It Takes a Village: A Community Based Participatory Framework for Privacy Design

Abstract

As data-centric technologies are increasingly being considered in social contexts that intervene in marginalized peoples' lives, we consider design paradigms to create systems that fulfill their unique privacy needs and requirements. Disempowered populations often experience disparate harms from the loss of privacy but, typically, have a limited role in formulating the scope and nature of such interventions, and accompanying (implicit or explicit) privacy policies and consequent engineering processes. This gap can be addressed by including recipient communities in designing these privacy policies. We propose a participatory design model for data-centric applications where privacy policies (norms) emerge out of participation of the community in the research/design process. The framework of Contextual Integrity which articulates privacy as respect for normative rules of information flow in specific contexts, lends itself well to enable a community-generated formulation of these privacy norms within the contexts of the proposed intervention. Employing formal logic, these privacy norms can then be used to engineer systems capable of regulating the flow of information as per the negotiated norms [1]. This entire process which we call Contextualized Participatory Privacy by Design, seeks to empower communities in negotiating and articulating their privacy norms, leading to the development of systems that are capable of enforcing what they deem as ethical, contextualized use of their data.