru. Findings-The result was an instrument composed of two dimensions: (1) anti-bribery game rules, composed of regulations knowledge and anti-bribery efforts, and (2) bribery as a perceived habit, allowing an objective representation of reality due to its internal consistency, concurrent and discriminant validity. Practical implications-This instrument is one of the few that focuses on measuring bribery in the business sector in terms of corrupt practices, applicable for both public and private institutions to promote game rules against bribery. Additionally, the proposed theoretical model can be used to measure other phenomena with similar characteristics. Originality/value-This article empirically highlights different variables that make bribery possible. The results can be helpful in the design of strategies to prevent this type of behavior. It also highlights the importance of designing mechanisms to record information related to bribery and the different expressions of corruption in order to explain its different nuances. Measurement of corporate bribery JEL Classification-C43, D73, M1410450 Resumen Prop osito-Este art ıculo informa sobre el desarrollo y validaci on de un ındice de medici on de soborno para el sector empresarial, que, basado en la teor ıa institucional, busca superar las limitaciones de las mediciones tradicionales, reconociendo las din amicas que originan el fen omeno e identificando los componentes del proceso. Diseño/metodolog ıa/enfoque-Para la construcci on del ındice se utilizaron t ecnicas de an alisis correlacional y de componentes principales, as ı como rigurosas pruebas estad ısticas, validando el instrumento en una muestra de 2.963 empresas de Am erica Latina, entre ellas Argentina, Colombia, Chile, Ecuador, Guatemala, M exico y Per u. Hallazgos-El resultado fue un instrumento compuesto por dos dimensiones: (1) reglas de juego antisoborno, compuestas por conocimiento normativo y esfuerzo antisoborno (2) soborno como h abito percibido, permitiendo una representaci on objetiva de la realidad debido a su consistencia interna, validez concurrente y discriminante. Originalidad/Valor-Este art ıculo pone en evidencia emp ırica diferentes variables que hacen posible el soborno. Los resultados pueden ser utiles en el diseño de estrategias para prevenir este tipo comportamiento, tambi en destaca la importancia de diseñar mecanismos para registrar la informaci on relacionada con la lucha contra el soborno. Implicaciones pr acticas-Este instrumento es uno de los pocos que se enfoca en medir el soborno en el sector empresarial en t erminos de pr acticas de corrupci on, util para instituciones tanto p ublicas como privadas para promover mejores reglas de juego en contra del soborno. Adicionalmente el modelo te orico propuesto puede ser utilizado para medir otros fen omenos con caracter ısticas similares.
... Question sensitivity refers to the sensitivity of the information being requested. Multiple definitions exist to describe information sensitivity [57]. For this study, question sensitivity is defined as "material that is delicate and could be personal, political, economic, social, or cultural in nature. ...
Drawing from the tension between a company’s desire for customer information to tailor experiences and a consumer’s need for privacy, this study aims to test the effect of two information disclosure nudges on users’ information disclosure behaviors. Whereas previous literature on user-chatbot interaction focused on encouraging and increasing users’ disclosures, this study introduces measures that make users conscious of their disclosure behaviors to low and high-sensitivity questions asked by chatbots. A within-subjects laboratory experiment entailed 19 participants interacting with chatbots, responding to pre-tested questions of varying sensitivity while being presented with different information disclosure nudges. The results suggest that question sensitivity negatively impacts users’ information disclosures to chatbots. Moreover, this study suggests that adding a sensitivity signal—presenting the level of sensitivity of the question asked by the chatbot—influences users’ information disclosure behaviors. Finally, the theoretical contributions and managerial implications of the results are discussed.
... Rather mundane social media postings can turn out to contain highly sensitive information. Health, gender, or financial information, to name a few examples, can be used to enable privacy or security harm (Ohm, 2015). This makes SMA subject to high ethical standards for the way research is conducted. ...
Social media have become not only integral parts of our private and professional lives, but also an indispensable source of data for empirical research across a variety of academic disciplines. Applying a Social Media Analytics (SMA) methodology, however, imposes heavy ethical challenges on researchers. Scholars in the Information Systems (IS) discipline must deal with a patchwork of ethical frameworks, regulations, and (missing) institutional support. To initiate a debate on how to develop a common understanding of SMA research ethics, this paper compiles a scoping review of extant literature and suggests a research agenda for IS scholarship on this matter. The review yields a total of eight fundamental principles of ethical SMA research, which provide a starting point to guiding individual researchers towards more ethical conduct. At the same time, this work unearths a multitude of intricate dilemmas that are currently unresolved. The findings of this review will encourage IS scholarship to find its own voice in the debate about social media research ethics.
... The Federal Trade Commission (FTC) reports that since 2001, the commission has settled over 50 law enforcement cases against businesses that failed to protect consumer data correctly. The FTC is tasked with protecting consumers from deceptive and unfair business practices, which includes consumer data privacy, providing best practice guidelines for businesses, and monitoring and acting on illegal and/or risky business practices in the U.S like data breaches (Federal Trade Commission 2012;Ohm 2014). In recent years, the FTC has brought charges to>500 cases related to privacy and data security breaches in both online and offline contexts (Ohlhausen 2017) and settled 60 data security cases related to issues like IoT and children's data (Smith 2018). ...
Data breaches and misuse of data are rising, causing compromised consumer privacy. This research explores the impact of stress and perceptions of a social contract violation have on both firm-focused outcomes and consumer protection behaviors following a data breach. Additionally, we investigate the impact that the type of data lost/compromised in the breach– personally identifiable (PII) and non-personally identifiable (NPII)– has on these outcomes. To explore this, we conduct an experimental survey (Study 1) of 230 respondents. Results indicate that stress and perceptions of social contract violation impact our outcome variables. The results differences in terms of how these impact consumer coping behaviors across different data types (PII vs. NPII). In Study 2 we explore how industry clusters differ in their levels of stress and social contract violation, actions businesses can take to them, and whether these actions could help reduce negative consumer responses.
... Sancho (2017) argues that online extortion involves threatening victims with the destruction of property or data, while online blackmail involves coercion by threatening to release sensitive information about the victim that would harm their reputation. Sensitive information has been defined as "information that can be used to enable privacy or security harm when placed in the wrong hands" (OHM 2015(OHM , p. 1133. For instance, online extortion could involve criminals hacking a computer and threatening to destroy data. ...
Increasing numbers of people fall victim to blackmail on social media. Yet, there has been little attempt to synthesise research on this topic. This study seeks to address this gap by investigating what is currently known about blackmail and the disclosure of sensitive information on social media. Two rapid reviews were conducted and based on their findings those who disclose more information, are younger, female and willing to use social media to create and distribute images are more likely to fall victim to blackmail on social media. However, worry about privacy and the possibility of becoming a victim of blackmail on social media did not necessarily prevent the disclosure of sensitive information. The implications of these findings for interventions and future research are discussed.
... Many scholars treat anonymity as a means for achieving privacy (e.g., van Rossum et al. 1995), some as a broken means (e.g., Ohm 2010), while others treat them as disparate concepts (e.g., Shmatikov 2011). A majority of scholars still treat sensitivity as a property of information (e.g., Bing 1972, Ohm 2015, while this has long been refuted (e.g., Miller 1969Miller , 1188 and called a fiction (Simitis 1990). Depending on the design goals as defined by the different theories and understandings, each means might be necessary and sufficient, or just helpful, or even counterproductive to and undermining the issue at stake. ...
Neither the political debate nor the legal debate nor the engineering debate properly reflects upon the essential contestedness of the underlying concepts of privacy and data protection. Talking about privacy and data protection by design without clarifying what is meant by "privacy" or "data protection" misses the point as much as talking about "democracy by design" without specifying which concept of democracy—direct, representative or semi-direct, parliamentary or presidential, just to name a few—is meant. Without such clarification, one cannot reasonably expect that privacy or data protection built into technical systems meets one's own expectations, those of the lawmaker of a particular law, the general public, or any other stakeholder, and will be accepted as being compliant with the applicable laws.
... For more far-reaching discussions on the matter of sensitive data, see, for exampleWacks (1989), who seeks to establish a foundational definition of "sensitive information;"Fried (1968), who argues for the protection of a socially determined kernel of sensitive information; orGerety (1977), who suggests limiting privacy rights to information that is sensitive andOhm (2015), who proposes defining sensitive data in terms of the risk of privacy harm that can be caused by the data. ...
Background:Most research on recovery focuses on abstinence. Also, the term sobriety tends to be equated with staying abstinent. This understanding is being questioned by people in long-term recovery who despite being abstinent have not been satisfied with their progress. Method:The discussions of 12-Steppers in different groups as well as their autobiographic writings are being studied in order to find out how they negotiate long-term recovery. Results:Looking at internal discourses across different 12-step groups provides insights into new ways of conceptualizing recovery. One way is to differentiate between abstinence and sobriety. While abstinence exclusively refers to the symptomatic dimension of the disease, sobriety goes deeper, also refer-ring to its emotional and mental dimensions.Conclusion:It is being concluded that clearer differentiation between abstinence and sobriety can sharpen our understanding of recovery by helping us to recognize better the processes taking place during long-term recovery.
... For more far-reaching discussions on the matter of sensitive data, see, for exampleWacks (1989), who seeks to establish a foundational definition of "sensitive information;"Fried (1968), who argues for the protection of a socially determined kernel of sensitive information; orGerety (1977), who suggests limiting privacy rights to information that is sensitive andOhm (2015), who proposes defining sensitive data in terms of the risk of privacy harm that can be caused by the data.Content courtesy of Springer Nature, terms of use apply. Rights reserved. ...
This paper aims to provide new insights to debates on group privacy, which can be seen as part of a social turn in privacy scholarship. Research is increasingly showing that the classic individualistic understanding of privacy is insufficient to capture new problems in algorithmic and online contexts. An understanding of privacy as an “interpersonal boundary-control process” (Altman, The environment and social behavior, Brooks and Cole, Monterey, 1975) framing privacy as a social practice necessary to sustain intimate relationships is gaining ground. In this debate, my research is focused on what I refer to as “self-determined groups” which can be defined as groups whose members consciously and willingly perceive themselves as being part of a communicative network. While much attention is given to new forms of algorithmically generated groups, current research on group privacy fails to account for the ways in which self-determined groups are affected by changes brought about by new information technologies. In an explorative case study on self-organized therapy groups, I show how these groups have developed their own approach to privacy protection, functioning on the basis of social practices followed by all participants. This informal approach was effective in pre-digital times, but online, privacy threats have reached a new level extending beyond the scope of a group’s influence. I therefore argue that self-determined sensitive topic groups are left facing what I present as a dilemma: a tension between the seemingly irreconcilable need for connectivity and a low threshold, on the one hand, and the need for privacy and trust, on the other. In light of this dilemma, I argue that we need new sorts of political solutions.
... Much of this is gathered via digital devices that generate a great deal of highly personalized data (Walker 2016). Sensitive data are particularly influential in terms of consumer judgment and company perceptions because such data, if exploited, could result in personal or financial harm (Ohm 2015). Prior research shows that data security breaches involving sensitive information result in negative effects on companies' market value, whereas breaches involving non-confidential information have no such effect (Campbell et al. 2003). ...
Recent scholarship in business ethics has revealed the importance of privacy expectations as they relate to implicit privacy norms and the business practices that may violate these expectations. Yet, it is unclear how and when businesses may violate these expectations, factors that form or influence privacy expectations, or whether or not expectations have in fact been violated by company actions. This article reports the findings of three studies exploring how and when the corporate dissemination of consumer data violates privacy expectations. The results indicate that consumer sentiment is more negative following intentional releases of sensitive consumer data, but the effect of data dissemination is more complex than that of company intentionality and data sensitivity alone. Companies can effectively set, and re-affirm, privacy expectations via consent procedures preceding and succeeding data dissemination notifications. Although implied consent has become more widely used in practice, we show how explicit consent outperforms implied consent in these regards. Importantly, this research provides process evidence that identifies perceived violation of privacy expectations as the underlying mechanism to explain the deleterious effects, on consumer sentiment , when company actions are misaligned with consumers’ privacy expectations. Ethical implications for companies collecting and disseminating consumer information are offered.
... 16 As Professor Paul Ohm nicely summarizes, "Sensitive information is a show stopper." 17 Practices become restricted and regulations suddenly appear when information is deemed 'sensitive': health information, financial information, video rentals, driver's license information, genetic information, and education records are all covered by their own regulation (Table 1). In the courts, Ohm [Vol. ...
It is commonplace for those who support less restrictive privacy regulation on the collection and use of personal information to point out a paradox: in survey after survey, respondents express deep concern for privacy, oppose growing surveillance and data practices, and object to online tracking and behavioral advertising. Yet when confronted with actual choices involving the capture or exchange of information, few people demonstrate restraint: we sign up for frequent flyer and frequent buyer programs; we are carefree in our use of social networks and mobile apps; and we blithely hop from one website to the next, filling out forms, providing feedback, and contributing ratings. Privacy skeptics suggest that actions should be considered a truer indicator than words. Even if people are honest in their positive valuation of privacy in surveys, in action and behavior, they reveal even greater valuation of those benefits that might come at a privacy cost. In other words, people care about privacy, but not that much. † MEASURING PRIVACY 177 The inconsistencies between survey responses and observed behaviors that skeptics gleefully observe require a nuanced interpretation—one that we have offered through our studies. We argue that the disconnect between actions and survey findings is not because people do not care about privacy, but because individuals' actions are finely modulated to contextual variables. Questions in surveys that do not include such important contextual variables explicitly are highly ambiguous. A more nuanced view of privacy is able to explain away a great deal of what skeptics claim is a divergence of behavior from stated preference and opinion. People care about and value privacy—privacy defined as respecting the appropriate norms of information flow for a given context. When respondents are given a chance to offer more fine-grained judgments about specific information-sharing situations, these judgments are quite nuanced. This is problematic since public policy relies on survey measurements of privacy concerns—such as Alan Westin's measurement of individuals as privacy 'pragmatists' or 'unconcerned'— to drive privacy regulations. Specifically, Westin's categories give credence to the regulation of privacy based by Fair Information Practice Principles (FIPPs), which relies heavily on assuring individuals notice and choice. We examine two historically influential measurements of privacy that have shaped discussion about public views and sentiments as well as practices, regulations, and policies: (1) surveys of individuals' ratings of 'sensitive' information and (2) Alan Westin's privacy categorization of individuals as fundamentalists, pragmatists, and unconcerned. In addition to replicating key components in these two survey streams, we used a factorial vignette survey to identify important contextual elements driving privacy expectations. A sample of 569 respondents rated how a series of vignettes, in which contextual elements of data recipient and data use had been systematically varied, met their privacy expectations. We find, first, that how well sensitive information meets privacy expectations is highly dependent on these contextual elements. Second, Westin's privacy categories proved relatively unimportant in relation to contextual elements in privacy judgments. Even privacy 'unconcerned' respondents rated the vignettes as not meeting privacy expectations on average, and respondents across categories had a common vision of what constitutes a privacy violation. This study has important implications for public policy and research. For public policy, these results suggest that relying on one dimension—sensitive information or Westin's privacy categorization of respondents—is limiting. In particular, focusing on differences in privacy expectations across consumers obscures the common vision of what is appropriate use of information for consumers. This paper has significant public policy implications for the reliance on consumer choice as a necessary approach to accommodate consumer variance: our results suggest consumers agree as to the inappropriate use of information. Our study has called privacy concepts into question by showing that 'sensitivity' of information and 'concern' about privacy are not stable in the face of confounding variables: privacy categories and sensitivity labels prove to be highly influenced by the context and use of the situation. Our work demonstrates the importance of teasing out confounding variables in these historically influential studies.
People go online for information and support about sensitive topics like depression, infertility, death, or divorce. However, what happens when such topics are algorithmically recommended to them even if they are not looking for it? This article examines people's self-diagnostic behaviors based on algorithmically-recommended content, for example, wondering if they might have depression because an algorithm pushed that topic into their view. Specifically, it examines what happens when the sensitive content is not generated by users, but by companies in the form of targeted advertisements. This paper explores these questions in three parts. The first part reviews literature on self-diagnosis and targeted advertising. The second part presents a mixed-methods study of how targeted ads can enable self-diagnostic reactions. The third part reflects on the mechanisms that influence self-diagnosis and examines potential regulatory implications.
Kamu belgeleri, ulusal hafızanın korunması ve gelecek nesillere aktarılması için hayatî bir önem taşımaktadır. Bu belgeler ulusal güvenlik, uluslararası ilişkiler veya bireysel mahremiyet gibi hassas konular/bilgiler içerebileceğinden arşiv değeri taşıyanların doğru yönetilerek işlemlerin titizlikle yürütülmesi gerekmektedir. Hassasiyet değerlendirmesi olarak adlandırılan bu işlem, hassas/özel nitelikli bilgiler içeren arşiv/arşivlik belgeleri(ni) kapsamaktadır. Türkiye’de uygulama içerisinde yer almayan ancak gizlilik kapsamına giren hassasiyet değerlendirmesi, pek çok ulusal arşiv kurumu tarafından uygulanmakta olup temel arşiv işlemlerinden “değerlendirme(appraisal)” sürecinin odak bir safhasıdır. Hassas bilgi içeren belgelerin erişim kontrolleri, kısıtlamalar, kapatma kararları ve kamu erişimine sunulması, çeşitli yönlerden zorlukların oluştuğu bu yönetimsel sürecin adımlarıdır. Bu çalışma, odak bir işlem/adım olan hassasiyet değerlendirmesinin kuramsal çerçevesi, uygulama süreci ve zorlukları üzerine bir inceleme sunmayı amaçlamaktadır.
Governments around the world have gathered masses of personal information on their citizens as part of the fight against the Covid pandemic. Citizens, willingly for the most part, yielded such data in order to protect the public good and safety of society. Focusing on personal data gathering, processing and protection for public good, the authors consider how far citizens are willing to accept that their personal data can be collected by governments during a public health crisis. The situation in Europe and in China shall be compared, showing how the “public interest” during Covid-19 was understood very differently in different jurisdictions.
Increasing numbers of social media users report being blackmailed on social media following their sharing of sensitive and personal information. However, little is known about this emerging crime and its victims. Using a survey of adult WhatsApp users in Oman (n = 1452) and interviews (n = 18) with victims and Omani criminal justice professionals, this study addresses this gap by examining the prevalence of blackmail among adult WhatsApp users arising from their voluntary self-disclosures, as well as the characteristics and vulnerabilities of those who fall victim to this activity. New insights are also offered into the factors influencing victim’s decisions to report their experiences to criminal justice professionals, as well as the challenges associated with investigating and prosecuting this activity.
This chapter contextualises health data pools under European data protection law and more precisely under the special framework for the treatment of special categories of personal data. Against the backdrop of the twofold fundamental rights- and market-based foundation of European data protection law, the notion of sensitive data and the legal bases for its treatment are enquired. Specific attention is given to the research-based legitimate ground for the processing of health data under art. 9(2) lett. j) GDPR. In light of the wide notion of research provided by the GDPR and the uncertainty of the safeguards required under art. 89 GDPR, the research exemption is regarded as a possible efficiency defense under European data protection law, facilitating the establishment of health data pools.
Chinese Civil Code separates the civil right to privacy and the civil interest of personal information through the proposal of the PIPN in Article 1034, which constructs a different model from both EU and US. Although this distinction is of great significance, it brings potential problems, too. The PIPN is a kind of personal information which is unwilling to be known to others with privacy nature, which can be defined through a method of combining basic definition plus enumerations. It is recommended to consider the context and purpose of processing personal information when deciding the PIPN, and the level of privateness, availability, risk and identifiability will be considered to the privacy test. Based on Chinese reality, ID number, biometric information, financial information should be list as the typical kinds of the PIPN in the future legislation.
The paper attempts to expose the basic concepts of informational privacy reflected in Western jurisprudence, as well as to outline the author's vision of the content and scope of informational privacy, to distinguish the relevant powers from which this right consists, to reveal its place and role from the standpoint of system-structural approach.
It is noted that in the modern scientific literature, dedicated to ensuring the privacy and respect for his / her privacy, clearly distinguishes two main approaches to understanding the informational advantage - broad and narrow. Proponents of the narrow approach consider the primes solely in the informational aspect, and other constituents (physical, visual, phonetic privacy, etc.) tend to relate to the content of other fundamental rights. However, one group of authors interprets information privacy as the right of the person to control their personal data, while the second group considers it more rational and efficient to consider information pricing as the right of ownership of personal data. Attempting to unite both camps of supporters of a narrow interpretation of the information front is the Restricted Access / Limited Control (RALC) theory.
Proponents of the broad-based approach view information primacy as important, but only one of the many substantive elements of constitutional law in favor. At the same time, the authors' exit beyond the information sphere when considering the content of the precedence can be considered progressive and more consistent with the essence of this right and its purpose in ensuring personal freedom and autonomy.
In view of the author, revealing the content of the right to privacy, it should be borne in mind that the object of this right includes several areas (aspects), in each of which a person may be in different states of privacy, and the privacy itself has certain measurements. On this basis, information is regarded by the author as an element of the constitutional right of privacy, distinguished by the aspects of privacy and the form (method) of its objectification.
Unlike other aspects of privacy, the informational aspect is detached from the physical body of the individual and exists independently, and relevant information continues to exist even after the death of the individual. Therefore, even the death of a person does not make sense of the information associated with that person, and sometimes even enhances its value and significance. It is noted that unlike other aspects of the case, information privacy has no states (such as loneliness, intimacy, anonymity, etc.); it merely provides information protection for such states and does not allow them to be disclosed without the consent of the entity itself.
Large-scale sensitive information leakage incidents are frequently reported in recent years. Once sensitive information is leaked, it may lead to serious effects. In this context, sensitive information leakage has long been a question of great interest in the field of cybersecurity. However, most sensitive information resides in unstructured data. Therefore, how to extract sensitive information from voluminous unstructured data has become one of the greatest challenges. To address the above challenges, we propose a method named ExSense for extracting sensitive information from unstructured data, which utilizes the content-based and context-based extract mechanism. On the one hand, the method uses regular matching to extract sensitive information with predictable patterns. On the other hand, we build a model named BERT-BiLSTM-Attention for extracting sensitive information with natural language processing. This model uses the latest BERT algorithm to accomplish word embedding and extracts sensitive information by using BiLSTM and attention mechanism, with an F1 score of 99.15%. Experimental results on real-world datasets show that ExSense has a higher detection rate than using individual methods (i.e., content analysis and context analysis). In addition, we analyze about a million texts on Pastebin, and the results prove that ExSense can extract sensitive information from unstructured data effectively.
The authors review literature that can inform the design of better privacy policies. The review is focused around three privacy principles central to consumer-firm interactions. These privacy principles include: sensitive information and willingness to disclose; covert collection and use of data; and notice and choice. The authors argue that the best privacy policies are those which adequately address these principles thereby lowering the public's privacy concern. The ability of the EU and US's regulatory environments to address these principles is discussed. In accordance with the review the authors note the EU's GDPR has provisions to address the three privacy principles while the U.S. regulatory environment is not effective in addressing these principles.
Big data have benefits for society and individuals in health, scientific research, the environment and other specific areas, however, it is believed that there are growing threats, considering the potential impact of processing of large amounts of data, on the rights and freedoms of individuals particularly in respect of their data. Corporations are using new methods for massive collection, instant transmission, use and re-use of personal information for purposes that were not previously established. This places the data protection principles under strains and a discussion on their compatibility is imminent. This thesis intends to look into these issues as to contribute to the debate on the implication of the data protection law (GDPR) on big data analytics
A number of laws govern information gathering, or surveillance, by private parties in the physical world. But we lack a compelling theory of privacy harm that accounts for the state’s interest in enacting these laws. Without a theory of privacy harm, these laws will be enacted piecemeal. Legislators will have a difficult time justifying the laws to constituents the laws will not be adequately tailored to legislative interest and courts will find it challenging to weigh privacy harms against other strong values, such as freedom of expression.This Article identifies the government interest in enacting laws governing surveillance by private parties. Using social psychologist Irwin Altman’s framework of “boundary management” as a jumping-off point, I conceptualize privacy harm as interference in an individual’s ability to dynamically manage disclosure and social boundaries. Stemming from this understanding of privacy, the government has two related interests in enacting laws prohibiting surveillance: an interest in providing notice so that an individual can adjust her behavior and an interest in prohibiting surveillance to prevent undesirable behavioral shifts.Framing the government interest, or interests, this way has several advantages. First, it descriptively maps on to existing laws: These laws either help individuals manage their desired level of disclosure by requiring notice, or prevent individuals from resorting to undesirable behavioral shifts by banning surveillance. Second, the framework helps us assess the strength and legitimacy of the legislative interest in these laws. Third, it allows courts to understand how First Amendment interests are in fact internalized in privacy laws. And fourth, it provides guidance to legislators for the enactment of new laws governing a range of new surveillance technologies—from automated license plate readers (ALPRs) to robots to drones. © 2015, University of Washington School of Law. All rights reserved.
The goal of this paper is to examine the strategic choices of firms collecting consumer data online and to identify the roles and obligations of the actors within the current network of online tracking. In doing so, the focus shifts from placing the onus on individuals to make an informed choice to justifying the roles and responsibilities of firms when gathering, aggregating, and using consumers’ interests or behavior online. Firms online are uniquely positioned to undercut or to respect privacy expectations within three possible roles: as a member of a supply chain of information traders, within a network of surveillance online, and as an arm of law enforcement. These firms benefit from aggregating and analyzing consumer data and have an associated responsibility to not only minimize the harm to consumers but also to enact change where the firm is in the most knowledgeable and powerful position.
Conditional Accept: The Information Society
A path-breaking analysis of the concept of privacy as a question of access to the individual and to information about him. An account of the reasons why privacy is valuable, and why it has the coherence that justified maintaining it as both a theoretical concept and an ideal. Finally, the paper looks into the move from identifying the grounds of the value of privacy to the different question of whether and to what extent privacy should be protected by laws. While privacy is a useful concept in social and moral thought, it may well be the case that it is relatively rare that it should be protected by the law in cases where its violation does not also involve infringement or violation of other important interests or values.
In the United States, proposals for informational privacy have proved enormously controversial. On a political level, such proposals threaten powerful data processing interests. On a theoretical level, data processors and other data privacy opponents argue that imposing restrictions on the collection, use, and exchange of personal data would ignore established understandings of property, limit individual freedom of choice, violate principles of rational information use, and infringe data processors' freedom of speech. In this article, Professor Julie Cohen explores these theoretical challenges to informational privacy protection. She concludes that categorical arguments from property, choice, truth, and speech lack weight, and mask fundamentally political choices about the allocation of power over information, cost, and opportunity. Each debate, although couched in a rhetoric of individual liberty, effectively reduces individuals to objects of choices and trades made by others. Professor Cohen argues, instead, that the debate about data privacy protection should be grounded in an appreciation of the conditions necessary for individuals to develop and exercise autonomy in fact, and that meaningful autonomy requires a degree of freedom from monitoring, scrutiny, and categorization by others. The article concludes by calling for the design of both legal and technological tools for strong data privacy protection.
Ready or not, the digitalization of information has come, and privacy is standing out there, possibly at stake. Although digital
privacy is an identified priority in our society, few systematic, effective methodologies exist that deal with privacy threats
thoroughly. This paper presents a comprehensive framework to model privacy threats in software-based systems. First, this
work provides a systematic methodology to model privacy-specific threats. Analogous to STRIDE, an information flow–oriented
model of the system is leveraged to guide the analysis and to provide broad coverage. The methodology instructs the analyst
on what issues should be investigated, and where in the model those issues could emerge. This is achieved by (i) defining
a list of privacy threat types and (ii) providing the mappings between threat types and the elements in the system model.
Second, this work provides an extensive catalog of privacy-specific threat tree patterns that can be used to detail the threat
analysis outlined above. Finally, this work provides the means to map the existing privacy-enhancing technologies (PETs) to
the identified privacy threats. Therefore, the selection of sound privacy countermeasures is simplified.
Seasonal influenza epidemics are a major public health concern, causing tens of millions of respiratory illnesses and 250,000 to 500,000 deaths worldwide each year. In addition to seasonal influenza, a new strain of influenza virus against which no previous immunity exists and that demonstrates human-to-human transmission could result in a pandemic with millions of fatalities. Early detection of disease activity, when followed by a rapid response, can reduce the impact of both seasonal and pandemic influenza. One way to improve early detection is to monitor health-seeking behaviour in the form of queries to online search engines, which are submitted by millions of users around the world each day. Here we present a method of analysing large numbers of Google search queries to track influenza-like illness in a population. Because the relative frequency of certain queries is highly correlated with the percentage of physician visits in which a patient presents with influenza-like symptoms, we can accurately estimate the current level of weekly influenza activity in each region of the United States, with a reporting lag of about one day. This approach may make it possible to use search queries to detect influenza epidemics in areas with a large population of web search users.
Journalists, politicians, jurists, and legal academics often describe the privacy problem created by the collection and use of personal information through computer databases and the Internet with the metaphor of Big Brother-the totalitarian government portrayed in George Orwell's Nineteen Eighty-Four. Professor Solove argues that this is the wrong metaphor. The Big Brother metaphor as well as much of the law that protects privacy emerges from a longstanding paradigm for conceptualizing privacy problems. Under this paradigm, privacy is invaded by uncovering one's hidden world, by surveillance, and by the disclosure of concealed information. The harm caused by such invasions consists of inhibition, self-censorship, embarrassment, and damage to one's reputation. Privacy law has developed with this paradigm in mind, and consequently, it has failed to grapple effectively with the database problem. Professor Solove argues that the Big Brother metaphor merely reinforces this paradigm and that the problem is better captured by Franz Kafka's The Dial. Understood with the Kafka metaphor, the problem is the powerlessness, vulnerability, and dehumanization created by the assembly of dossiers of personal information where individuals lack any meaningful form of participation in the collection and use of their information. Professor Solove illustrates that conceptualizing the problem with the Kafka metaphor has profound implications both for the law of information privacy and for choosing legal approaches to solve the problem.
Regulators here and abroad have embraced “privacy by design” as a critical element of their ongoing revision of current privacy laws. The underlying idea is to “build in” privacy (in the form of Fair Information Practices or FIPs) when creating software products and services. But FIPs are not self-executing. Rather, privacy by design requires the translation of FIPs into engineering and usability principles and practices. The best way to ensure that software includes the broad goals of privacy as described in the FIPs and any related corporate privacy guidelines is by including it in the definition of software “requirements.” And a main component of making a specification or requirement for software design is to make it concrete, specific and preferably associated with a metric. Equally important is developing software interfaces and other visual elements that are focused around end-user goals, needs, wants and constraints. The Article offers the first comprehensive analysis of engineering and usability principles specifically relevant to privacy. Based on the relevant technical literature, it derives a small number of relevant principles and illustrates them by reference to ten recent privacy incidents involving Google and Facebook. The Article concludes that all ten privacy incidents might have been avoided by the application of these privacy engineering and usability principles. Further, we suggest that the main challenge to effective privacy by design is not the lack of design guidelines. Rather, it is that business concerns often compete with and overshadow privacy concerns. Hence the solution lies in providing firms with much clearer guidance about applicable design principles and how best to incorporate them into their software development processes. Greater guidance is also needed for how to balance privacy with business interests, and there must be oversight mechanisms as well.
We offer the first large scale, multiple source analysis of the outcome of what may be the most extensive effort to selectively censor human expression ever implemented. To do this, we have devised a system to locate, download, and analyze the content of millions of social media posts originating from nearly 1,400 different social media services all over China before the Chinese government is able to find, evaluate, and censor (i.e., remove from the Internet) the large subset they deem objectionable. Using modern computer-assisted text analytic methods that we adapt and validate in the Chinese language, we compare the substantive content of posts censored to those not censored over time in each of 95 issue areas. Contrary to previous understandings, posts with negative, even vitriolic, criticism of the state, its leaders, and its policies are not more likely to be censored. Instead, we show that the censorship program is aimed at curtailing collection action by silencing comments that represent, reinforce, or spur social mobilization, regardless of content. Censorship is oriented toward attempting to forestall collective activities that are occurring now or may occur in the future --- and, as such, seem to clearly expose government intent, such as examples we offer where sharp increases in censorship presage government action outside the Internet.
Modern data protection law is built on "fair information practice principles." At their inception in the 1970s and early 1980s, FIPPS were broad, aspirational, and included a blend of substantive (e.g., data quality, use limitation) and procedural (e.g., consent, access) principles. They reflected a wide consensus about the need for broad standards to facilitate both individual privacy and the promise of information flows in an increasingly technology-dependent, global society. As translated into national law in the United States, Europe, and elsewhere during the 1990s and 2000s, however, FIPPS have increasingly been reduced to narrow, legalistic principles (e.g., notice, choice, access, security, and enforcement). These principles reflect a procedural approach to maximizing individual control over data rather than individual or societal welfare. As theoretically appealing as this approach may be, it has proven unsuccessful in practice. Businesses and other data users are burdened with legal obligations while individuals endure an onslaught of notices and opportunities for often limited choice. Notices are frequently meaningless because individuals do not see them or choose to ignore them, they are written in either vague or overly technical language, or they present no meaningful opportunity for individual choice. Trying to enforce notices no one reads has led in the United States to the Federal Trade Commission's tortured legal logic that such notices create enforceable legal obligations, even if they were not read or relied upon as part of the deal. Moreover, choice is often an annoyance or even a disservice to individuals. In addition, many services cannot be offered subject to individual choice. Requiring choice may be contrary to other activities important to society, such as national security or law enforcement, or to other values, such as freedom of communication. Enforcement of notice, choice, and the other FIPPS is uneven at best. Situations likely to threaten greatest harm are often subject to the least oversight, while innocuous or technical violations of FIPPS may be prosecuted vigorously if they are the subject of a specific law or obligation and they can be used to generate popular or political pressure. In short, the control-based system of data protection, with its reliance on narrow, procedural FIPPS, is not working. The available evidence suggests that privacy is not better protected. The flurry of notices may give individuals some illusion of enhanced privacy, but the reality is far different. The result is the worst of all worlds: privacy protection is not enhanced, individuals and businesses pay the cost of bureaucratic laws, and we have become so enamored with notice and choice that we have failed to develop better alternatives. The situation only grows worse as more states and nations develop inconsistent data protection laws with which they attempt to regulate increasingly global information flows. This paper reflects a modest first step at articulating an approach to privacy laws that does not reject notice and choice, but does not seek to rely on it for all purposes. Drawing on other forms of consumer protection, in which standards of protection are not negotiable between providers and consumers, I propose that national governments stop subjecting vast flows of personal data to restraints based on individual preferences or otherwise imposing the considerable transaction costs of the current approach. Instead, the paper proposes that lawmakers reclaim the original broader concept of FIPPS by adhering to Consumer Privacy Protection Principles (CPPPS) that include substantive restrictions on data processing designed to prevent specific harms. The CPPPS framework is only a first step. It is neither complete nor perfect, but it is an effort to return to a more meaningful dialogue about the legal regulation of privacy and the value of information flows in the face of explosive growth in technological capabilities in an increasingly interconnected, global society.
Fear of the powerful computer user, "the Superuser," dominates debates about online conflict. This mythic figure is difficult to find, immune to technological constraints, and aware of legal loopholes. Policymakers, fearful of his power, too often overreact, passing overbroad, ambiguous laws intended to ensnare the Superuser, but which are used instead against inculpable, ordinary users. This response is unwarranted because the Superuser is often a marginal figure whose power has been greatly exaggerated. The exaggerated attention to the Superuser reveals a pathological characteristic of the study of power, crime, and security online, which springs from a widely-held fear of the Internet. Building on the social science fear literature, this Article challenges the conventional wisdom and standard assumptions about the role of experts. Unlike dispassionate experts in other fields, computer experts are as susceptible as lay-people to exaggerate the power of the Superuser, in part because they have misapplied Larry Lessig's ideas about code. The experts in computer security and Internet law have failed to deliver us from fear, resulting in overbroad prohibitions, harms to civil liberties, wasted law enforcement resources, and misallocated economic investment. This Article urges policymakers and partisans to stop using tropes of fear; calls for better empirical work on the probability of online harm; and proposes an anti-Precautionary Principle, a presumption against new laws designed to stop the Superuser.