Although “privacy” and “commons” might on first impression seem conceptually orthogonal or even opposed, a deeper analysis suggests there are insights to be gained from studying information privacy as a question of knowledge commons governance. Privacy often is taken to connote constraint and control over information, while commons often connotes openness and sharing. Neither of these stereotypes, however, are accurate reflections. A more nuanced perspective reveals that sharing and constraint are two sides of the same coin, acting as complements, both in social situations ordinarily conceived in privacy terms and in institutions aimed at creative production through knowledge sharing. Privacy is not simply a matter of constraint, but is more usefully understood, as Helen Nissenbaum has argued, as a matter of “appropriate flow of personal information” for specific social contexts (Reference Nissenbaum2009, p. 127). When defined as such, it becomes apparent both that privacy is not secrecy and that privacy often involves knowledge sharing. Indeed, true secrecy, in which information is completely unshared (Reference FriedrichFriedrich, 1971; Reference NeitzkeNeitzke, 2007), is a rarity. Privacy ordinarily entails both constraint and flow. Similarly, commons-based knowledge production, at least as understood within the Governing Knowledge Commons (GKC) framework, is rarely free-for-all open sharing, but ordinarily combines sharing practices with constraints to overcome social dilemmas (Reference Frischmann, Madison and StrandburgFrischmann, Madison, and Strandburg, 2014). Thus, privacy may aptly be described not only as contextually appropriate information flow but also as governance of personal information resources.
Given the close affinity between privacy and knowledge commons governance, progress may be made in theoretical and empirical studies of privacy by employing tools developed for the study of knowledge commons governance. In earlier work, Reference Frischmann, Madison and StrandburgFrischmann, Madison, and Strandburg (2014) adapted Elinor Ostrom’s Institutional Analysis and Development (IAD) framework for natural resource commons (Reference Ostrom1990, Reference Ostrom2005) to devise a GKC framework for studying commons-based knowledge production. This framework has now been successfully employed in a number of case studies (Reference Frischmann, Madison and StrandburgFrischmann, Madison, and Strandburg, 2014; Reference Strandburg, Frischmann and MadisonStrandburg, Frischmann, and Madison, 2017). There is also surprisingly close correspondence between the GKC framework and Nissenbaum’s contextual integrity framework for privacy, given their construction for quite different social concerns. Comparing the two, we identify two specific ways in which the knowledge commons approach can help to move the privacy research ball forward.
First, we propose to supplement Nissenbaum’s conceptions of “transmission principles” and “context-relevant information norms” with the more politically and procedurally grounded conceptions of rules-in-use and governance employed in commons studies. In Nissenbaum’s framework, appropriate flows of information are distinguished, in the first instance, by compliance with “transmission principles,” defined as “terms and conditions under which such transfers ought (or ought not) to occur” (Reference NissenbaumNissenbaum, 2009, p. 145) between specific parties in a specific context. The “transmission principles” observed in a specific situation are examples of what Ostrom called “rules-in-use.” Ostrom’s concept of “rules-in-use” differentiates between nominal rules “on the book” and the actual (and perhaps unanticipated) practices that emerge from interactions within often complex structures of formal and informal institutional arrangements. Ostrom further taxonomized “rules-in-use” into an “institutional grammar” that encompasses rules, social norms, and strategies (Reference Crawford and OstromCrawford and Ostrom, 1995), as well as individual tactics of compliance and avoidance, power dynamics, and enforcement mechanisms. This approach can be used to add depth to our understanding of the privacy transmission principles observed in various real-world situations. The “rules-in-use” concept allows sweeps beyond information transmission to include the possibility of other sorts of constraints, such as rules-in-use governing how personal information may appropriately be exploited.
Under Nissenbaum’s framework, when transmission principles are contested, eroded, or changed as a result of social and technological changes, their normative validity is tested against “context-relevant informational norms” and overarching ethical principles. The origins of contextual norms governing appropriate information flow are exogenous to Nissenbaum’s analysis. The commons governance perspective encourages us to look behind the curtain to investigate the origins and dynamic characters of both nominal rules and rules-in-use, and to interrogate the potentially contested legitimacy of the formal and informal processes that produce them. We believe that issues of procedural legitimacy and distinctions between nominal rules and rules-in-use are central both to descriptive understanding of privacy and to normative evaluation and policymaking. Governance and legitimacy may be particularly important for the most perplexing privacy issues, which often involve overlapping ethical contexts or contested values.
Second, we propose the knowledge commons framework as a rigorous, yet flexible, means to systematize descriptive empirical case studies of real-world contexts; it is primarily an explanatory approach, rather than a descriptive theory, and structures analysis of nested and networked policy instruments and management strategies (Reference Bennett and RaabBennett and Raab, 2006). Accurate empirical understanding is an essential basis for constructing and evaluating theory and for effective policy design. Privacy, understood as “appropriate” personal information flow, takes complex and variable forms that can only be understood by delving deeply into specific real-world situations. If general principles are to be gleaned from case studies of such various and heterogeneous situations, a systematic framework is needed. The IAD framework was applied successfully by Ostrom and collaborators to derive general “design principles” from case studies of natural resource commons (Reference OstromOstrom, 1990). The accumulation of case studies employing the IAD-derived GKC framework is at an earlier stage, but general insights and testable hypotheses have already started to emerge (Reference Frischmann, Madison and StrandburgFrischmann, Madison, and Strandburg, 2014; Reference Strandburg, Frischmann and MadisonStrandburg, Frischmann, and Madison, 2017). We anticipate that using the enhanced GKC framework proposed here to structure systematic case studies of how personal information flows are governed in various real-world contexts will lead to similar progress in our understanding of privacy.
This chapter aims to convince readers that the commons approach to information privacy has a good chance of producing new and useful insights. We thus supplement our conceptual discussion of the approach with a demonstration study in which we identify and analyze privacy issues that were implicit in previously studied knowledge commons cases. Those studies have produced insights into a variety of aspects of knowledge production within communities, ranging from the various social dilemmas communities may face when seeking to achieve their objectives to the institutional governance choices they rely on to overcome those dilemmas. A previous analysis of knowledge-sharing regimes elucidated differences along four distinct community designs: centralized, intermediate distributed, fully distributed, and noncommons (Reference Contreras and ReichmanContreras and Reichman, 2015). Similarly, our meta-analysis, focusing on personal information sharing, uncovered three distinctive patterns of rules-in-use based on whether the governance was public driven, member driven, or imposed by leadership or a platform. This reanalysis of previous case studies is intended to be exemplary, rather than representative of the range of situations in which privacy debates arise, so it is likely that additional patterns will emerge from case studies undertaken with privacy in mind. Nevertheless, the meta-analysis presented here uncovers interesting empirical patterns and raises issues that are worthy of further exploration; in particular, the knowledge commons perspective highlights the interdependence between knowledge flows aimed at creative production and personal information flows. It also demonstrates that a contextualized understanding of privacy requires a broad conception of “personal information” that extends well beyond information that is ordinarily deemed “sensitive.” For example, inappropriate flows of information such as an individual’s views, opinions, or ideas can stifle socially valuable information sharing or have other undesirable effects.
This meta-analysis demonstrates that those who systematically study knowledge commons governance with an eye toward knowledge production routinely encounter privacy concerns and values, along with rules-in-use that govern appropriate personal information flow. In the same way, we anticipate that many, if not most, communities within which privacy is a hotly contested issue are also dealing with corresponding questions about knowledge production, sharing, curation, and use – or more generally, knowledge governance. In sum, while this chapter does not attempt a new conceptualization of privacy per se, it contends that institutional analysis can be an important conceptual and empirical aid to privacy research and that understanding privacy as governance of personal information flows can illuminate otherwise underappreciated facets of knowledge commons arrangements.
1.2 Theoretical Background
In order to explore the utility of integrating the GKC framework (1.2.1) with Nissenbaum’s Contextual Integrity framework (1.2.2), it is first necessary to understand and compare them, and to identify points of synergy and possibilities for augmentation (1.2.3), including research questions to be explored in further developing the GKC framework.
1.2.1 The GKC Framework
Commons governance of natural resources is often explored through Ostrom’s IAD framework. Commons, as used in the literature upon which we build here, refers to community management or governance of resources. “The basic characteristic that distinguishes commons from non-commons is institutionalized sharing of resources among members of a community” (Reference Madison, Frischmann and StrandburgMadison, Frischmann, and Strandburg, 2009, p. 841). Commons governance can take many forms and need not involve the kind of complete openness often associated with discussions of “the commons” or “the public domain” in the legal literature, nor should it be conflated with the type of resources that are managed.
Ostrom’s work initially emphasized the appropriateness of commons governance for “common pool resources,” meaning “a natural or man-made resource system that is sufficiently large as to make it costly (but not impossible) to exclude potential beneficiaries from obtaining benefits from its use” (Reference OstromOstrom, 2015, p. 4). In economic terms, common pool resources are rivalrous and nonexcludable and commons governance of such resources generally aims to address so-called tragedies of the commons, social dilemmas associated with overuse – congestion, depletion, and destruction. Commons governance is used by a wide variety of communities to manage many different types of resources, however, and responds to various obstacles to sustainable sharing and cooperation. Some of those obstacles derive from the nature of the resources and others derive from other factors, such as the nature of the community or external influences.When we refer to knowledge commons, we mean commons governance applied to knowledge resources, broadly defined, where:
Knowledge refers to a broad set of intellectual and cultural resources. … We emphasize that we cast a wide net and that we group information, science, knowledge, creative works, data, and so on together.
In this sense, knowledge resources may lie at any point along the data, information, knowledge, and wisdom hierarchy (Reference HenryHenry, 1974). Personal information, broadly defined, is one type of knowledge resource, which can produce value when it is shared and managed appropriately.
As recognized by Reference Ostrom and HessHess and Ostrom (2007) and confirmed by later GKC studies, “sharing of knowledge often is sustained by commons governance.” Indeed, case studies of knowledge commons have illustrated the use of commons governance to manage not only knowledge, which is a classic public good,Footnote 4 but also classic private goods, such as money, that must be shared to accomplish a community’s goals and objectives.
We anticipate that commons governance will often be applied to flows of personal information for related, but somewhat distinct reasons. If personal information can flow without constraint, the subjects of the information may either be disinclined to share it at all, opting for secrecy, or, if secrecy is not possible, may be unfairly harmed by the flow. Commons governance can provide for the beneficial and managed flow of personal information within a legitimate and trusted institutional structure, thus encouraging subjects to share it in a particular social setting and reducing the potential that harm will result from doing so.
The GKC framework (which is adapted for knowledge resources from Ostrom’s IAD framework) is represented in Figure 1.1.
Using the IAD framework, Ostrom and colleagues explored patterns of community interactions (Reference McGinnisMcGinnis, 2011). Action arenas serve as the core units of IAD and GKC analysis, functioning as policy analysis equivalent of social action and interaction settings (Reference Burns and FlamBurns and Flam, 1987 or Reference GoffmanGoffman’s frames, 1974). An action arena is simply a recurring type of situation in which community actors interact with one another. Interactions in an action arena produce outcomes, denoted here as patterns of interaction, which can then be evaluated according to some community or socially generated criteria. The figure depicts how effects flow between conceptual building blocks. Thus, resource characteristics, community attributes (including members and roles), and a set of governing “rules-in-use” are inputs to an action arena. Patterns of interactions accumulate, feeding back to create new action situations and influencing resource characteristics, community attributes, and rules-in-use. Knowledge resources are often produced and defined by the community. The knowledge outputs of some knowledge commons action arenas must themselves be managed by the community and may be inputs to further knowledge production. This feedback, between a community’s activity and its available knowledge resources, justifies community-level analysis, emphasizing questions related to group interactions and outcomes, rather than user-level analysis, emphasizing questions about individual experiences.
Focusing on action arenas facilitates examination of resource sharing in dynamic local contexts, as opposed to simply examining interactions in broad contexts (Reference OstromOstrom, 2005). The “action arena” concept is flexible and can be applied at a variety of levels of generality, depending upon the question of interest to the analyst. Analyzing an action arena is meaningful only if one can specify resource characteristics, community attributes, and rules-in-use that are “exogenous” or fixed over a number of action situations and if one can describe meaningful “patterns” in the outcomes of the interactions. If an action arena is too general, such a description will not be possible, while if an action arena is defined too specifically, meaningful patterns cannot emerge. Finally, note that the concept of an action arena can also apply to governance activities that determine rules to govern knowledge creation and flow or membership qualifications.
The IAD and GKC frameworks include a step in which “evaluative criteria” are applied but do not explicitly provide a yardstick for normative assessment. In the classic studies of natural resource commons, the normative goal is often implicitly assumed to be sustainable use of the resource by the community. Applications of the GKC framework to innovation and knowledge production have generally focused on whether the community is successful in terms of its internally defined goals and objectives, while recognizing that the goals of a knowledge commons community could, in principle, be out of step with, or adverse to, the values and objectives of society at large.
For purposes of analysis and empirical study, the high-level GKC framework shown in Figure 1.1 can be unpacked into a more detailed set of research questions, as shown in Table 1.1.
|Knowledge Commons Framework and Representative Research Questions|
|What is the background context (legal, cultural, etc.) of this particular commons?|
|What normative values are relevant for this community?|
|What is the “default” status of the resources involved in the commons (patented, copyrighted, open, or other)?|
|How does this community fit into a larger context? What relevant domains overlap in this context?|
|What resources are pooled and how are they created or obtained?|
|What are the characteristics of the resources? Are they rival or nonrival, tangible or intangible? Is there shared infrastructure?|
|What is personal information relative to resources in this action arena?|
|What technologies and skills are needed to create, obtain, maintain, and use the resources?|
|What are considered to be appropriate resource flows? How is appropriateness of resource use structured or protected?|
|Who are the community members and what are their roles?|
|What are the degree and nature of openness with respect to each type of community member and the general public?|
|Which noncommunity members are impacted?|
|What are the goals and objectives of the commons and its members, including obstacles or dilemmas to overcome?|
|Who determines goals and objectives?|
|What values are reflected in goals and objectives?|
|What are the history and narrative of the commons?|
|What is the value of knowledge production in this context?|
|What are the relevant action arenas and how do they relate to the goals and objective of the commons and the relationships among various types of participants and with the general public?|
|Are action arenas perceived to be legitimate?|
|What legal structures (e.g., intellectual property, subsidies, contract, licensing, tax, and antitrust) apply?|
|What are the governance mechanisms (e.g., membership rules, resource contribution or extraction standards and requirements, conflict resolution mechanisms, and sanctions for rule violation)?|
|What are the institutions and technological infrastructures that structure and govern decision-making?|
|What informal norms govern the commons?|
|What institutions are perceived to be legitimate or illegitimate? How are institutional illegitimacies addressed?|
|Who are the decision-makers and how are they selected? Are decision-makers perceived to be legitimate?|
|How do nonmembers interact with the commons? What institutions govern those interactions?|
|Are there impacted groups that have no say in governance?|
|Patterns and Outcomes|
|What benefits are delivered to members and to others (e.g., innovations and creative output, production, sharing, and dissemination to a broader audience, and social interactions that emerge from the commons)?|
|What costs and risks are associated with the commons, including any negative externalities?|
|Are outcomes perceived to be legitimate by members? By decision-makers? By impacted outsiders?|
1.2.2 Nissenbaum’s Contextual Integrity Framework
Commonalities between Nissenbaum’s contextual integrity framework (Reference Nissenbaum2009) and the GKC framework are immediately apparent. Nissenbaum’s framework centers around “contexts,” which she defines as “structured social settings characterized by canonical activities, roles, relationships, power structures, norms or rules and internal values (goals, ends, purposes).” (Reference NissenbaumNissenbaum, 2009, p. 129) A context, in Nissenbaum’s framework, is a social setting in which people undertake “activities,” depending on their “roles,” subject to “norms (or rules)” (broadly defined), guided by “internal values (goals, ends, purposes).” This is in parallel to rule-in-use determination by community goals and objectives in an action arena.
For purposes of discussing privacy as contextual integrity, Nissenbaum focuses on “context-relative informational norms” characterized by four key parameters: contexts, actors, attributes (or information types), and transmission principles. In knowledge commons terms, one can imagine an action arena involving communication of personal information. Nissenbaum’s “attributes” are the resource characteristics of the knowledge commons framework; her “actors” are the community members who are the subjects, senders, or recipients of the information, and her “transmission principles” are the “rules-in-use” of the knowledge commons framework that specify what information resources can be shared with whom and on what terms. Note that Nissenbaum’s framework, like the GKC framework, does not depend on defining any particular type of information as innately “private” or “sensitive.” Indeed, the impossibility of such global characterization of information is one of the insights of her theory. “Personal” information is simply information about or connected to an individual and the issue of contextual integrity is simply whether the information flows according to a transmission principle that is appropriate for the context.
Having set out the parameters of the descriptive framework, Nissenbaum constructs a three-step process for normatively evaluating new information practices. First, determine whether the information practice appears to violate the entrenched informational norms of its context and identify the norm that is violated. If there is such a violation, the practice should be deemed in prima facie violation of contextual integrity. Second, consider whether the new practice has problematic ramifications for high-level moral and political values, such as autonomy and freedom. Third, consider whether the new practice aligns with the values and goals of the particular context in which it occurs. If it does, the practice might signify that the entrenched contextual norms themselves are no longer appropriate and should evolve. Such a conclusion would rebut the prima facie determination that the new practice violates contextual integrity (Reference NissenbaumNissenbaum, 2009).
Nissenbaum describes three ways in which the contextual integrity framework could be employed in confronting privacy controversies. First, the framework has explanatory power, in that it identifies why a new information practice produces resistance or discomfort. She argues that simply understanding what is going on in a particular instance may affect the debate. Second, she argues that contextual integrity provides a framework for evaluating a changing information practice. Finally, an information practice that violates an entrenched informational norm in a way that has problematic ramifications for high-level moral and political values should be redesigned or abandoned. The framework focuses debate on real disagreements about the values at stake.
1.2.3 Some Comparative Notes
While there are many commonalities between the GKC framework and the contextual integrity framework, there also are some interesting differences that we believe point the way to fruitful application of the knowledge commons perspective to privacy.
The most important difference between the two constructs for present purposes is that Nissenbaum’s framework envisions actors as individual participants in a broadly defined social context, such as education, healthcare, or the commercial market. In contrast, the GKC framework envisions actors as members of a “community” involved in producing or managing a set of resources, with the broader context ordinarily accounted for as part of the “background environment,” as with the nested contexts navigated by privacy advocates (Reference BennettBennett, 2010) or subject to polycentric governance (Reference Dietz, Ostrom and SternDeitz, Ostrom, and Stern, 2003; Reference OstromOstrom, 1990, Reference Ostrom2005). This distinction is by no means categorical; depending on the resources in question, one can imagine applying a commons-based analysis to a large “community” consisting, for example, of healthcare professionals or teachers. One might also imagine applying the contextual integrity framework to a local community.
The difference in perspective between the frameworks does lead the analysis in somewhat different directions, however. Most significantly, the knowledge commons perception of actors as members of a community, rather than as individuals situated in a broad, exogenously defined context, shifts the focus from questions of consistency with externally defined norms and rules to questions of community governance, involving not only what background norms and rules are in force in a given action arena but also how – and by whom – those rules are determined. The GKC framework inquires into how the rules-in-use of a particular community are co-determined by the background environment, including rules and norms determined at higher contextual and societal levels. Emphasis on governance adds a layer to empirical analysis that will be quite useful in analyzing privacy issues.
Comparing and combining insights from the Contextual Integrity and GKC frameworks may also shed light on the normative analysis of personal information flows. The GKC framework has focused primarily on community goals and objectives, while the normative phase of Nissenbaum’s contextual integrity analysis has emphasized values from higher-level social contexts or foundational ethical and moral principles. Focusing on governance thus raises key questions: Who should be in charge of deciding appropriateness of information flows? How is appropriateness evaluated? How is the legitimacy of privacy as knowledge commons governance contested and reinforced? As with substantive appropriateness, procedural legitimacy is contextual (Reference Pinkerton and JohnPinkerton and John, 2008; Reference Suzor and Woodford.Suzor and Woodford, 2013). Legitimacy, as consensus about social good or appropriateness as reached through participatory decision-making of all potentially impacted (Reference HabermasHabermas, 1996), raises governance issues that may be addressed through commons institutions.
The GKC emphasis on community governance as a co-determinant of rules-in-use thus brings the tool of procedural legitimacy into play in assessing whether the transmission principles for personal information are normatively “appropriate.” The question becomes not only whether the rules affecting the flow of personal information are substantively appropriate for a given specific context but also whether the rules have been adopted through a governance process that imparts legitimacy to the, sometimes unequal, ways they affect particular individuals or groups. Procedural legitimacy is at issue in three distinct ways. First, one may consider whether the commons governance structure constructs rules-in-use via procedures (whether formal or informal) that are perceived as legitimate by various types of community members. Previous GKC cases have focused primarily at this level of inquiry. Second, one may ask whether governance practices of a given community are legitimate in that they adequately account for the interests of impacted outsiders. The interests of outsiders may sometimes, but not always, be legitimately accounted for by exogenous rules or norms that constrain the development of rules-in-use. Third, and finally, one might ask whether the exogenous rules and norms to which a community is subject are adequately responsive to member interests. In principle, all three of these questions are important to the normative evaluation of any knowledge commons. However, questions of legitimacy promise to be of particular importance in analyzing privacy issues, because rules-in-use governing flows of personal information may often pay inadequate attention to the interests of the subjects of the information, who may or may not be participants.
By drawing attention to procedural legitimacy, the knowledge commons framework may be particularly helpful in confronting challenges faced by the contextual integrity framework by assessing the appropriateness of transmission principles for personal information flows in real-world nested or overlapping social contexts, as identified throughout the literature (Reference BennettBennett, 2010), or unresolved substantive ethical disagreements. Indeed, focusing on governance may provide the only practical way forward for normative evaluation and policymaking when information flows involve overlapping contexts with differing values or communities in which values are contested.
In addition, we believe that integration of these two perspectives also facilitates examination of the meaning of privacy in a more nuanced and multidimensional way. For example, while Solove has drawn attention to the ambiguity surrounding privacy as a concept (Reference SoloveSolove, 2002) and its diversity of meanings (Reference SoloveSolove, 2006), and Bennett has addressed the diversity of potential harms with respect to possible missuses and inappropriate flows of privacy (Reference BennettBennett, 2010; Reference Bennett and RaabBennett and Raab, 2006), our exploration of privacy as governance of knowledge production and flow in the cases discussed later highlights issues of appropriate information flow pertaining to information about individuals that might not traditionally have been deemed “personal” or “sensitive.”Footnote 5
Moreover, viewing privacy as governance of information flow highlights the sense in which privacy may pertain not only to individuals but also to communities. First, constructing boundaries, within which information can be controlled by community members, is often important in encouraging participation in knowledge sharing or for other community goals and objectives. Second, knowledge commons structures often constrain not only the flow of information about the identities of participants but also the sharing of ideas and opinions, which, while not traditionally considered to be “personal information,” may in fact be intensely personal. In such cases, privacy constraints on personal information flow enable knowledge production by encouraging trust. Third, what is personal differs from one situation to another, just as privacy harms and appropriateness of flows do. While some types of information, such as health or sexuality information, are often denoted “sensitive,” these types of information may be shared freely and appropriately in some situations, while transmission of less traditionally sensitive types of information may be appropriately constrained or barred in other situations. In this sense, an understanding of “personal information” need not be laid out in advance or once and for all. Instead, the “personal information” issue is reflected in a set of questions to raise in each case: In what context is particular information “personal”? What is personal in this particular context?
Analysis in the section “Conceptual Background” suggests that the GKC framework, modified as indicated in Figure 1.1, may be usefully applied to study privacy, understood as governance of personal information flow. The framework does not adopt a specific normative stance about the ends of personal information flow governance or how they should be prioritized. It begins by uncovering and understanding the contextualized goals and objectives reflected in the governance of personal information flows in each case, the ways in which they reflect the interests of various community members, and how they are instantiated in rules-in-use for information flow in light of the larger social environment. We believe that such empirical understanding of how personal information flow is governed in practice is valuable in and of itself. We also anticipate, as discussed earlier, that studies employing the GKC framework will provide a fruitful basis for identifying normative issues or conflicts and analyzing potential resolutions.
To validate our argument that privacy can be conceptualized as knowledge commons governance and evaluate the utility of the GKC framework in the study of privacy issues, we conduct meta-analysis of several existing information production case studies, drawing on the diverse set generated through previous analysis under the GKC or IAD framework. Here, these examples are systematically structured according to Reference YinYin’s (2013) guidelines for exploratory case-study design, in contrast to their initial analysis according to an explanatory design.Selection of cases was guided by the following criteria for inclusion: (1) previously analyzed as knowledge commons using the GKC or IAD framework and (2) involving personal information flows, broadly understood, in addition to impersonal shared knowledge. The final set of fourteen cases included:
A. Galaxy Zoo
B. Online Creation Communities
D. Local and indigenous knowledge systems (LINK) indigenous knowledge (IK) commons
E. The Rare Disease Clinical Research Network
F. The Oncofertility Consortium
G. Patient Innovation Project
H. The Sentinel Initiative
I. The Open Neuroscience Movement
J. Aviation Clubs
K. Nineteenth-century newspaper editors
M. Biomedical Data Commons
N. Genome Commons
Many of these cases were selected from edited volumes on governance of knowledge commons and medical commons (Reference Frischmann, Madison and StrandburgFrischmann, Madison, and Strandburg, 2014; Reference Strandburg, Frischmann and MadisonStrandburg, Frischmann, and Madison, 2017), though others were selected from the Ostrom Workshop’s Digital Library of the Commons. The units of analysis for this reanalysis include both individuals and collectives within the commons, as well as their information flows, so as to support a holistic design. Given the parallel frames through which these cases were evaluated, it is possible to understand how concepts of privacy, personal information flow, and appropriateness of information flows shaped knowledge practices in commons arrangements. However, it is important to note that reliance on previously published studies limits evidence to the observations made by the authors of those previous studies.
Sources of evidence considered include the original explanatory analysis of each case, which emphasized the framework and research questions summarized in Table 1.1. The principle of multiple sources of evidence was further satisfied by comparing multiple analyses of the same cases or other contextual sources, for all cases. This design, overall, supports evaluation of the flexibility of the framework through multiple examples, as well as analytic generalization for further development of the GKC framework and conceptualization of privacy as commons governance through pattern matching.
|Conditions||When, where, how aims apply|
|Or else (Consequences)||Sanction for noncompliance|
To analyze and compare the rules-in-use uncovered in existing case studies, we employed the institutional grammar, as developed by Reference Crawford and OstromCrawford and Ostrom (1995). As previously mentioned, the concept of “rules-in-use” in the IAD and GKC frameworks refers broadly to multiple levels of institutionalization. Rules-in-use can be divided into strategies, norms, and rules based on components, defined in Table 1.2.
To further explore commonalities and differences in the governance of personal information among these cases, we employ Reference SoloveDaniel Solove’s (2006) taxonomy of privacy values to code institutions and underlying values or priorities within cases. Solove identified four major dimensions of privacy concerns: information collection, information processing, information dissemination, and invasion. Table 1.3 lays out more specific concerns within these major categories.
|Privacy Dimension||Specific Concerns|
|Information dissemination||Breach of confidentiality|
1.4 Comparative Analysis of Case Studies
In order to reexamine knowledge commons cases as grounds for privacy as knowledge commons governance, it is necessary to seek ways in which evidence of commons governance of personal information flows and institutionalization of appropriateness in these flows will be elicited by the GKC framework. Section 1.4.1, “Governance of Privacy within Knowledge Commons,” provides brief synopses of the cases listed in Table 1.4 and discusses some of the governance patterns and features that were observed across cases. Section 1.4.2, “Patterns of Privacy Governance as Delineated by Institutional Origins,” employs more detailed representations of each case to explore three patterns of knowledge commons development observed in these cases. These patterns are associated with distinctive governance arrangements, community goals and objectives, and origins. Finally, Section 1.4.3, “Implications,” discusses meta-analysis implications and the proposed synthesis of frameworks.
1.4.1 Governance of Privacy within Knowledge Commons
The knowledge commons described in Table 1.4 prioritize privacy of personal information to some degree, despite the fact that privacy sometimes conflicts with other knowledge commons values, such as transparency in government, individual health benefits, and accountability. The guided meta-analysis focuses on those GKC framework questions associated with the identification and description of resources and those associated with patterns and outcomes. It also emphasizes questions about legitimacy, since appropriateness and sustainability in context are dependent on the legitimacy of commons institutions. This section provides examples of the ways in which these communities govern and manage personal information.
|Knowledge Commons||Case Synopsis||Privacy Concerns||Personal Information|
|Biomedical data commons govern large-scale collaborative repositories of sensitive clinical and scientific medical data||State stakeholder roles – including creators, funders, convenors, collaborators, endorsers, and consumers – are central to tensions surrounding appropriateness of knowledge flows within biomedical data commons. Given the sensitive nature of health information, including its personally identifiable nature, the potential for misuse, and breaches of patient expectations and privacy is high and contentious.||Clinical medical records; Research subject and Researcher personally identifiable information; Researcher activities and uses of resources|
|Indigenous knowledge commons pool, structure, preserve, and control access to threatened, local knowledge, in order to ensure persistence for future generations and conserve language and knowledge diversity||Access, dissemination, and use controls for indigenous knowledge (IK) are both important and contentious issues, given the sensitive nature of indigenous knowledge within traditional and context specific cultures. While IK may not be personal with respect to an individual, it is highly personal with respect to the community, making trust and legitimacy within IK commons imperative to appropriate preservation and control of knowledge resources, particularly given the involvement of community outsiders in providing and maintaining infrastructure for the commons.||Participant personal information; traditional knowledge associated with private community and spiritual practices|
|Biobanks||A collaborative commons established to aggregate biological data, including tissue samples, supporting large-scale biomedical research||Externalities of research collaborations relative to biomedical specimens center largely on harms to individuals who have provided data and samples, due to inappropriateness of information flows, including: privacy invasions, social stigma or discrimination, and anxiety.||Clinical medical records; Biological samples and test results; Research subject and Researcher personally identifiable information; Researcher activities and uses of resources|
|Genomic data as a common pool resource, rather than a public good, within large-scale, collaborative investigations and shared repositories||Given the intensely personal nature of genomic information being aggregated, exchanged, shared, and commercialized through a variety of projects and communities, there is disagreement about appropriate information flows and different commons have created different rules about permissible data flows. These range from full genome commons, with open access to all for any use, to much more restricted regimes. Privatization is a disruptive force in this community, at the expense of insights.||Genetic information associated with individuals and populations; Research subject and Researcher personally identifiable information; Researcher activities and uses of resources|
|Rare Disease Clinical Research Network||A network connecting patients of rare diseases to clinical researchers for treatment development||Given the sensitive nature of health information, a variety of concerns about privacy and appropriate information flow have arisen, including appropriate consent for release of patient contact information to researchers, control over release of data to third parties.||Clinical medical records; Research subject and Researcher personally identifiable information; Patient contact information; Researcher activities and uses of resources|
|Oncofertility Consortium||A collaborative interdisciplinary research network connecting scientists, practitioners, and patients around fertility issues for cancer patients and survivors||Governance issues in this case center on institutionally enforcing appropriate flows between practitioners and researchers, with strong boundaries guarding the collaborations, given the intensely personal nature of patient information.||Clinical medical records; Research subject and Researcher personally identifiable information; Researcher activities and uses of resources|
|Patient Innovation Project||A knowledge sharing community established among patients and their nonprofessional caregivers||This community emphasizes active knowledge production within patient support systems, pooling patient networks in an open online environment and, in some subcommunities, sharing data with pharmaceutical companies. Boundaries and enforcement of appropriateness of flows, for the benefit of patients, is critical to encouraging participation.||Research subject and Caregiver personally identifiable information; Participant activities and uses of resources; Relationship and interaction information between patients and pharmaceutical companies|
|Sentinel Initiative||This system supports active monitoring of food and drug safety and health information||This US Food and Drug Administration (FDA) initiative fosters collaborative aggregation by supporting the autonomy of contributors in determining appropriateness of their own data flows.||Clinical trial data; Participant and research subject personally identifiable information; Participant activities and uses of resources; Proprietary health and safety information|
|Galaxy Zoo||A data-intensive, peer-produced, global citizen-science project||A key contentious issue within this commons regarding privacy relates to appropriate use of the information, rather than to access to the information. The consensus is that the data is public, but noncommercial in nature.||Participant activities and uses of resources; Participant personally identifiable information|
|The Open Neuroscience Movement||Collaborative aggregation of clinical brain imaging data for neuroscience and neurological technology innovation||Privacy concerns, beyond patient privacy issues, are central to encouraging participation; without clear boundaries and enforcement of use constraints toward nonproprietary adaptations, contributions would be minimal and collaborators would not feel secure in the network.||Clinical medical records; Research subject and Researcher personally identifiable information; Patient contact information; Researcher activities and uses of resources|
|Peer production communities that exist to generate and share knowledge||A majority of OCCs support publicly visible exchanges between members of the commons, yet this institutionalized openness often affords privacy to members, given that participation is possible in anonymous and pseudonymous ways. Some OCCs provide control of information flows to subcommunities or individuals, as in Openesf and Flickr, respectively.||Participant activities and uses of resources; Participant and nonparticipant personally identifiable information; Relationships and interactions between participants; Images of participants and nonparticipants|
|Aviation Clubs||A community of practice emerged around early aviation enthusiasts and their efforts to make scientific progress, supported by extensive correspondence||Secrecy and inaccessibility, as barriers to information flow within the commons, presented a threat, in that “if the secret-holders were more successful than the commons participants, then the point of the commons would largely have evaporated.”a In this sense, appropriate information flow was uninhibited within the commons.||Participant activities and uses of resources; Participant and nonparticipant personally identifiable information; Relationships and interactions between participants|
|Nineteenth-Century US Newspaper Editors||Newsgathering as a collective, collaborative enterprise among journalists, editors, and news organizations||Contention and negotiation within these commons were visible, not only to members, but also to outsiders. Privacy in disagreements was minimal, given the cost-minimizing exchange practices of editors to dispute through their papers, rather than through private correspondence.||Participant and nonparticipant personally identifiable information; Relationships and interactions between participants; Participant decisions and opinions|
|Congress||Openness – in terms of membership, access to members, and access to knowledge – presents some of the most significant information flow issues associated with Congress as a lawmaking commons. Issues of secrecy, transparency, and control over information flows informing lawmaking, as well as about lawmakers, including relative to conflicts of interest, are important to understanding how Congress operates.||Participant and nonparticipant personally identifiable information; Relationships and interactions between participants; Participant decisions and opinions|
18.104.22.168 Limiting Participation
One way for a community to manage personal information flows is to limit participation. Specific governance mechanisms for limiting participation, including membership rules, resource contribution standards and requirements, and sanctions for rule violation, vary across these cases. Diverse membership rules apply. Some communities, such as Online Creation Communities (OCCs), are open to any anonymous user who wants to contribute, while others have caveats about participant identifiability or exclude antisocial or disruptive users, such as trolls. In contrast, distinct participation thresholds, such as disease or public funding recipient status, manage flows of personal information in some communities. Interests and expertise delineate boundaries in many research and innovation commons, ranging from biomedical to early aviation, whereas status delineates membership, formally and informally, in other cases. Diverse governance mechanisms pertaining to who participates are usually implemented through clear rules that are transparent to both insiders and outsiders. Congress is an exception to this observation. There, ambiguity, perpetuated by norms and strategies, is used to allow members to develop knowledge with the help of experts and advocates who are known within Congress and invisible or anonymous to those outside; this relates to privacy associated with decisional interference, a form of invasion in Solove’s taxonomy.
Constraints on personal information flow to or use by outsiders also protect the value of knowledge resources for intended beneficiaries, whether community members or the general public. Many of these knowledge commons prohibit the commercial use of personal information shared within the commons because such secondary uses outside the knowledge or consent of original data subjects are of concern to participants. For example, strict sanctions are imposed against commercialization of genomic information, given the significant public investment and its representative nature of humanity at large, and of traditional knowledge, given both the associations with intellectual property and the religious connotations of cultural heritage in that context. In both cases, personal information is contributed for aggregation and public uses but not for appropriation. These concerns are distinct from those motivating prohibitions of secondary commercial uses of Wikipedia or Galaxy Zoo knowledge products, which reflect participants’ intentions to produce public resources.
The rules-in-use and technological infrastructures that structure and govern interactions can be categorized according to the institutional grammar described in Table 1.1 and compared across cases. In many cases, informal sharing and subversion strategies allow individuals and subgroups to ensure their practices are consistent with their values, even when overarching norms and rules conflict with their preferences. Formal strategies are also observed, in which communities innovate in their knowledge production and privacy practices, prior to normalization. The Patient Innovation Project provides examples of each, in that courses of action for collaboration with medical researchers are specified, but there are no modal operators or pressure for actions. There are also subgroups within the Patient Innovation community that adopt informal strategies, such as sharing information with pharmaceutical companies and sacrificing privacy protections provided by overarching institutions, in pursuit of more rapid innovation.
Norms, more often than strategies, are shared within and across cases. Formal norms concerning anonymity are observed across many cases in which there is open crowdsourcing, made explicit by written, but unenforced, policies and platform designs that reinforce the protection of contributor identities. Informal norms regarding personal information also are observed, such as the norms of publishing debates that impact the public in the case of nineteenth-century newspaper editors or keeping debates private so as to garner more useful input from critical contributors observed in the studies of Congress and the Sentinel Initiative.
More structured rules for personal information management also may be either formal or informal. For example, endogenous rules against commercialization of personal information varied in their features. Some case studies observed formal rules with top-down imposed penalties, often excluding violators from future participation and enforcing cease and desist orders (e.g., Wikipedia and some genome commons), while others featured informal rules, in which anticommercialization rules were enforced by social exclusion (e.g., Galaxy Zoo and some genome commons). Within the Galaxy Zoo, the Astrophysical Research Consortium (ARC) formally maintains the right to allow some commercial uses, but contributors are extremely opposed to such uses, leading to divergence between the formal rule on the books and rules-in-use enforced among participants.
Exogenous rules also shape many of the cases. For example, the Health Insurance Portability and Accountability Act (HIPAA) forces a degree of de-identification in aggregated health data sets and strictly constrains sensitive health information flows, applicable to biobanks, the Open Neuroscience Movement, genome commons, and the Oncofertility Consortium. The Patient Innovation Project, by contrast, is by design not subject to these rules, because its information flows are managed by patients and their nonprofessional caregivers, who may disclose at will. Other legal structures (e.g., intellectual property, subsidies, contract, licensing, tax, antitrust) also impose exogenous rules in some cases.
Commons governance of personal information flows is highly situation specific based on a range of institutional components: from endogenous values and strategies, norms, and rules to exogenous rules and other multivalent, sometimes competing, exogenous sociocultural constraints.
1.4.2 Patterns of Privacy Governance as Delineated by Institutional Origins
Despite the diversity of institutional arrangements, we observe three primary patternsFootnote 6 in the relationship between the origins of institutions and the rules-in-use that emerge (1) public-driven patterns (section “Pattern 1: Public-Driven Commons,” cases A and B), (2) member-driven patterns (section “Pattern 2: Member-Driven Commons,” cases C–L), and (3) imposed patterns, from leadership or platforms (section “Pattern 3: Imposed Commons,” cases M–N). OCCs and the Galaxy Zoo primarily exemplify Pattern 1, while aviation innovation groups, the Patient Innovation Project, and the US Food and Drug Administration’s (FDA) Sentinel Initiative, which all emphasize member autonomy, predominantly exemplify Pattern 2; both patterns reflect a local, endogenous structure. Genome Commons are structured by various institutions that exemplify Pattern 3, which is primarily about exogenous constraint.
These patterns fundamentally reflect and influence community goals as well as the types of participants and relationships with the public. Community goals in these cases broadly pertain to the development of information resources. Governance mechanisms and rules-in-use are constructed to achieve those objectives, promoting both compliance and participatory buy-in. Institutional designs that effectively support these objectives are not necessarily domain specific but rather reflect the specific combinations of actors, resources, and goals of each knowledge commons, as situated in its broader environment. The patterns of rules-in-use we observe are associated with how open each community is to the public, with the nature of community contributions, as well as with governance design. It is important to note that while we identify three specific patterns in these cases, other patterns may better describe the origins of rules-in-use in other cases. Moreover, multiple patterns are sometimes observed in a single case. The Galaxy Zoo, for example, while generally public in nature, is not always so; some action arenas, including decision-making arenas, are members-only for instrumental reasons. As a result, Galaxy Zoo has developed and arranged rules-in-use that are more typical of other patterns. This overlap of patterns should not be surprising. When we abstract patterns from empirical observations, we necessarily reduce the complexities of reality, removing meaning. One benefit of IAD-based approaches, including the GKC framework, is in allowing overlap and recognizing the polycentric nature of reality (Reference McGinnisMcGinnis, 2011).
22.214.171.124 Pattern 1: Public-Driven Commons
Some communities employ commons governance of information flows to ensure appropriateness, and by extension privacy, within open environments, which welcome public participation and public consumption of knowledge products. Among the cases we study, various OCCs, as well as citizen science projects, such as the Galaxy Zoo, facilitate the solicitation and management of participation from a large and diverse group of members of the public using online platforms.
A. Galaxy Zoo
The Galaxy Zoo project, organized by the ARC, fundamentally opens scholarly processes to the public, establishing commons with open borders for participation and open dissemination of data within a crowdsourced classification project pertaining to astronomy (Reference Madison, Frischmann, Madison and StrandburgMadison, 2014). Issues of privacy, as well as profit, are central to rules-in-use for sharing and use of data within this case (Reference Madison, Frischmann, Madison and StrandburgMadison, 2014; Reference Raddick, Georgia, Gay, Lintott, Cardamone, Murray, Schawinski, Szalay and VandenbergRaddick et al., 2017). Participant actions, knowledge contributions, and interactions are captured by the platform. Moreover, participants are personally identified and credited with their contributions to the project. Thus, they are encouraged to share “the name you’d like to be known by (not necessarily your username)” so as to be credited for their work by scholars using the knowledge resources. In addition, individuals may disclose personal information to other participants when posting to the project’s online forum. While there is no requirement that all scholarly publications based on knowledge produced by this community be made publicly available on the ARC archive, those publications that are contributed to the archive are not to be used for commercial publication or commercial purposes. ARC formally maintains the right to grant exceptions to this constraint (Reference Madison, Frischmann, Madison and StrandburgMadison, 2014), but the possibility of such exceptions runs contrary to motivations for participation by the public (Reference Raddick, Georgia, Gay, Lintott, Cardamone, Murray, Schawinski, Szalay and VandenbergRaddick et al., 2017). Exceptions, such as those made for commercial educational materials, thereby threaten the stability of the commons. Violations of community expectations reduce knowledge production, and thus future information flows; appropriateness is key to the viability of the commons.
B. Online Creation Communities
Various, diverse OCCs that produce public resources such as Wikipedia, Flickr, wikiHow, and Openesf employ similar forms of commons governance, in which distributed, autonomous participants generate knowledge resources, but strong expectations around appropriateness of information flows exist (Reference Fuster MorellFuster Morell, 2010). For example, Wikipedia is not to be used for commercial purposes (Reference Fuster MorellFuster Morell, 2011) but is open to any and all to consume; transparency with regard to contributions leads many participants to conceal their offline identities, but many nonetheless reveal personal information as a means of establishing expertise or credibility in order to influence knowledge construction (Reference Hara and SanfilippoHara and Sanfilippo, 2016). In contrast, Openesf has more variability in public access to specific projects, but personally identifiable information about contributors is more publicly available (Reference Fuster Morell, Frischmann, Madison and StrandburgFuster Morell, 2014). Participation roles are adaptive to the community and fit specific niches in knowledge creation (Reference Hara and DoneyHara and Doney, 2015; Reference Fuster MorellFuster Morell, 2010).
While these platforms impose exogenous rules and technological infrastructure to structure interactions between participants, participant influence on rules-in-use is apparent. Table 1.5 presents institutional patterns emerging from Pattern 1, including grassroots strategies, norms, and rules about information flows and exogenously imposed enforceable rules. Pattern 1 is identifiable as the emergence of institutions over time based on unbounded participations.
|Institution Type Concern||Strategies||Norms||Rules|
|Participation||Participation should be anonymous in crowd-sourced commons (e.g., Online Creation Communities (OCCs) and the Galaxy Zoo)|
|Information Resources||Users that see value become knowledge contributors (e.g., aviators, OCCs, and the Galaxy Zoo)||Contributions are valuable when justified with references, expertise, or experience (e.g., OCCs)||Resources may only be contributed when participants’ have rights to share the information or else participants’ will be removed (e.g., OCCs and the Galaxy Zoo)|
|Appropriate Flows||Knowledge products may only be shared beyond the community for non-commercial purposes (e.g., the Galaxy Zoo and Genome Commons)|
|Decision-Making||Personal disclosures to establish credibility or expertise (e.g., OCCs and the Patient Innovation Project)||Subcommunity decisions are democratic (e.g., the Patient Innovation Project and OCCs)||Decisions are made by those who provide the commons platform (e.g., the Galaxy Zoo, nineteenth-century newspaper editors, and Biobanks)|
Certain varieties of rules-in-use are often observed across this diverse set of public-driven knowledge commons, whether they are engaged in developing knowledge across broad (e.g., Wikipedia) or specific (e.g., the Galaxy Zoo) topics, and whatever those topics might be. Governance of appropriate uses of knowledge products and documentation surrounding the production process, which includes personal metadata, is primarily structured through strategies and norms, given the social challenges of enforcing rules. Public-driven cases also tend to be strongly influenced by exogenous rules about intellectual property rights relative to knowledge resources.
Commons governance of personal information flows within these publicly oriented communities emphasizes privacy values related to dissemination of personal information, in the sense of Solove’s privacy taxonomy (Reference Solove2006). While these knowledge commons focus on public knowledge, as opposed to traditionally personal information, governance structures aim to ensure appropriate flows (or to prevent flows) related to five of the seven subdimensions of dissemination identified by Solove: disclosure, exposure, accessibility, appropriation, and distortion. These dissemination-related values are manifest in information disclosure strategies among participants, as well as in a variety of norms shared across cases, including norms about anonymous contributions.
Other categories of privacy concerns reflected in the governance of these communities include information collection and information processing. Concerns about secondary use, a form of information processing, were reflected in widespread noncommercialization norms. The Galaxy Zoo participants were also concerned about (re)identification of individuals from data included in their comments and discussions, and with association of participation information with true identities from contribution lists, perhaps in part due to the community’s expertise in identifying meaning from large data sets.
Within these public-driven commons, work-arounds are sometimes used by individual participants or subgroups to avoid overarching imposed rules-in-use. Work-arounds reflect the diversity of actors’ and contributors’ values and preferences in these public-driven commons. They emerge when the overarching rules are hard to enforce and when the benefits of violation to a specific individual or subgroup outweigh potential penalties. For example, in many crowd-sourced commons, including OCCs and the Galaxy Zoo, some actors leverage personal information for personal (though noncommercial) gain, despite overarching community constraints on flow and norms about identifiability. Wikipedia contributors, whose personal information is ordinarily masked for their own protection in the fully transparent logs of Wikipedia contributions and debates, sometimes nonetheless leverage their personal information to validate their expertise and credibility in seeking acceptance of their contributions.
126.96.36.199 Pattern 2: Member-Driven Commons
Pattern 2 institutional arrangements are shaped largely by the normative values of their members; this pattern is defined as emergence from democratic processes among bounded participants. Cases in which we observed Pattern 2 included aviation clubs, LINK IK commons, nineteenth-century newspaper editors, Congress, biobanks, the Rare Disease Clinical Research Network, the Oncofertility Consortium, and the Open Neuroscience Movement.
Biobanks are established through collaboration among researchers in order to mutually benefit from access to data produced through analysis of tissue samples and medical tests and specimens (Reference Boggio, Strandburg, Frischmann and MadisonBoggio, 2017). Collaboration is extremely valuable, given that samples are rivalrous, while the associated knowledge may be easily shared. Thus, biobanks seek to maximize available data and minimize costs to researchers (Reference Boggio, Strandburg, Frischmann and MadisonBoggio, 2017; Reference Roden, Pulley, Basford, Bernard, Clayton, Balser and MasysRoden et al., 2008). However, there is a trade-off between privacy of data subjects and sharing of data and samples among researchers, since the possibility of inappropriate flows of tissue-related information can raise concerns about discrimination and stigma, and produce anxiety about breach of trust and consent. Biobanks have sought to deal with this trade-off by enhancing the security of repositories, controlling access, and de-identifying data prior to sharing (Reference Boggio, Strandburg, Frischmann and MadisonBoggio, 2017). In this sense, there are strict boundaries surrounding participation in the commons and access to or use of the resources within. Additionally, frameworks have been developed for informed consent at the point of collection, so that subjects and patients fully understand and can control future uses of data related to their biological and medical characteristics (Reference Hansson, Dillner, Bartram, Carlson and HelgessonHansson et al., 2006; UK Biobank, 2017).
D. Link Indigenous Knowledge Commons
Indigenous Knowledge (IK) commons, such as United Nations Educational, Scientific and Cultural Organization’s (UNESCO) Local and indigenous knowledge systems (LINKS), are established within and between indigenous communities, often in collaboration with librarians and information professionals with access to knowledge infrastructure, in order to protect and document IK (Reference JoransonJoranson, 2008). Collaborations are critical to best utilize infrastructural technologies, given the danger of extinction of IK, coupled with threats of piracy. Control over knowledge is central to the identity and persistence of many native cultures (Reference BrownBrown, 2009). Given the incongruence between Western knowledge structures and many forms of IK (Reference JoransonJoranson, 2008), concerns about misappropriation and misinterpretation pose serious risks to trust and legitimacy within IK commons. While IK knowledge resources may not pertain to a single individual, they often are highly personal to the community and thus commons arrangements, such as LINKS, must adhere to the preferences of indigenous communities about appropriateness of information flows if there is to be continued cooperation in the knowledge archiving processes.
E. Rare Disease Clinical Research Network
Various Pattern 2 knowledge commons exist within the domain of medical research and practice, including for patients with specific conditions (Reference Strandburg, Frischmann, Cui, Frischmann, Madison and StrandburgStrandburg, Frischmann, and Cui, 2014; Reference West and Ross CamidgeWest and Camidge, 2012). To generate participation in clinical studies for rare diseases, commons are constructed in which privacy safeguards for participants’ personal information are strong but sharing with researchers is open. Despite the openness and unrestricted nature of information flows within the community, boundaries excluding and controlling information flows to outsiders are maintained, particularly with respect to for-profit (Reference Strandburg, Frischmann, Cui, Frischmann, Madison and StrandburgStrandburg, Frischmann, and Cui, 2014). Sustaining commons involving medical information is possible only with strong institutions. Buy-in from patients who provide data for research and development of treatments is crucial and is afforded by governance regimes perceived to be legitimate (Reference Webber and KremerWebber and Kremer, 2001). Perceptions of legitimacy are increased by informed consent provisions, participation of patient advocacy groups in research governance, and strong safeguards for patient privacy in such commons regimes (Reference Strandburg, Frischmann, Cui, Frischmann, Madison and StrandburgStrandburg, Frischmann, and Cui, 2014). It is also notable that participation in clinical research is more consistent in instances in which patients benefit from the support of others like them, in addition to treatment (Reference Frost and MassagliFrost and Mssagli, 2008).
F. Oncofertility Consortium
Efforts by the National Institutes of Health (NIH) to establish interdisciplinary research consortia led to the development of the Oncofertility Consortium, which includes diverse stakeholders, such as “reproductive endocrinologists, oncologists, molecular biologists, biological engineers and cryobiologists” (Reference Pedraza-Fariña, Strandburg, Frischmann and MadisonPedraza-Fariña, 2017). Within this consortium, a serious health and research priority – fertility in cancer patients and survivors – is addressed through collaboration between scientists, practitioners, and patients (Reference Gorman, Roberts, Dominick, Malcarne, Dietz and Irene SuGorman et al., 2014; Reference WoodruffWoodruff, 2010). Commons governance of appropriate information flows within this community of practice is critical not only to support buy-in for social knowledge construction and innovation but also to protect patient data as a resource for the consortium. In other words, strong institutions governing participation, access, and use are important to encourage participation and develop knowledge for the benefit of patients. In this case, questions of appropriate data stewardship center on managing knowledge sharing across institutional and disciplinary boundaries. Though the patient data used in this research would need to be managed carefully within any research project (Reference Pedraza-Fariña, Strandburg, Frischmann and MadisonPedraza-Fariña, 2017), governance of this interdisciplinary community focuses on facilitating sharing at points of intersection between diverse commons participants and enforcing use restrictions and managing commons boundaries to mitigate potential privacy harms.
G. Patient Innovation Project
Collaborative sharing and knowledge production among patients and nonprofessional caregivers through the Patient Innovation online platform represents an inverse medical commons arrangement in which researchers and medical professionals essentially become passive consumers, while patients and their personal support systems become active knowledge producers (Reference Oliveira, Zejnilović, Helena, Strandburg, Frischmann and MadisonOliveira, Zejnilović, and Canhão, 2017). Participation is generally open, as with communities in Pattern 1, yet members sometimes choose to share information in ways that are contrary to general public norms regarding personal health information flows, thereby driving governance, as with communities in Pattern 2. This case is somewhat unique, among biomedical cases, in that the participants are not constrained by professional codes of ethics in handling personal information, though the platform imposes some features of medical ethics in its rules regarding the types of materials that can be posted and by employing physician moderators. Innovation within the Patient Innovation commons is dependent on sharing and disclosure; without openness in the community, there is no value; yet boundaries are necessary to encourage participation (Reference Zejnilović, Oliveira, Helena, Albach, Meffert, Pinkwart, Reichwald and von EiffZejnilović, Oliveira, and Canhão, 2016). Some subcommunities of patients even establish linkages with pharmaceutical companies, outside the scope of the Patient Innovation Project, to capitalize upon their data sharing (Reference Oliveira, Zejnilović, Helena, Strandburg, Frischmann and MadisonOliveira, Zejnilović, and Canhão, 2017). These subcommunities thus recharacterize appropriate personal information flow to include some commercial uses (Reference Von Hippel, Hall and Rosenbergvon Hippel, 2010). In this sense, rules-in-use for personal information flow are not governed solely at the platform level within the Patient Innovation Project but rather are significantly driven by member subcommunities.
H. The Sentinel InitiativeAggregated food and drug safety and health information, as amassed by the FDA, is stored within the Sentinel system in order to support active monitoring (Reference Abbott, Strandburg, Frischmann and MadisonAbbott, 2017). The initiative requires data collector cooperation and represents a complex commons design in which exogenous rules and the disproportionate power of the FDA dominate decision-making, yet governance institutions have been designed to mitigate that dominance (Reference Robb, Racoosin, Sherman, Gross, Ball, Reichman, Midthun and WoodcockRobb et al., 2012). For example:
the Sentinel team engaged in an extensive and successful campaign to engage data holders by giving them the opportunity to participate in Sentinel’s creation. The end result was that Sentinel was structured as a primarily distributed model, meaning that data holders almost entirely maintain control over their own data and only share aggregated results with FDA.
In this sense, each stakeholder contributing knowledge resources to this commons governance system is autonomous and is able to collaborate with the FDA to determine what an appropriate information flow is for its data (Reference Abbott, Strandburg, Frischmann and MadisonAbbott, 2017). Differential treatment of data is important, given the diversity of data and constraints, ranging from HIPAA restrictions on patient data to stakeholder concerns about sharing preliminary proprietary data in competitive medical innovation environments (Reference Abbott, Strandburg, Frischmann and MadisonAbbott, 2017; Reference Robb, Racoosin, Sherman, Gross, Ball, Reichman, Midthun and WoodcockRobb et al., 2012).
I. The Open Neuroscience Movement
Within the emerging neuroscience data commons, the Open Neuroscience Movement represents a commons arrangement that aggregates clinical data and brain scans for meta-analysis across studies and uses big data analytics to analyze the aggregated data so as to improve imaging technologies (Reference Larson, Chon, Strandburg, Frischmann and MadisonLarson and Chon, 2017). The diverse origins of the aggregated knowledge resources reflect different information practices, for example: “Data should be made as widely and freely available as possible while safeguarding the privacy of participants, and protecting confidential and proprietary data” (NIH, 2003). Privacy issues within this context range from subject privacy, including concerns about reidentifiability, to competitive advantages associated with proprietary data, to researcher willingness to participate at all, given that early publicity and dissemination of research results can lead to misinterpretation (Reference Choudhury, Fishman, McGowan and JuengstChoudhury et al., 2014; Reference Larson, Chon, Strandburg, Frischmann and MadisonLarson and Chon, 2017).
Early aviation and invention in airplane design depended on “the use of the common expertise and designs” of community members (Reference Meyer, Frischmann, Madison and StrandburgMeyer, 2014, p.350), with the community consistently seeking to expand and constantly threatened by secrecy and inaccessibility of knowledge needed for progress. Aerial navigation enthusiasts were eager to benefit from shared expertise and the innovations of others. There were persistent incentives to defect and keep one’s innovations secret. Individuals could gain comparative advantage by keeping their successes to themselves (Reference Meyer, Frischmann, Madison and StrandburgMeyer, 2014), yet were unlikely to make enough progress on their own to want to isolate themselves from the commons entirely (Reference Allen and PottsAllen and Potts, 2016). The community developed strong institutions, in the form of rules, to address these dilemmas. Those rules-in-use structured interactions and communication patterns within the community and maintained open boundaries, while supporting rigorous initiation into community-sharing practices for new members. Such commons-based sharing arrangements have been recognized as important to success in innovation prior to commercialization (Reference VermeulenVermeulen and Guffarth, 2017).
K. Nineteenth-Century Newspaper Editors
Knowledge commons surrounding news and journalistic practice emerged among nineteenth-century newspaper editors in a way that hinged on a set of norms of sharing certain disagreements and controversies through the practice of public dispute in the pages of newspapers, rather than confining conflict to private communication. Clear commons boundaries existed in terms of contribution, yet knowledge sharing and debates regarding sourcing, appropriation, and misappropriation were pervasively public, as editors revealed personal stances and private conflict through published open letters, rather than private correspondence or secrecy. Norms of interaction were shaped largely by exogenous rules, including the omission of news reporting from the coverage of then-current copyright law, the existence of significant postal subsidies to the distribution of newspapers and the implications of then-existent communications technology (Reference Murray, Frischmann, Madison and StrandburgMurray, 2014). Over time, information flows change dramatically, particularly due to the introduction of the telegraph, which decreased the cost and increased the speed of private communications, relative to distribution through publication in newspapers. These historical developments resulted in dramatic changes to historical practices of social interaction among journalists (Reference SchudsonSchudson, 1981).
The US Congress has also been characterized as representing knowledge commons governance, in order to systematically evaluate knowledge production surrounding the legislative process (Reference Daniels, Frischmann, Madison and StrandburgDaniels, 2014). The extent to which there is openness with respect to the influence and contributions of congressional staff, lobbyists, and advocates is an important determinant of the public’s access to information about the drivers of legislative cycles (Reference SchicklerSchickler, 2001). The rules-in-use governing knowledge flows within the Congressional “commons” and between Congress and the public reflect an interesting and contentious design for balancing trade-offs between privacy and transparency in public politics and policy (Reference FoxFox, 2010). Different stakeholders have different views about what constitutes appropriate information flows. Despite frequent demands for greater transparency, those with the power to impact governance of this specific knowledge commons have great vested interest in constraining the flows of information about communications among lawmakers and between lawmakers and others seeking to influence and inform them. The result is commons governance with strict filtering of information flows, despite strong public claims to transparency (Reference Daniels, Frischmann, Madison and StrandburgDaniels, 2014).
Despite diverse domains and differing degrees of exogenous influence, we observe similar processes relating to participation in knowledge construction and decision-making in these Pattern 2 communities, spanning all four categories of Solove’s taxonomy (Reference Solove2006): information collection, information processing, information dissemination, and invasion. Commonalities are discernable through the GKC framework’s parallel structure for analysis even though there are significant differences in the range of empirical contexts and mediums of interaction, including the online and offline divides between cases such as the Patient Innovation Project and nineteenth-century newspaper editors. While values and theoretical explanations for actual practices and objectives may differ, the GKC framework is strong in revealing a common member-driven approach and similar governance features. Shared features associated with Pattern 2, presented in Table 1.6, arise from an emphasis on member interests, sometimes in contrast to the interests of other impacted stakeholders or even to members’ interests in other communities.
|Institution Type Concern||Strategies||Norms||Rules|
|Participation||Community members will participate when they view knowledge production as threatened without commons (e.g., LINK and Rare Disease Clinical Research Network)||Participants’ patient status is a prerequisite for membership (e.g., Rare Disease Clinical Research Network and Oncofertility Consortium)|
|Information Resources||Users that see value become knowledge contributors (e.g., aviators, OCCs, and the Galaxy Zoo)||Patient participants must contribute personal health information (e.g., Oncofertility Consortium and Patient Innovation Project)||Information must be disclosed or else funding is revoked (e.g., the Sentinel Initiative and the Open Neuroscience Movement)|
|Appropriate Flows||Direct flows toward pharmaceutical research, when patients benefit (e.g., Patient Innovation Project)||Flows should not leave the commons to encourage valuable participation (e.g., Congress and the Sentinel Initiative)||Knowledge produced subject to publicly financed grants must be available to the public (e.g., Genome Commons and the Open Neuroscience Movement)|
|Decision-Making||Personal disclosures to establish credibility or expertise (e.g., Wikipedia and patients)||Subcommunity decisions are democratic (e.g., the Patient Innovation Project and OCCs)||Some decisions are made by those who provide the commons platform (e.g., the Galaxy Zoo, nineteenth-century newspaper editors, and Biobanks)|
In these communities, whether members are required to participate by exogenous rules (e.g., the Open Neuroscience Movement or the Sentinel Initiative) or participation is entirely voluntary (e.g., the Patient Innovation Project or aviation interest groups), rules-in-use governing personal information flows within Pattern 2 attempt to foster productive and good-faith participation, reflecting the value placed on knowledge production. Various strategies and norms reflect privacy concerns surrounding the secondary use aspect of information processing; for example, the LINK project, designed by UNESCO to protect traditional knowledge and languages, depends on design principles that control uses. These principles also notably reflect concerns about appropriation as a particularly threatening form of information dissemination. Norms about flows beyond community boundaries, as in the Sentinel Initiative, also reflect concerns regarding information dissemination. Constraining dissemination encourages participants to embrace the community, despite its mandatory nature. Additional values also guide this community, in that allowing participants to determine appropriate information processing and internal flows provides a degree of autonomy, despite exogenous constraints and enforcement by funding agencies. Though Solove’s taxonomy does not explicate autonomy in this precise sense, autonomy is frequently cited as underlying the need for privacy protection.
In general, rules-in-use observed in cases within the member-driven commons pattern reflect these two branches of privacy conceptualizations: concerns about secondary uses as information processing and concerns about information dissemination as appropriation and inappropriate disclosures. It is notable that these cases reflected less concern with information collection than cases in either the first or third patterns. Pattern 2 communities appear more comfortable with the types and amounts of personal information in flow within the commons, perhaps in part because personal information is directly relevant to the knowledge production objectives of these member-driven cases, in contrast to the public-driven patterns, in which personal information flow is often an unintended by-product. Alternatively, member-driven communities may tend to be created or emerge precisely when buy-in is needed to encourage the personal information flows necessary to produce certain knowledge products.
Members of Pattern 2 commons that were heavily influenced by exogenous institutions often used work-around strategies and norms to subvert exogenous constraints. Rules and norms of privacy for information flow in Congress, for example, reflect tension between exogenous political demands for transparency and members’ own desires for privacy to get legislative sausage made – sometimes for better and sometimes for worse from a social perspective. Because Congress makes the laws, this trade-off may be involved even when the rules-in-use are compliant with legal requirements for transparency as a mechanism of democratic accountability. Other work-arounds are similar to those observed for Pattern 1. Subgroups of Patient Innovation participants share personal information with pharmaceutical companies to support development of targeted treatments, despite exogenous legal protections and platform protections designed to constrain such flows. Patient Innovation participants also sometimes leverage personal, sensitive health information to negotiate status in communities. In Pattern 2 commons, work-arounds by subgroups may reflect inequalities and contested legitimacies within commons governance.
When membership in commons arrangements does not include everyone affected by the community’s decisions and information practices, additional issues concerning the legitimacy and social benefit of commons decision-making arise. Some exogenous rules are intended to force the rules-in-use of member-driven commons to accommodate the interests of such outside parties. For example, HIPAA regulations and professional ethics applicable to commons whose members are medical researchers or professionals are designed to reflect the interests of the patients about whom the personal health data is collected. In other cases, the exclusion of affected parties from membership in a community leads to contestation of membership boundary rules. The membership rules of both the Rare Disease Clinical Research Network and Oncofertility Consortium, for example, reflect efforts to move toward better representation and empowerment for data subjects. These examples provide evidence that the concept of legitimacy is central to understanding rules-in-use and thus ought to be incorporated into the GKC framework.
Contestation over community rules-in-use and decision-making processes may sometimes lead to commons failure. In other cases, commons persist despite contestation because of beneficial outcomes, because work-arounds are sufficiently effective, or simply because of disparities in power.
188.8.131.52 Pattern 3: Imposed Commons
Biomedical data commons and genome commons, as Pattern 3 arrangements driven almost entirely by exogenous decision-makers, are influenced by the relationship between public funding for biomedical research and the establishment of accessible pooled resources. Pattern 3 can be identified by emergence from a subset of powerful participants.
M. Biomedical Data Commons
Given increasing transparency requirements associated with public funding for scientific research (Reference Contreras, Frischmann, Madison and StrandburgContreras, 2014) and opportunities afforded by technological advancement relative to large data sets (Reference Roski, Bo-Linn and AndrewsRoski, Bo-Linn and Andrews, 2014), scientific and clinical research data is increasingly aggregated in large, collaborative repositories (Reference Contreras and EmrouznejadContreras, 2016, Reference Contreras, Strandburg, Frischmann and Madison2017). Uses of data aggregated in this way raise a number of concerns, not only relative to the informed consent of data subjects relative to secondary uses, but also relative to privacy, given the sensitive nature of health information (Reference Malin, Emam and O’KeefeMalin, Emam and O’Keefe, 2013). These repositories represent commons, established between a diverse group of stakeholders – private and publicly funded researchers, data subjects and curators, and state actors – yet are also importantly impacted by complex exogenous rules, such as “laws governing intellectual property and data privacy” (Reference Contreras and EmrouznejadContreras, 2016, Reference Contreras, Strandburg, Frischmann and Madison2017). The state plays multiple distinct roles within these commons, and is particularly important in ensuring that data flows are appropriate in both private and publicly funded biomedical knowledge construction; it is for this reason that the National Center for Biotechnology Information (NCBI) molecular biology information resource, for example, was established to curate an unparalleled biomedical research common, drawing diverse researchers in, subject to constraints on data flows (Reference Contreras and EmrouznejadContreras, 2016).
N. Genome Commons
Collections of genomic data, beginning with the human genome project, have been designed as large-scale and collaborative projects that require data governance as common pool resources and shared repositories (Reference Contreras, Frischmann, Madison and StrandburgContreras, 2014; Reference Van Overwalle, Frischmann, Madison and StrandburgVan Overwalle, 2014). Within this context, governance of appropriate information flows addresses: information and types, de-identification, data production, who can access data, how data can be used, and rights regimes with respect to the information (Reference Contreras, Frischmann, Madison and StrandburgContreras, 2014; Reference Lee, Strandburg, Frischmann and MadisonLee, 2017; Reference Van Overwalle, Frischmann, Madison and StrandburgVan Overwalle, 2014). There is also further differentiation between the “community per se” and the community at large, surrounding the commons, based on generation of the data versus subjects, users, and beneficiaries, respectively (Reference Van Overwalle, Frischmann, Madison and StrandburgVan Overwalle, 2014). Concerns and treatment vary from group to group, ranging from full commons and open access to privatized repositories (Reference Contreras, Frischmann, Madison and StrandburgContreras, 2014; Reference Van Overwalle, Frischmann, Madison and StrandburgVan Overwalle, 2014), with privatization as a threat to genome commons, given that supra-governance, institutionalized through the Bermuda Principles (Reference Contreras, Strandburg, Frischmann and MadisonContreras, 2017), guarantee access to genetic data, but not use (Reference Van Overwalle, Frischmann, Madison and StrandburgVan Overwalle, 2014). Numerous examples have been documented in which participants reject a specific commons in favor of alternatives when they perceive rules-in-use, particularly surrounding knowledge resources uses, to be illegitimate or contrary to their objectives. The diversity of communities and arrangements surrounding repositories, coupled with guarantees that apply only to access, result in diverse use provisions (Reference Contreras, Frischmann, Madison and StrandburgContreras, 2014). However, the increasing prevalence of genome-wide association studies (GWAS), which link genotypes and phenotypes, have led to regulation by the NIH across genome commons regimes, prohibiting identification of individuals from data and subjecting commons to strict standards regarding subject confidentiality (Reference Lee, Strandburg, Frischmann and MadisonLee, 2017). Regulation instantiating the inappropriateness of documenting and sharing subject identities extends to consumer genome data and commons, as well (Reference Evans, Strandburg, Frischmann and MadisonEvans, 2017).
Examples of shared governance features for Pattern 3 are presented in Table 1.7, including overlap with a subset of institutional arrangements, or rules-in-use, found in other patterns. Pattern 3 examples that are not centrally dependent upon the state can also be identified, though none have been studied using the GKC framework so far. Such examples might include Facebook communities, where many or most of the important rules-in-use concerning information flow are embedded in platform-level infrastructure.
|Institution Type Concern||Strategies||Norms||Rules|
|Participation||Membership must be revoked when participants misuse information resources (e.g., Genome Commons)|
|Information Resources||All knowledge produced via publicly funded research must be contributed (e.g., Genome Commons and the Open Neuroscience Movement)|
|Appropriate Flows||Knowledge products may only be shared beyond the community for noncommercial purposes (e.g., the Galaxy Zoo and Genome Commons)||Knowledge produced subject to publicly financed grants must be available to the public (e.g., Genome Commons and the Open Neuroscience Movement)|
|Decision-Making||Publicly funded research is subject to exogenous institutional constraints, as decided by lawmakers (e.g., Genome Commons and the Sentinel Initiative)|
Relevant privacy concerns embodied in Pattern 3 rules-in-use regulating information flow primarily reflect information processing and dissemination concerns. Consistent with the imposed commons pattern, information collection concerns of members, and invasion concerns of impacted stakeholders may be overlooked and are emphasized in criticisms of these communities. Secondary uses, as information processing, are particularly important – and frequently criticized – aspects of personal information rules-in-use across both cases. Knowledge production is mandatory in these Pattern 3 cases, with few documented strategies or work-arounds. Instead, many rules with enforced consequences structure these communities.
The absence of strategies within these communities is notable because, by design, grassroots and informal practices are difficult to enact, given the constraints on the community. While many of the rules-in-use present here are also observed in communities from Patterns 1 and 2, Pattern 3 is institutionally defined by rigidity of structure and limits on participatory decision-making, despite a commons governance arrangement to support sharing.
This meta-analysis provides proof of concept for the proposed GKC framework in structuring the study of privacy. It also begins to provide interesting insights into patterns of institutional organization and rules-in-use and into the specific privacy concerns that appear to ground those structures. Observed patterns vary primarily according to whether the commons approach is public-driven, member-driven, or imposed. Endogenous and exogenous sources of rules-in-use also affect compliance and perceptions of legitimacy. Those who experience negative consequences of information flow rules-in-use that are adopted without their participation contest legitimacy, either directly or by engaging in work-around strategies.
This reanalysis also situates the examination of privacy governance within a nuanced exploration of privacy values, drawing on Solove’s taxonomy. The distinctive origins of institutions and the nature of knowledge work within specific communities lead different sorts of communities to emphasize different categories of privacy concerns (e.g., with respect to information collection or dissemination). These different concerns (e.g., secondary uses or decisional interference) yield different rules-in-use and structure. The study also highlights a set of concerns associated with information collection that does not appear in Solove’s taxonomy. These concerns stem not from surveillance or interrogation, per se, but from the participatory nature of knowledge commons and the discontinuity between typical top-down collection arrangements and the grassroots arrangements of knowledge commons. In these cases, collection concerns emphasize the group and intermediaries, rather than governments or firms.
Our analysis also highlights the importance of stakeholder perceptions of legitimacy regarding commons decision-making, both by members and by impacted individuals who are not members of the commons community. Legitimacy concerns differ by role, consistent with work by Reference BennettBennett (2010). Legitimacy failures and issues are likely underrepresented in the set of cases studied here, given the skew toward successful commons governance regimes and the absence of questions explicitly targeting legitimacy from the original set of questions posed within the GKC framework, and should be addressed in future work.
The observed procedural legitimacy issues are related to impacts of the commons on the outside community, to work-arounds and attempts to subvert constraints, to contestation of appropriateness of information flows, and to negative externalities. While many of these issues appear most starkly when focusing on privacy concerns, this analysis of privacy from a governance perspective draws attention to legitimacy questions that may be of more general importance in the study of knowledge commons but may have been overlooked. Thus, this study has helped to identify important questions to augment the GKC framework more generally. Furthermore, this analysis illustrates that diverse examples of knowledge resources shared or produced between two or more participants in a specific context or set of contexts can be explored from this perspective. Table 1.1 displays a revised version of the GKC framework based on what has been learned from the reanalysis reported here. Overall, the meta-analysis reported here illustrates that commons governance of privacy and the nature of privacy as sharing are useful conceptualizations.
The revisions to the GKC framework shown in Table 1.1 highlight the patterns and recurring concepts gleaned from the meta-analysis. It is also important to note that the language within these questions is conceptually intentional. For example, questions about how communities fit into contexts and how contexts are nested in polycentric arrangements shaped by domains reflect theorization based on previous IAD-driven studies, as well as an effort to reconcile differences between Contextual Integrity and the GKC framework. Whereas “communities” can be understood as groups of participants with structured interactions, “contexts” are either the nested arrangements of institutions, infrastructure, organizations, technologies, and/or platforms or specific constructed environments within which communities function. In contrast, the term “domain” is intentionally employed to differentiate the IAD conceptualization of context from the CI approach to context as higher-level social contexts, such as education or healthcare or politics. For example, a community of parents may share personal expertise and information about local health resources through many channels, including discussions or groups on global platforms, such as Baby Center, with structure imposed by the community of participants, the context of the online platform, and the overarching domains of health and protections for children (Reference Hara and SanfilippoHara and Sanfilippo, 2016).
There are many advantages of systematically studying privacy using the GKC framework for structured case-study analysis. The framework allows researchers to explore variance among communities with respect to knowledge resources and participation, obstacles and dilemmas surrounding knowledge formation and flows, objectives of participants, and rules-in-use structuring knowledge and privacy commons. Case studies will illuminate both commonalities and differences among the rules-in-use governing privacy in various specific situations. The GKC framework helps to structures these observations by sorting findings into coherent conceptual categories. The emphasis on the role of privacy in knowledge formation and the establishment of sharing as a dimension of privacy facilitates the exploration of intersections of privacy with commons arrangements focused on knowledge production and sharing. That intersection is at the heart of current debates about big data. Given the framework’s focus on investigating how practices and normative values play out on the ground, there is potential to learn what people really care about and why, as well as to improve institutional design or develop design principles, based on patterns of success across commons cases, coupled with detailed understanding of values, legitimacy, and trust within nested contexts.
Personal information itself is contextually and situationally dependent, as the case studies discussed here demonstrate. Thus, not only the appropriateness of information flows, but also the personal or sensitive nature of information depends on context. Knowledge production may depend on understanding this point, since ideas and data processes themselves are sensitive in some cases. Appropriateness of information flow is thus critical not only to traditional privacy concerns, but to knowledge governance generally.
Validating the proposed framework against cases in our meta-analysis helped us to enhance the GKC framework with additional questions to structure future inquiry. While higher level categories in the framework are general, applicable to diverse research questions, and have remained unchanged when applied to many cases, the more specific questions are intended to evolve, and have evolved throughout this project so as to apply to questions about privacy as governance. This grounded development approach also illustrates the diversity of privacy commons and common privacy governance mechanisms. An agenda for future cases ought to address diverse, emerging, and changing settings for information privacy governance that address: the interplay between the public and corporate actors on social media platforms, private and secret knowledge sharing practices relative to public policy development, and mechanisms of accommodating information governance to overlapping contexts and contested or conflicting social values.
Finally, it is important also to acknowledge the limitations of this approach, as well as areas for future conceptual development. One of the framework’s virtues is its focus on descriptive empirical understanding of contextualized situations. The flip side of that focus on observation is that more is needed to resolve contested normative issues about privacy. Integration of this approach with normative analysis is extremely important for future conceptual work. Combining the GKC approach with contextual integrity, while adding in questions of governance and procedural legitimacy, is a step in that direction. Finally, this approach requires its own knowledge commons to succeed. The GKC framework’s systematic structure facilitates comparison across cases, yet generalizability comes when patterns can be divined across sets of many cases based on detailed understanding of their similarities and differences. Thus, application of the GKC framework is time-consuming and requires an effective research community, so as to support the cross-context comparisons and extrapolation needed for the development of design principles that can guide policy-makers and communities in structuring knowledge commons governance to promote appropriate information flows. Diversity in cases, including in community objectives, resources, participants, domains, and institutional arrangements, will better reveal how privacy structures knowledge management and production. It is important to study cases ranging from those pertaining to small communities designed for exchange to those that involve explicit privacy policies in commercially oriented environments, both online and offline.