Article by Eman Alashwali: “…aims to shed light on the often-overlooked difference between two main types of privacy from a control perspective: Privacy between a user and other users, and privacy between a user and institutions. I discuss why this difference is important and what we need to do from here…
Raynes-Goldie coined the term social privacy as opposed to institutional privacy. The former is about controlling access to personal information while the latter is about controlling how institutions such as Facebook and their partners might use this information. Heyman et al. defined the term privacy as subject to refer to controlling a user’s personal information disclosure to other users, and privacy as object to refer to controlling information disclosure to third parties, which represent the user as an object in a data mining process. Brandimarte et al. classified privacy controls according to purpose, where release controls refer to controlling information disclosure between users, while usage controls refer to controlling the use of users’ information, for example, by the service providers or third parties. Bazarova and Masur introduced multiple approaches to privacy, which include the networked approach where information flows in a horizontal direction between users, and the institutional approach where information flows in a vertical direction between a user and institution.
I will use the terms user-to-user privacy and user-to-institution privacy. In user-to-user, the other users could be family, friends, coworkers, and others. In user-to-institution, the institution could be a service provider, organization, government, and so forth.
In recent years, many service providers, for example, social media platforms, have improved the privacy controls provided to users. However, they may have improved one type of privacy controls: the user-to-user.3 Ignoring the difference between the two types of privacy controls may lead users to have an illusory sense of control over their privacy. For example, users’ perceived control over user-to-user privacy may result in fewer privacy concerns as a result of an incomplete assessment of the associated risks of data sharing, ignoring what Stutzman called “silent listeners.”..(More)”.
