Selective Privacy in a Web-Based World: Challenges of Representing and Inferring Context

There is a growing awareness and interest in the issues of accountability and transparency in the pursuit of digital privacy. In previous work, we asserted that systems needed to be “policy aware” and able to compute the likely compliance of any digital transaction with the associated privacy policies (law, rule, or contract). This paper focuses on one critical step in respecting privacy in a digital environment, that of understanding the context associated with each digital transaction. For any individual transaction, the pivotal fact may be context information about the data, the party seeking to use it, the specific action to be taken, or the associated rules. We believe that the granularity of semantic web representation is well suited to this challenge and we support this position in the paper. From “Privacy” to “Selective Privacy” When coined, apparently by scrivener error nearly five hundred years ago [1], “privacy” meant to seclude or keep out. Over the many years since, its definition has expanded to include the concepts of being free from public attention, being free from intrusion or interference, and having personal volition about that freedom. Today, with voluminous information about each individual already having crossed the digital privet hedge, it is too late to consider digital privacy as the ability to hold back one’s personal information. Now, it must mean the ability to selectively control the use of that data based upon the context of the transaction. This is not a wholly new concept. In the physical world, we provide far less detail about our social, family, and medical lives with our business associates than we do with family and friends. Conversely, we generally provide less financial details of our life to our social network than our commercial one. And, we sub-divide these decisions much more granularly – providing more detailed financial information when seeking a mortgage than when making a deposit or providing medical information to a supervisor in order to obtain a work variance – according to context. Our personal rules for privacy are kaleidoscopic, changing as the situation changes. So, too, in the commercial and governmental environments, the written rules for privacy are heavily laced with contextual terms and conditions. Medical professionals may look at patient physical health records if they are treating the individual or providing institutional oversight (actor context); they are permitted more limited review if they are addressing insurance or other financial issues (event context) or if the records contain mental health information (data context). Financial professionals are permitted to seek and review more personal information when opening an account than when engaging in day-to-day transactions (event context). Government agencies must apply the Privacy Act [2] to the use of any data; this requires the application of some rules universally, but also the application of different rules per data repository (rule context). As implied by these examples, we take the broad view of privacy rules, meaning any rule which seeks to limit access to information about an individual or an identifiable group for the purpose of protecting them from harm. We previously focused on the importance of accountability and transparency in the arsenal of privacy protection. [3] This paper focuses on the importance of context in successfully modeling the decision process for privacy protection. It also describes how decision systems that rely solely on actor’s role, data content, and action, while incrementally useful – and possible to make transparent – fail to meet the nuanced requirements and expectations of privacy policy – and, therefore, can’t be fully accountable. We believe Web-based systems can meet the need for obtaining decision-relevant data from beyond the locus of the transaction and further posit that semantic web based systems can provide the level of