Mixed context and privacy

Users engaging online service providers (OSPs) such as Google, Amazon, and Facebook encounter environments architected by a single actor (the OSP), but comprised of content and executable elements potentially provided by multiple actors. For the ten OSPs analyzed, privacy policies only cover content provided directly by the OSP. Content provided by external (third party) content providers, such as advertising networks and third party developers, are governed by a different set of privacy policies. In effect, users face environments comprised of mixed content governed by potentially conflicting privacy policies. Reasonably unraveling these conflicting privacy guarantees confounds the process of determining whether users’ privacy preference are satisfied. The notion of a mixed context describes scenarios where a user is faced with multiple, potentially conflicting policy guarantees within a seemingly uniform, contiguous environment. This paper develops mixed context as a metaphor that informs the design of privacy policies and the attendant privacy tools. Mixed context has also led to insights into actor incentives and dependencies that shape the design of policies, online environments, and ultimately the balance between advertising (re)targeting and user privacy. The mixed context metaphor draws evidence from OSP privacy policies and builds on Nissenbaum’s notion of contextual integrity [29] as an analytic framework for valuating privacy implications. This framework describes privacy in terms of participants’ context-specific norms that are rooted in an experience-based understanding of the environment and the constraints on the behaviors of other actors in that environment. The instances of mixed context presented here confound this process because, although the environment is architected by a single actor and appears to be a single context, closer inspection reveals it is in fact governed by multiple, potentially conflicting policies. The mixed context metaphor has also helped surface institutional incentive structures that confound the development of meaningful privacy policies and tools. An immediate observation is that many of the actors contributing to the mix are invisible to the casual user. This impedes the development of reasonable expectations about a particular environment based on attributing elements of the experience to particular actors. Second, “invisible” non-OSP actors, in particular advertisers, are not directly accountable to users with regard to how they use information for (re)targeting of advertisements. OSP privacy policies provides conceptual evidence of mixed context; recent media investigations [39] have documented (observed) instances of mixed context outcomes “in the wild.” Although superficially a technical coordination problem, resolutions to mixed context problems are rooted in both technical means and the institutional arrangements of actors. The common “service-and-utility” framing identified in the privacy policy focuses on the benefits of targeting while underplaying privacy implications. Mixed context attempts to avoid interest-specific metaphors such as service-and-utility and value-laden metaphors such as those focusing on the contrast between privacy and surveillance. As applied here, the focus is to identify shared concerns that contribute to a collaborative understanding of the flow of user information that has collateral benefits for both advertising and privacy objectives. Evidence of deficiencies and mixed context have een identified via a bottom-up analysis of privacy policies. In contrast, design and policy recommendations are couched in a top-down institutional analysis that presents incentives for developing tools that convey the implications of mixed context in situ.