Contextual Integrity Through the Lens of Computer Science

Privacy and Security

Article Snapshot


Sebastian Benthall, Seda Gürses and Helen Nissenbaum


Foundations and Trends in Privacy and Security, Vol. 2, No. 1, pp 1-69, 2017


The theory of contextual integrity defines privacy as an information flow appropriate to the social context in which data is exchanged. This study of how computer scientists that use contextual integrity theory shows that they are not consistent in identifying the relevant context and social norms.

Policy Relevance

Computer scientists should consider how privacy norms can best be identified.

Main Points

  • According to the theory of “contextual integrity,” privacy is defined as a level of information flow appropriate in the context; the norms that determine what is appropriate in each sphere depend on human activity, social values, and the goals of participants.
  • The context refers to a situation, including facts about the user (such as her location and identity), the type of computer or equipment involved, and other aspects of the environment.
  • This study of uses of contextual integrity in computer science reveals that the idea of contextual integrity is used:
    • To design user interfaces and experiences;
    • In designing infrastructure such as social network platforms;
    • In designing decentralized architectures.
  • Computer scientists attach widely different meanings to the term “context;” some are abstract (hospitals in general), others concrete (a specific hospital), and some described context as the social context (a classroom), while others described context as a technical category (a mobile app designed for education).
  • Generally, the theory of contextual integrity states that norms arise as people adapt to different spheres of society; however, most computer scientists did not define norms this way, instead considering compliance of the system with existing laws and policies, or with users’ preferences.
  • System architects and designers should be explicit about how human actors involved (such as moderators and operators) relate to technical systems.
  • Contextual integrity theorists should fill gaps in their theory.
    • They should consider what “context” flows of information to third parties arise in.
    • They should explain how norms relate to the law or to security threats.
    • They should explain how norms can be distinguished from users’ expectations.
    • Researchers should propose technical solutions to handle disputes over norms.


Get The Article

Find the full article online

Search for Full Article