Exercises: What Is Privacy? Definitions and Debates

Claude (AI-Generated Textbook)

Exercises: What Is Privacy? Definitions and Debates

These exercises progress from concept checks to challenging applications. Estimated completion time: 3-4 hours.

Difficulty Guide: - * Foundational (5-10 min each) - ** Intermediate (10-20 min each) - *** Challenging (20-40 min each) - **** Advanced/Research (40+ min each)

Part A: Conceptual Understanding *

Test your grasp of core concepts from Chapter 7.

A.1. Warren and Brandeis defined privacy as "the right to be let alone" in 1890. Section 7.1.2 identifies three limitations of this definition for the data age. In your own words, explain why a "passive framing" of privacy — privacy as withdrawal — is insufficient when people voluntarily use digital services that require data sharing to function.

A.2. List Westin's four states of privacy (Section 7.2.1) and provide one original example — not drawn from the chapter — of each state being exercised in everyday life.

A.3. Section 7.2.2 maps Westin's four states onto digital equivalents. The chapter notes that "reserve" is particularly threatened in the data age. Explain in two to three sentences why inference — the ability of systems to deduce undisclosed attributes — undermines the right of reserve in a way that earlier surveillance technologies did not.

A.4. State Nissenbaum's contextual integrity framework in your own words. What are the five parameters that define an informational norm (Section 7.3.1)?

A.5. Section 7.4.2 presents seven responses to the "nothing to hide" argument. Select the response you find most persuasive and the one you find least persuasive. For each, explain your reasoning in three to four sentences.

A.6. The chapter identifies five reasons why privacy matters (Section 7.6): autonomy, democracy, social trust, dignity, and equity. For each, write one sentence connecting that reason to a specific section of the chapter where it is developed.

A.7. Section 7.5 describes privacy norms across six cultural contexts. Identify the key distinction between the European approach and the American approach to privacy governance. What historical or political factors might account for this difference?

Part B: Applied Analysis **

Analyze scenarios, arguments, and real-world situations using concepts from Chapter 7.

B.1. Consider the following scenario:

A university health center uses an app to allow students to schedule appointments. The app requires students to select a reason for their visit from a dropdown menu (options include "cold/flu," "mental health," "sexual health," "physical injury," and "other"). The app developer, a private company, retains this data and sells aggregate statistics — broken down by campus and semester — to pharmaceutical companies interested in marketing to college-age populations.

Apply Nissenbaum's contextual integrity framework (Section 7.3.3) step by step: (1) identify the prevailing context, (2) identify existing informational norms, (3) describe the new practice, (4) compare against norms, and (5) evaluate whether the breach is justified. Reach a clear conclusion about whether this practice violates contextual integrity.

B.2. Mira tells Eli that VitraMed can predict with 80% accuracy which patients will be diagnosed with depression within six months, based on EHR visit patterns — even when those patients have never reported mental health symptoms (Section 7.2.2). Analyze this situation using two different privacy theories from the chapter: (a) Westin's privacy-as-control framework and (b) Nissenbaum's contextual integrity framework. Do the two frameworks produce the same conclusion? If they differ, explain why.

B.3. Eli responds to Mira's VitraMed scenario by asking: "And what happens when that prediction reaches their insurance company?" Construct a chain of three plausible data flows — from the initial prediction to the insurance company — where each individual step might seem innocuous or even beneficial, but the overall chain results in a significant privacy violation. For each step, identify the contextual norm that is being stretched or breached.

B.4. A friend tells you: "I don't care about privacy because I have nothing to hide. I'm not a criminal, and if surveillance keeps people safe, I'm fine with it." Using at least four of the seven responses from Section 7.4.2, construct a detailed reply. Your reply should be respectful and substantive — not dismissive — and should acknowledge what makes the "nothing to hide" argument appealing before explaining its limitations.

B.5. Section 7.5.2 raises the question: when a European user's data is stored on a U.S. server, which privacy norms apply? Consider a concrete version of this problem: a German citizen uses an American social media platform. Under the European approach, this person has a fundamental right to data protection. Under the American approach, the platform's free speech and commercial interests may limit data protection obligations. Identify at least two specific points of tension and explain why neither legal system can fully resolve them unilaterally.

B.6. The chapter contrasts privacy as an individual right with privacy as a social value (Response 6 in Section 7.4.2). Consider the following: even if every individual in a community consented to constant surveillance, would there still be a privacy problem? Argue for or against, drawing on the chapter's discussion of democracy, dissent, and social trust.

Part C: Real-World Application Challenges -*

These exercises ask you to investigate your own environment and apply Chapter 7 concepts to real situations.

C.1. ** Contextual Integrity Audit. Choose one app or digital service you use regularly. Identify three specific data flows the service engages in (you may need to consult its privacy policy). For each flow, apply Nissenbaum's framework: What is the context? What information flows? From whom to whom? Under what transmission principle? Does the flow conform to the informational norms you would expect in that context? Present your findings in a table and write a one-paragraph assessment.

C.2. ** The "Nothing to Hide" Conversation. Have a respectful conversation with someone you know (a friend, family member, or classmate) who expresses some version of the "nothing to hide" argument. Listen to their reasoning carefully. Then, using at least three responses from Section 7.4.2, present counterarguments. Write a one-page reflection: What response resonated most with them? What didn't land? What did you learn about how people think about privacy in practice?

C.3. *** Cross-Cultural Privacy Comparison. Select two countries from different rows of the cultural context table in Section 7.5.1. Research the primary data protection law (or framework) in each country. Compare them on three dimensions: (a) Is privacy treated as a fundamental right or balanced against other interests? (b) Is the emphasis on individual or collective privacy? (c) How is enforcement structured? Write a one-page analysis noting what each approach does well and where it falls short.

C.4. *** Privacy Policy Through Nissenbaum's Lens. Select a privacy policy from a health-related app (a fitness tracker, telehealth service, or health insurance portal). Read the data sharing section. Identify at least two data flows described in the policy that, under Nissenbaum's framework, would constitute a breach of contextual integrity. For each, explain: What is the original context? What norm is violated? Is any justification offered, and is it adequate?

Part D: Synthesis & Critical Thinking ***

These questions require you to integrate multiple concepts from Chapter 7 and think beyond the material presented.

D.1. Section 7.3.2 notes that contextual integrity explains why data practices can "feel wrong even when they're technically legal." But what about the reverse — data practices that feel acceptable but that contextual integrity identifies as a violation? Construct a scenario where information flows in a way that most people would accept or even welcome, but that Nissenbaum's framework would flag as a breach of established norms. Then evaluate: Is the framework right to flag it? Or does this reveal a limitation of the framework?

D.2. The chapter presents privacy theories chronologically: Warren and Brandeis (1890), Westin (1967), Nissenbaum (2010). Each theory was a response to the technological and social conditions of its era. Write a 300-500 word essay proposing what a next-generation privacy theory for the 2020s and 2030s might need to address — considering AI inference, biometric data, smart environments, and the erosion of the public/private distinction. Your theory should build on, not discard, the insights of earlier frameworks.

D.3. Response 2 in Section 7.4.2 warns that "data collected today will be interpreted by governments and institutions that may hold very different values tomorrow." Apply this argument to a specific historical example: identify a case where data collected under one regime or set of norms was later used by a different regime or institution for purposes the original data subjects could not have anticipated. (Consider: census data, medical records, communication records, religious registries, or membership lists.) In 200-300 words, explain what happened and what lesson it holds for current data collection practices.

D.4. The chapter argues that privacy matters for equity (Section 7.6, point 5): privacy violations disproportionately harm marginalized communities. Develop this argument with specific examples. Consider at least two of the following: (a) facial recognition error rates across racial groups, (b) predictive policing and its geographic targeting, (c) immigration enforcement using location data, (d) the disproportionate impact of data breaches on communities with fewer resources to recover. How does the equity argument change the way we should evaluate privacy policies?

Part E: Research & Extension ****

These are open-ended projects for students seeking deeper engagement. Each requires independent research beyond the textbook.

E.1. Carpenter v. United States: Deep Dive. Read the Supreme Court's majority opinion in Carpenter v. United States (2018) and at least one dissenting opinion. Write a 1,000-1,500 word analysis addressing: (a) How does the majority opinion engage with the third-party doctrine? (b) How does the Court's reasoning relate to Westin's concept of anonymity and Nissenbaum's contextual integrity? (c) What are the implications of the decision for other forms of digital data collection (e.g., email metadata, browsing history, smart home data)? (d) What questions does the decision leave unresolved? Use at least three sources beyond this textbook.

E.2. Contact Tracing and Contextual Integrity. Research the design of two COVID-19 contact tracing systems from different countries — one centralized (e.g., Australia's COVIDSafe, Singapore's TraceTogether) and one decentralized (e.g., the Apple/Google Exposure Notification system). Apply Nissenbaum's contextual integrity framework to each system. Write an 800-1,200 word comparison addressing: (a) What information flows does each system create? (b) Which informational norms of the public health context does each system respect or violate? (c) Did the decentralized model better protect contextual integrity, or did it sacrifice public health effectiveness? (d) What does this case reveal about applying privacy theory during emergencies?

E.3. Privacy Across Cultures: An Interview Study. Interview three to five people from different cultural backgrounds about their understanding of privacy. Ask each person: (a) How do you define privacy? (b) What is the most important thing privacy protects for you? (c) Can you describe a time when your privacy was violated? (d) Are there situations where you think privacy should yield to other values? Write a 1,000-word reflection connecting your findings to the cross-cultural analysis in Section 7.5. Do your interviewees' responses align with the cultural patterns described in the chapter, or do they complicate them?

E.4. Building a Privacy Framework. Drawing on all the theories in Chapter 7 — Warren and Brandeis, Westin, Nissenbaum, Solove, and the cross-cultural perspectives — design a practical privacy evaluation framework for a specific domain (choose one: healthcare, education, social media, or smart cities). Your framework should include: (a) a definition of privacy appropriate to that domain, (b) a set of at least five principles for evaluating data practices, (c) a step-by-step method for applying the principles, and (d) at least two worked examples showing the framework in action. Present your framework in 1,500-2,000 words.

Solutions

Selected solutions are available in appendices/answers-to-selected.md.