Conceptualising Privacy in the Public Domain

Contextual integrity

As recognised in the previous post, the public nature of personal information could legitimately negate certain expectations of privacy. This section attempts to articulate the principles that define what kinds of expectations may be negated when information is voluntarily put into the public domain. Such a basis would allow us to identify to what extent the public domain exception under the DPDP Act is overinclusive, and to design privacy rules accordingly. 

For example, the act of voluntarily uploading information into the public domain makes one’s data accessible to the public. It is thus reasonable that one should not expect that their data is not viewed by members of the public. Therefore, the observation of data in the public domain should not be restricted by privacy protections. 

It is not only observation, but also certain uses of data, that should be exempted by a public domain exception. It is instructive to draw from Helen Nissenbaum’s theory of privacy as contextual integrity here. Nissenbaum identifies contextual integrity as the appropriate benchmark of privacy. Contextual integrity requires that (i) norms of appropriateness and (ii) norms of distribution are both upheld.

Norms of appropriateness place limits on the kind of information that may be appropriately revealed in a specific context. A norm of appropriateness would enable people to share information discriminately, with the power to determine the nature of their relationship with other people. For example, norms of appropriateness might operate more strictly between a professor and a student, and less strictly between two friends.

Norms of distribution, on the other hand, are transmission principles which regulate the movement of information. While norms of appropriateness deal with whether information belongs in a particular context, norms of distribution are about whether the movement of information respects the rules of the context. For example, although one’s medical history is appropriate information between a patient and a doctor, it would violate the norms of distribution if the doctor shared this information with the patient’s employer.

Put in these terms, it may be the case that the norms of appropriateness in the public domain are relaxed. For instance, it would be reasonable to state that when one voluntarily makes their information public, it would not violate the norms of appropriateness if people were to access and view the information. However, certain uses of the information might still violate the norms of distribution or flow. 

Legitimate uses of publicly available information

The relevant question is what kinds of uses of publicly available information may be considered legitimate. To answer this question, it is useful to consider what kinds of uses one may reasonably be expected to foresee. Note that this is not a purely empirical inquiry. The question is not merely what a person may realistically foresee, but also whether they can reasonably be expected to do so. For example, having read about how companies use personal information, I might be aware that my personal information might be used in an effort to influence my electoral choices. Of course, this would not imply that I could reasonably be expected to foresee such use of my personal information, or to implicitly consent to it.

This brings us to the question of what one may reasonably be expected to foresee when one makes their information available to public. Intuitively, the use of publicly available data for criticism, comment, or news reporting are arguably reasonably foreseeable consequences of making one’s information public. On the other hand, the use of publicly available information to draw inferences about people and to covertly influence their behaviour seems less legitimate.

Translating this into a principled position, the use of information in the public domain is legitimate if it conforms to three principles. The three principles are attribute consistency, role consistency, and transmission-principle consistency. Collectively, I refer to these three principles as ‘contextual consistency’. 

First, contextual consistency requires attribute consistency. Attribute consistency means that the use of the information is such that its nature of the information remains stable. The principle is violated where the nature of the information is substantively changed, including through inferences. Since this principle derives from the standard of reasonable anticipation, the relevant inquiry is whether the inference drawn is qualitatively different from the information originally disclosed in a manner that the provider could not reasonably have anticipated.  

This is important because seemingly innocuous pieces of data may be used to draw inferences that are of an entirely different nature. For example, a person’s social network data may be used to evaluate their creditworthiness and to grant or deny them a loan. While these capacities might be used favourably to make loans available to people without credit scores, it is important that the information is obtained legitimately. For example, it might be acceptable for a person to volunteer their information as evidence of their creditworthiness. But it would be inappropriate for lenders to track peoples’ habits online to draw inferences about their creditworthiness. 

Second, contextual consistency requires role consistency. Role consistency means that the institutional role performed by the actor processing the information remains consistent vis-à-vis the person to whom the information relates. The purpose here is to ensure that the role of the actor processing the information does not transform into commercial or decisional exploitation. For example, the social and institutional role of a social media platform is to facilitate communication. Therefore, a social media platform is role consistent when it hosts the post of a user for public viewing. However, the platform violates its role where it uses the information to determine a person’s creditworthiness or political inclinations.

In regard to a viewer of publicly available information, role consistency is maintained if the viewer occupies a socially expected role rather than the role of a decisional authority. For example, a news agency would be role consistent if it were to use publicly available personal information for news reporting. However, a company which uses social media posts of users to draw inferences about their political inclinations would violate role consistency. This is because such use would not be reasonably expected of a company which has access to people’s social media posts. 

Third, contextual consistency requires transmission-principle consistency. Along the lines of Nissenbaum’s norms of distribution, these principles are violated where the governing norm of distribution or flow is transformed. Even where attributes and roles remain consistent, transmission-principle consistency may be violated where data is repurposed in certain ways. For instance, where a social media user shares a post, the principle governing the transmission of their information is ‘communication’. If the information is used by the platform to generate content recommendations for the user, it could perhaps be argued that the attributes of the information are not altered, and that the platform retains its role as an intermediary which facilitates communication between persons. However, the transmission principle might be violated in this case, since the information is now used for behavioural prediction rather than for interpersonal communication. 

However, the legitimacy of well-accepted norms in certain contexts could sometimes justify flows that would otherwise be impermissible. For example, it would normally violate the transmission principle if a commercial entity used people’s social media posts to draw inferences about their creditworthiness. Yet, the use of publicly available information by a research institute may be legitimate, because research contexts are generally governed by norms of confidentiality, anonymisation, and purpose limitation. 

One important conceptual point underpinning these principles is that data flows are highly contextual. For this reason, these principles should not be read as all-or-nothing standards. Instead, it is again instructive to draw from Nissenbaum’s treatment of the principles of contextual integrity. Nissenbaum suggests a presumption in favour of the status quo: that existing social practices be taken as reflective of the norms and appropriateness and distribution. However, this presumption may be rebutted where sufficient reasons exist. 

Along these lines, the principles of contextual consistency are themselves necessarily contextual. They are perhaps better understood as indicators, rather than as determinants, of legitimate uses of publicly available information. The violation of these principles may appropriately be treated as creating a presumption of a privacy violation, which may be rebutted if sufficient reasons exist. 

For example, consider a research organisation which collects publicly available personal data and draws inferences. Such use would appear to violate the attribute consistency principle, because the nature of the information is altered. However, such use may be permissible if the principles of role consistency and transmission-principle consistency are satisfied under sufficiently rigorous constraints. Although the use by the research organisation is attribute inconsistent, the use may be legitimate if it is role consistent and transmission principles such as confidentiality and purpose limitations are met.

Operationalising Privacy in the Public Domain

In thinking about operationalising these principles, it is important to remember three things. First, these principles of privacy protection are difficult to implement. An obvious feature of information in the public domain is ease of access. Since this information is so easily accessed, it is difficult to see how any regulator can track each instance of use and check for compliance with the principles. 

Second, in framing laws, it is important to consider what kind of burden the law places, and on whom. For instance, many laws, including the DPDPA, require individuals to consent to the use of their information. This requirement places the burden on the individual to read and understand privacy notices, and to provide their ‘informed’ consent. Since individuals are unlikely to make good decisions about privacy, the law should seek to ensure good privacy practices by prescribing certain conditions for the collection, use, and disclosure of personal information. Doing so would shift the burden to organisations by placing limits on their power. 

Third, the principles proposed in the previous section would perhaps function most effectively in the context of a data protection regime where rigorous obligations are imposed on organisations which handle personal data –  not in a consent-based regime. However, the DPDPA is grounded in consent. Any limitation on the public domain exception will have to be consistent with the DPDPA. 

Along these lines, it has been proposed that rather than a blanket exception, the public domain exception should be considered a ‘legitimate use’ ground under section 7 of the DPDPA. This is an interesting proposition, and it may allow a limited introduction of the contextual principles proposed in this article, while also escaping the challenges around consent. First, ‘legitimate use’ is a specific exception that only exempts the data fiduciary from the requirement to obtain consent. The other obligations under the DPDPA continue to apply. 

Second, this categorisation would enable the introduction (although limited) of the contextual principles through a purpose limitation requirement. The legitimate use of publicly available information should require that the information is used for a purpose that is reasonably consistent with the purpose for which a person may reasonably be deemed to have shared the information. In other words, publicly available information should not be treated as available for unrestricted downstream use merely because it has been disclosed. Where a complaint is made to the Data Protection Board, the Board or the courts may use the contextual principles as interpretive tools to assess whether processing is consistent with the purpose for which the information was shared. Of course, this is only of limited utility, unless the law further specifies what purposes the information may or may not be collected for. The effectiveness of such a law would ultimately depend on legislative willingness to define the contours of permissible purposes for which publicly available personal data may be used. 

Conclusion

Over the course of this article, I have sought to establish that the public domain exception under the DPDP Act is overinclusive. In its indiscriminate exemption of all publicly available data from legal protection, the law fails on two fronts. First, the law incorrectly assumes that privacy is about keeping information private, rather than about establishing boundaries. Second, the law fails to address the deeply contextual nature of information flows. 

This article is an attempt to conceptualise the extent to which privacy protections should apply in the public domain. It acknowledges that when information is voluntarily made public, the norms governing access and use are relaxed. However, this does not exhaust the demands of privacy. This article proposes the principles of attribute consistency, role consistency, and transmission-principle consistency as indicators of legitimate uses of publicly available information.   

At the same time, the attempt to operationalise these principles reveals important limits. The ease with which publicly available information can be accessed produces challenges for enforcement, and a consent-based framework is ill-suited to capturing the contextual harms identified here without placing an unreasonable burden on individuals. While recasting the public domain exception as a form of “legitimate use” may allow some space for contextual considerations through ex-post adjudication, it remains a partial solution.

*The author is a Year IV student at National Law University, Delhi.