Privacy and its importance to society has been studied for centuries. While its definitions and formalization has improved with time, the struggle to find a one size solution that satisfies the requirements of each individual remains unsolved. Depending on culture, gender, age, etc. the concept of privacy varies from individual to individual and each user may have different expectations of how their privacy should be protected in different contexts. Moreover, increasingly complex and dynamic environment, and the ubiquity of modern communication platforms such as social media makes the user-centric privacy management extra challenging. Therefore, it is more important than ever before to design and develop tools and algorithms to support personal privacy management for end users. However, this must be done by not restricting or preventing the sharing activities but ensuring the appropriate flow of information based on rules, policies, and principles.
In modern social networking sites, an increasing number of users are sharing information to an arbitrary number of recipients through status updates posts, and messages without proper awareness of privacy threats and their consequences. In such cases, improper disclosure of someone’s private information could be the root cause for his/her privacy issues, and the negative consequences of disclosing such information could be immense. However, it is impossible to think about a day of a modern internet user without being connected with friends, family, and co-workers through social media. This is because of the huge advantages users get from these platforms in terms of connectivity despite the unresolved and complex privacy management issues.
Privacy is not only a personal process but also an interpersonal boundary-control process in which case, it’s rules developed not only based on individuals privacy preferences, but also based on their interactions with others. In the theory of contextual integrity, privacy is formulated as an appropriate flow of information that conforms with the contextual informational norms. Each norm contains a set of parameters such as: data subject, sender, recipient, information type, and transmission principle. An example of a norm in the context of health is: a husband can share his diagnosis result with his family doctor, or his wife but not with his friends or financial adviser. In this example, the husband is recognized as the data subject and sender, the doctor or wife as the recipient of the information, health as the information type, and recipient will hold the information confidentially as the transmission principle. Based on the theory of (CI), privacy is violated if the information is shared or transferred with friends or financial advisers, as they are not explicitly included as part of the “allowed” recipients of the information. Contextual integrity can be thought as a metric, preserved when informational norms within a context are respected and violated when they are contravened.
However, in the above example: The data subject (husband) could share his health status in the context of health-care with the recipient (family doctor) and not with the financial advisor. However, in a different context, (i.e. finance), a different norm allows sharing health status information with the financial advisor so that the data subject can receive advice on how to manage his finances with the perspective of new health-care expenses. As a result, context matters when designing and developing a privacy-management system. It’s worth mentioning that, the term context here refers to the setting in which the communication takes place that includes more dynamic variables such as the domain, date, time, or location of the sharing occurrence.
Furthermore, users disclose different versions of private information to different parties under different conditions and they continuously modify their data sharing behavior to achieve an expected level of privacy throughout the time. Therefore, it’s also important to understand the patterns of users’ privacy preferences and concerns in terms of sharing information while preparing the privacy rules or norms. This implies the importance of both generating and inferring privacy norms or rules even before employing the theory of contextual integrity. Most importantly, the information we are talking about is mostly referred to the natural language people use to communicate with each other. Therefore, it’s yet another challenging task to infer the norm parameters out of the textual data while generating or validating any privacy norm. To this end, the main questions to be answered are: how to design and develop context-aware privacy disclosure detection algorithms and tools to help users manage their information-sharing activities? How to model and verify that the user’s defined context-aware privacy norms are satisfied in real-time?