An adapted version of Nissenbaum’s (2010) contextual integrity approach is used in chapter 6 at the application level of ethical analysis. It is used because it performs well in terms of satisfying the three main conditions specified in the introduction of this chapter. First of all, the approach can be used to study the effects of an emerging technology on informational privacy. It is a forward-looking approach, especially its latest iteration containing the decision heuristic, which is specifically designed to be able to deal with new technologies, such as unmanned aerial vehicles, that may challenge entrenched practices. The approach is particularly useful for a privacy analysis of an emerging technology at the application level, as it has a rich conceptual toolkit that allows for a comprehensive analysis of the specific contexts of a technology’s applications, thus generating very detailed privacy analyses of these applications.
Now, although the approach is well suited for analysis at the application level, it is not the most efficient approach at the technology level and the artifact level. In fact, it would be rather cumbersome to use Nissenbaum’s approach at these levels of analysis, as this would lead one to make unnecessarily detailed analyses of a number of different drone application contexts that are encompassed by the technology.14 Ultimately, it is not essential to have such a detailed look at the contexts if the aim is simply to identify potential privacy issues in a more general sense with respect to a technology or an artifact. For these reasons, a simpler, more efficient, approach is used in chapter 5 at the technology and artifact levels of the ethical analysis at hand. The “seven types of privacy” approach by Finn et al. (2013) is thus described in the next section.
In response to the second requirement, it can be argued that the approach takes seriously the issues relating to privacy in public spaces. One of its main virtues that sets it apart from many traditional privacy theories is that it justifies protecting “public” personal information (PPI) in certain situations. Many traditional privacy theories divide personal information into two exclusive realms—the private and the public—and only protect non-public personal information (NPI). As we have seen, Nissenbaum (2010) has convincingly shown that viewing personal information merely in terms of this dichotomy is problematic, arguing that one’s PPI can also warrant normative protection, even if that PPI does not qualify as personal information that is confidential, sensitive, or intimate. According to the CI approach, it is always the contexts in which and across which one’s personal information flows, and not the type of personal information itself, that determine whether the information in question deserves normative privacy protection within these contexts.
Finally, with regard to the third requirement, we can say that the approach is capable of recognizing a wide range of intuitively sensed privacy issues, since it is not loyal to just one particular philosophical definition of privacy. Like the “seven types of privacy” approach (as we will see), it avoids a major tension that is
14 The contextual integrity approach is best suited for analysis of specific, well-defined contexts. Alternatively, one
can broaden the scope of the contexts under consideration (for example, taking “public space” as a context, instead of the more specific “catching terror suspects at the Olympic park” context), but then the contextual integrity approach
found in much of the traditional privacy discourse (as stated in the introduction), where the concept of privacy tends to be viewed in terms of either restricting access to or having control over one’s personal information. Arguably, authors who view privacy in terms of information control often tend to ignore the role that restricting access to personal information also plays, and authors who defend the restricted access view of privacy tend to underestimate the insights offered by theories that emphasize the importance of one’s having at least some control over one’s personal information (Tavani, 2012). Nissenbaum (2010) explains that her CI framework “[...] reveals why we do not need to choose between them; instead, it recognizes a place for each. The idea that privacy implies a limitation of access by others overlaps, generally, with the idea of an informational norm. [...] Control, too, remains important in the framework as one of the transmission principles” (pp. 147-148).
Now, in spite of all these virtues, the CI framework has faced criticism. It has been argued that the approach insufficiently takes into account individual differences in people’s personal attitudes towards privacy in particular contexts (Friedewald, Gutwirth, Wright, Mordini, et al., 2011). However, as has been pointed out by Solove (2008), it would quite impractical to devise a set of practical rules around an array of individuals’ idiosyncrasies.
Other, perhaps more serious, concerns have been raised by Michael Birnhack (2011). This author argues that the CI approach remains too conservative in its reliance on the status quo ante of informational norms, which he notes does not even exist sometimes. Many contexts, he says, are dynamic, unsettled and unstable and are the result of power relations instead of moral considerations. In his view, contexts are dynamic social constructions which should be given the freedom to develop and change, in terms of informational norms and in terms of their underlying values, goals and ends. Moreover, he argues that although CI results in a seemingly “neutral” decision heuristic, many of the steps in this heuristic require its user to make normative judgments. Such normative judgments would, for example, be needed in determining the context in cases where contexts are unclear or unsettled. They would also be necessary in determining the informational norms, as CI does not fully account for who determines what the informational norms are, how their validity should be determined and what the process is in which these norms become norms. CI does not offer guidance for making these normative judgments.
Nevertheless, on balance I think Nissenbaum’s contextual approach remains very useful. We will see that the criteria included in the heuristic device are especially helpful in analyzing privacy concerns that arise in civil drone applications in public environments. The framework can, however, be improved a little if some of the above-mentioned problems are addressed.
I agree with Birnhack (2011) that the CI framework is too conservative, even if it allows entrenched norms to be challenged in some cases. My primary concern is not the dynamic, unsettled nature per se of some, mostly new, social contexts (such as, perhaps, social media); rather, I think it is most important to recognize that preferring the status quo of informational norms and their underlying values within a context might legitimize and reinforce an unfair equilibrium achieved by a powerful party at the expense of relatively powerless other parties. For example, one could argue that in the healthcare context economic values such as efficiency and cost-effectiveness have become increasingly important under the influence of market forces, and that this has come at the expense of patient-centered values such as health and autonomy (a development which is seen by many as unwelcome). Nissenbaum’s (2010) defense of the conservative structure of CI by reference to theories of conservatism at large (such as those of Jeremy Bentham and Edmund Burke) does not address this problem. Therefore, I think the goals, values and ends
on which the norms of the context are based should be evaluated by recourse to external moral reasoning. As Birnhack rightly notes, a theory of privacy should ideally explain why people do what they do and offer sufficient reasons to overrule the majority in some cases and impose duties on some actors. I propose to add the following step in Nissenbaum’s decision heuristic between step 7 (“Evaluation I”) and step 8 (“Evaluation II”):
“Evaluate whether the goals, values and ends of the context, as well as the balance between them, are fair, and amend them if they are not.”
Unfortunately, I have no clear and reliable principles on which to base such an evaluation, which means that an evaluation is going to be somewhat subjective. As a suggestion, however, one could aim to settle for goals, values and ends that best support the wellbeing of the widest majority of people who are by necessity involved in or affected by the context at hand, without having an exceedingly negative impact on the wellbeing of a minority of those people. The positive consequences of the goals, values and ends for the majority must then far outweigh rather than marginally outweigh any harm to a minority of people. Such a principle would amount to a weak form of consequentialism that allows room for deontological considerations—one we may call threshold consequentialism.15 I do not wish to advocate a strict moral absolutism, however. Perhaps the principles for evaluating the contextual goals, values and ends should themselves to some extent be dependent on the given context.
Finally, one last issue regarding the CI framework has to do with analyzing a potential state of affairs in the future, as is necessary in the case of this study. It is probable that present informational norms of various public surveillance contexts are thoroughly contested by the use of drones for mass public surveillance. However, whether public surveillance norms will remain contested in the future is not at all clear. What if societal norms gradually shift to adapt to increased privacy incursions by future drone use? Nissenbaum would likely call this an instance of “tyranny of the normal”. We could deal with this situation by focusing on how future drone systems and practices directly impinge on fundamental social, political, and moral values (step 8 in the original decision heuristic) and on values, goals, and ends internal to the context (step 9). These will presumably not change quite as quickly as the informational norms will. Moreover, they have been made subject to external moral reasoning in the updated version of the decision heuristic, which means that “the spirit of the time” in terms of values goals and ends is not the only factor to take into account in an evaluation. Nevertheless, useful insights may still be obtained by examining how future drone systems and practices impinge on the present informational norms of particular contexts, which is why step 5 of the original decision heuristic is kept in the adapted version that is used in this thesis.