About

“Don't Take it Personal”


Privacy and information in an algorithmic age



Introduction


Like many of his peers, Peter uses Facebook to stay in contact with family and friends and to exchange information and ideas. Facebook, like most other digital platforms, keeps track of Peter’s personal profile, preferences, and interactions – and provides him with relevant, personalized information based on his activities. Facebook is primarily interested in Peter’s personal information as an instru-ment for aggregation and creation of patterns for marketing purposes. Regarding their collection of personal information, Facebook essentially tells Peter: “Don’t take it personal”. For Peter, however, it may be more complicated than Facebook purports it to be. For Peter, the collection of personal information and algorithmic profiling of him might indeed feel and become personal on many different levels, and he might indeed take it personal that the information he produces seems to be beyond his reach and control.


It is precisely this apparent disconnect between platform providers’ framing of personal information and privacy on one hand, and users’ understanding of the same concepts, on the other hand, that is of interest to this project. The notions of personal information and privacy have often been addressed as intertwined, as tightly connected concepts where one constrains the other. That is, current theories and discussions of informational privacy are closely related to a specific notion of personal information, with privacy being conceptualized as the ability to control and/or restrict access to personal information. In this project, we question that prevailing understanding of the relationship between privacy and personal information, and suggest that revised conceptualizations are needed in order to capture and address current challenges. Given this claim, our guiding overall research question is: what constitutes ‘privacy’ and ‘personal information’ and how are these concepts related and interdependent in an algorithmic age? We address this question by posing two somewhat overlapping conceptual questions, while we also empirically explore users’ and platform providers’ framings and understandings of privacy and personal information, as illustrated in Table 1: Research Design.


The aim of the project is thus two-fold: First, it seeks to understand the nature of PERSONAL INFORMATION in an algorithmic age of increased personalization and data-driven logic claiming that the meaning of personal information is created in specific contexts and in use.  Second, presuming that current conceptions of privacy are challenged by their close ties to the notion of personal information, the project aims to establish what constitutes PRIVACY given contemporary logics of datafication and connectivity.  Both conceptual questions are supported and informed by collection and analyses of data about: i) USERS’ understandings of profiling and how and when platforms’ collection of information about them becomes personal and potentially privacy invasive, and ii) PLATFORM PROVIDERS’ framing of personal information and privacy, and the relation to regulatory frameworks.

Table 1: Research Design


Research question:  What constitutes ‘privacy’ and ‘personal information’ and how are these concepts related and interdependent?

Conceptual questions

Work Package I:  What constitutes PERSONAL INFORMATION in an algorithmic age of increased personalization and data-driven logic?

Work Package II:  What constitutes PRIVACY given contemporary logics of datafication and connectivity?

Data practices

Work Package III:  How do USERS perceive data gathering (collecting, mining) in algorithmic systems? What do users think of personal profiling?

Work Package IV:  How do PLATFORMS PROVIDERS’ policies and practices frame privacy and personal information and how does this relate to current regulatory frameworks?

Theoretical framework


This project makes the assumption that the traditional conception of informational privacy – as the ability to control and/or restrict access to personal information – needs to be re-conceptualized. It needs to be re-conceptualized for two reasons: i) empirically, informational privacy is based on the assumption that personal information is personal and that people are able to consent to usages of their personal information, and ii) conceptually, informational privacy is based on the idea that personal information is a unique kind of information that state some objective facts about an individual and differ from other kinds of information. We situate the project at the intersection of these two discourses; informational privacy and personal information.


Privacy (WP II): Informational privacy is often conceptualized as the ability to limit, restrict, or control personal information (Tavani, 2008; Solove, 2008). A number of scholars note that these abilities are under pressure in today’s digital age and suggest that a new understanding of privacy is needed (Schneier, 2015). The core of the challenge with privacy in digital environments is “the consent dilemma” (Solove, 2013, p. 1903). Consent is based on the assumption that, “data subjects make conscious, rational and autonomous choices about the processing of their personal data” (Schermer, Custers, & van der Hof, 2014, p. 171) and as such “the basic approach to protecting privacy has remained largely unchanged since the 1970s” (Solove, 2013, p. 1880). In practice, people consent to providing personal information to digital media without much thought and without having read or fully understood the consent form (Valtysson, 2012).


Furthermore, with big data, predictive analysis, and the possibilities for production of new per-sonal information inferred from data that users have provided to platforms, the notion of informational privacy is becoming increasingly difficult (Mai, 2016a). It is a challenge to protect privacy when people are not aware what platforms know about them and thus can neither consent to, nor control the use of their personal information. This challenge relates to current regulatory frameworks and how national and international media and communication policies regulate the use of personal infor-mation by social media platforms (Valtysson, 2017). Jørgensen (2017) found in her interviews with Google and Facebook staff that there is a disconnect between their internal discourse about privacy and the external discourse and concern posed by privacy scholars. Both companies frame the threat to users’ privacy only in terms of governments’ interests in users’ personal information and not in terms of areas where the companies’ own practices may have a negative impact on users’ right to privacy.


Hence, theories and discussions of informational privacy are tied to a specific notion of personal information, which guides the prevailing idea that information privacy is basically about the ability to control or restrict access to personal information.


Personal information (WP I): While it has been observed that the notion of ‘information’ in informational privacy is employed in a specific way, the conceptual and practical ramifications for this usage is seldom problematized. Agre (1994), for instance, observes that, “the tacit assumption” that is most common in the privacy literature is “that information is true – that it corresponds in some transparent way to certain people, places, and things in the world” (Agre, 1994, 107), and Cohen (2012) makes the similar observation that, “information appears to be the ultimate disembodied good, yielding itself seamlessly to abstract, rational analysis” (Cohen, 2012, 20). It is most often assumed that information just is; that is has no agency, and corresponds to objective state of affairs.


The employment of ‘information’ in the informational privacy literature follows a tradition in philosophy of information, which “treat[s] data and information as reified entities, that is, stuff that can be manipulated (consider, for example, the now common expressions ‘data mining’ and ‘information management’)” (Floridi, 2008b, p. 20) and assumes that information “is independent of what we think or believe. It is independent of what we know.” (Dretske, 2008, p. 31). These notions of ‘information’ follow a tradition of conceptualizing ‘information’ as what has been called: ‘natural information’, following Grice’s (1989) distinction between natural and nonnatural meaning (Scarantino & Piccinini, 2010; Søe, 2016). As such, natural information only allows for true, objectively correct information, whereas non-natural information also allows for mistakes, misinterpretations, misuse, and misleading information. While some privacy scholars – e.g. Nissenbaum (2010) and Solove (2008) – have begun pragmatic explorations of privacy in which the context and specific circumstances determine the privacy problem, both scholars hold “the self constant” and thereby ignore “the problem of the evolving subjectivity” (Cohen, 2012, 20) and they assume that ‘information’ is an objective, neutral entity that is context independent (Mai, 2016b).


In a previous study, Bucher (2016) shows how some Facebook users engage in data obfuscation. One user, for instance, noted that, “‘privacy online does not really exist. So why not just confuse those who are actually looking at your intimate information? That way it misleads them’”, another user tries “to ‘manipulate content’ … to ‘control the suggestions’ Facebook gives her”, and a third user “attempted to confuse the algorithm by liking contradictory things” (Bucher, 2016, 12). These examples suggest that users may be well aware that platforms harvest their personal information with the purpose of creating profiles of them, and that one way to secure their privacy is by confusing the algorithms through obfuscation (Brunton & Nissenbaum, 2015).

Therefore, at this point, the understanding of informational privacy is built on a notion of personal information while questions of meaning, practice, context, and intentionality are not always accounted for. Thus, the motives, intentions, or beliefs that people bring to digital platforms are absent in the conceptions of ‘personal information’ and hence are not taken into account in current conceptions of privacy either. In order to address this challenge we introduce meaning, context, and use in our characterization of personal information and re-conceptualize privacy such that it can address the challenges posed by algorithmic profiling and data-driven logic.


Hence, we follow an overall pragmatic orientation in our analyses. As such, we follow the work started by proponents of pragmatic privacy theories (esp. Julie Cohen (2012), Helen Nissenbaum (2010), and Daniel Solove (2008)) and we emphasize that analyses of privacy problems are bound by contexts and particular privacy settings because personal information is always contextual and localized. In terms of personal information, the pragmatic orientation we employ in this project means that we conceptualize personal information as situated, contextual, and dependent on intentions. We argue that the notion personal information should be understood within the broader context of philosophy of information, where we follow a pragmatic tradition situated in ordinary language philosophy (esp. the later Ludwig Wittgenstein, Paul Grice, and John Austin). The conceptual and theoretical analyses and investigations will be supported and informed by data collection concerning users and platforms as shown in Table 1: Research Design.


Methods and plan for data collection


Methodologically, this project applies a broad range of qualitative research methods to address the question of how personal information and privacy relate in an algorithmic age.


Users (WP III): In order to research the user perception of data collection in algorithmic systems we will conduct open-ended interviews (Gaskell, 2000) with affected users about their experiences with using social media and search engines. To identify affected users, i.e. those for whom the workings of platforms have become a ‘matter of concern’ (Latour 2004, 231), we will follow the strategy suggested by Bucher (2017). By monitoring social media sites like Twitter we conduce focused searches for terms like ‘search rankings’, ‘YouTube recommendation’, and ‘Facebook algorithm’ and contact authors for an interview request. Furthermore, focus groups (Bloor, et. al. 2008) will be conducted to better understand users’ collective perceptions of the algorithmic logics of platform providers, and how these relate to the notions of personal information and privacy. Interviews and focus groups will ensure equal gender balance and broad age gap. While we focus primarily on platform providers like Facebook Inc. (incl. Instagram, WhatsApp) and Alphabet Inc. (incl. Google and YouTube) we will also extend our understanding of personal information to offline contexts and urban environments. Thus, we will also conduct six ‘data walking workshops’ (www.datawalking.org) to explore how concerns about personal information transfer to everyday life in urban environments. By walking the city of Copenhagen with an ethnographic eye (Forlano & Mathew, 2014; Powell, 2008), taking notes and photographs, and interviewing passers-by where appropriate, the aim is to reflect on our understand-dings of data and how data is constructed and controlled in various places. Taken together these data sets will generate important insights into the conditions of privacy and personal information and empirically ground the conceptual work of the project.


Platform providers (WP IV): In order to understand how platform providers’ policies and practices frame privacy and personal information we will conduct extensive desk research in order to capture existing documented materials. The desk research will be followed up by detailed interviews (Gaskell, 2000) with national and international experts and policy-makers (e.g. EU policy makers, regulators at the Danish Agency for Digitization, and European Digital Rights groups), as well as textual analysis (Fairclough 1992, 2003; Dahlberg & Phelan, 2011) of policy and legal documents (e.g. EU directives, the General Data Protection Regulation, the Danish Strategy for Digitization, and platforms’ terms of service and policies). The purpose of this is to scrutinize how existing national and supra-national regulatory frameworks relate to Google’s and Facebook’s terms of service and policies (such as privacy policy, statement of rights and responsibilities, community guidelines, platform and advertising policies), with particular focus on how personal information and privacy are discursively and legally constituted. This will shed valuable light on platform providers’ framing and understanding of this project’s two key pillars, and how it relates to the legal rights of citizens according to national and international regulation. In order to get closer to the intent of platform providers, textual analysis will also be made of public announcements and other kinds of documents where representatives from Facebook and Google have communicated publicly about matters relevant to personal information and privacy.


References


Agre, P. E. (1994). Surveillance and capture: Two models of privacy. The Information Society, 10(2), 101-127.

Bloor, M, Frankland, J., Thomas, M. & Robson, K. (2001). Focus groups in social research. London: Sage.

Brunton, F. and Nissenbaum, H. (2015). Obfuscation: A user's guide for privacy and protest. Cambridge, MA: MIT Press.

Bucher, T. (2017). The algorithmic imaginary: exploring the ordinary affects of Facebook algorithms. Information, Communication & Society, 20(1), 30-44.

Cohen, J. E. (2012). Configuring the networked self: Law, code, and the play of everyday practices. New Haven, CT: Yale University Press.

Dahlberg, L. & Phelan, S. eds. (2011). Discourse theory and critical media politics. New York: Palgrave Mcmillan.

van Dijck, J. (2013). The culture of connectivity: A critical history of social media. Oxford University Press: Oxford.

van Dijck, J. and Poell, T. (2013). Understanding social media logic. Media and Communication, 1(1): 2-14.

Dretske, F. (2008). Epistemology and information. In P. Adriaans & J. van Benthem (eds.), Handbook of the philosophy of science. Volume 8: Philosophy of information (pp. 29-47). Amsterdam: Elsevier.

Fairclough, N. (2003). Analysing discourse: Textual analysis for social research. London & New York: Routledge

Fairclough, N. (1992). Discourse and social change. London: Polity Press.

Floridi, L. (2008b). Trends in the philosophy of information. In P. Adriaans & J. van Benthem (eds.), Handbook of the philosophy of science. Volume 8: Philosophy of information (pp. 113-131). Amsterdam: Elsevier.

Forlano, L., & Mathew, A. (2014). From design fiction to design friction: Speculative and participatory design of values-embedded urban technology. Journal of Urban Technology, 21(4), 7-24.

Gaskell, G. (2000). Individual and group interviewing. In M.W. Bauer & G. Gaskell (eds.), Qualitative researching with text, image and sound. London: Sage

Gillespie, T. (2012). The relevance of algorithms. In T. Gillespie, P. J. Boczkowski, & K. A. Foot (eds.), Media Technologies, Cambridge, MA: MIT Press.

Gillespie, T. (2010). The politics of ‘platforms’. New Media & Society 12(3): 347-364.

Grice, H. P. (1989). Studies in the way of words. Cambridge MA: Harvard University Press.

Jørgensen, R. F. (2017). Framing human rights: exploring storytelling within internet companies. Information, Communication & Society, 1-16.

Jørgensen, R. F. (2013). Framing the net. Edward Elgar Publishing.

Latour, B. (2004). Why has critique run out of steam? From matters of fact to matters of concern. Critical Inquiry, 30(2), 225-248.

Mai, J-E. (2016a). Big data privacy: The datafication of personal information. The Information Society, 32 (3): 192-199.

Mai, J-E. (2016b). Personal information as communicative acts. Ethics and Information Technology, 18 (1): 51-57.

Nissenbaum, H. (2010). Privacy in context: Technology, policy and the integrity of social life. Stanford, CA: Stanford Law Books.

Pasquale, F. (2015). Black box society: The secret algorithms that control money and information. Cambridge, MA: Harvard University Press.

Powell, A. (2008). WiFi publics: producing community and technology. Information, Communication & Society, 11(8), 1068-1088.

Scarantino, A. and Piccinini, G. (2010). Information Without Truth. Metaphilosophy, 41(3): 313-330.

Schermer, Bart Willem; Custers, Bart, & van der Hof, Simone. (2014). The crisis of consent: How stronger legal protection may lead to weaker consent in data protection. Ethics and Information Technology 16(2): 171–182.

Schneier, B., (2015) Data and Goliath: The hidden battles to collect your data and control your world. WW Norton & Company.

Solove, D. J. (2013). Privacy self-management and the consent dilemma. Harvard Law Review 126: 1880–1903.

Solove, D. J. (2008). Understanding privacy. Cambridge, MA: Harvard University Press.

Søe, S.O. (2016). The Urge to Detect, the Need to Clarify: Gricean Perspectives on Information, Misinformation, and Disinformation (Doctoral dissertation, University of Copenhagen).

Tavani, H. T. (2008). Informational privacy: Concepts, theories, and controversies. In The Handbook of Information and Computer Ethics (pp. 131-164), K.E. Himma and H.T. Tavani (eds). Hoboken, NJ: Wiley.

Valtysson, B. (2012). Facebook as a digital public sphere: Processes of colonization and emancipation. Triple C: Communication, capitalism & critique, 10(1): 77-91.

Valtysson, B. (2017). Regulating the Void: Online participatory cultures, user-generated content, and the Digital Agenda for Europe. Policy Implications of Virtual Work (83-107), Meil, P & Kirov V. (eds.). London: Palgrave Macmillan.

Zuboff, S. (2015). Big other: Surveillance capitalism and the prospects of an information civilization. Journal of Information Technology 30(1): 75-89.