Cross-cultural privacy

In this episode

Do privacy concerns differ across cultures? And if yes, should that have any technology design implications? We cover a recent paper on cross-cultural privacy.


We’re not being monitored, are we? OK. Hello, and welcome to Vulnerable By Design with me, Chris Onrust. Coming up in today’s tasting of recent vulnerability research: Would you like some privacy?

You and I might, at some point come to have a conversation, one to one. No, really. As long as nobody’s eavesdropping or snooping around—and we know that’s getting increasingly difficult these days—then this conversation would be private. Hey, for all I know, most of the time, most of my thoughts are private. Because they’re just stuck there, on the inside of my skull.

Privacy, in the rough, just means a condition in which you—your body, behavior, your personal information—are not being observed or monitored by others; other people, groups or companies. Or, it can mean that you have the ability and the freedom and the power to shield yourself from such monitoring and observation.

Fundamentally, privacy has a lot to do with freedom, agency and control. Being free from any other person, group or organization tracking your every move. Having the space to say: Nah, thanks. This just concerns me. I want to experiment a bit, try things out. Have some room to get clear on my thoughts, my feelings and my ideas. And likewise, it has to do with allowing others that freedom not continually to be tracked and monitored. Providing them the openness to be with their own opinions and their experiences. For them not have to be socially ‘on call’ all of the time.

Our paper today by the researcher Yao Li published in ‘Modern Socio-Technical Perspectives on Privacy’ from 2022, looks at privacy across different cultures. The paper starts out with the observation that many technologies today are gathering an awful lot of data and potentially personal information on people. So here they’re thinking of: online platforms, websites, mobile apps, but also things that have a wifi connection—from fridges to baby monitors. Li also observes that many of these technologies and platforms are used all over the world.

But, Li says, when it comes to privacy options, it’s basically just a one size fits all. So ‘Hey, here are privacy settings. Thank you, bye bye.’ That’s an issue, according to Li, because it provides very little attention to just the reality that across the globe, people might have very different wishes and expectations about what they consider to be private or not, and what matters to them when navigating what’s private or not. As Li puts it: “While privacy regulation exists in almost every culture, the specific behavioral and psychological mechanisms that people use to regulate privacy boundaries are culturally unique.” So for example, in some cultures, people might live in all-shared spaces, but they might regulate their personal sphere with what Li calls “a wall of etiquette”, just to keep their personal feelings or thoughts to themselves. While in other cultures, people might all have personal areas, for example for sleeping and eating, but they may be far more inclined to share their personal thoughts and feelings.

Li suggests that if people have indeed these different habits and expectations around what they consider private, then shouldn’t that be reflected in the privacy options of the tech that they use? Shouldn’t these cultural differences have consequences for how privacy systems and strategies for data collection are designed?

The bulk of Li’s paper focuses on a very broad contrast between so-called ‘individualism’ on one hand and what is labeled ‘collectivism’ on the other. Obviously, this cannot but be a massive generalization. And my personal motto is: as soon as you see any of these ‘-isms’ pop up: Get Out.

But I’ll tell you what the idea is. The idea is that if you are a collectivist, you will tend to emphasize the value of society, the collective or of wider social groups. Whereas if you are an individualist, then you will tend to emphasize the value of something at a much smaller scale, namely that of the individual.

OK, are you ready for the next massive generalization? Supposedly, these ‘-isms’ are not just labels for the attitudes of particular people. It is ventured that we can also apply this opposition to cultures. Where ‘culture’ is just understood as the total set of behavioural patterns or ideas or common practices and traditions within a particular society or group. Or, as Li puts it: “the collective programming of the mind.”

On this line of thinking, also cultures can be predominantly collectivist or individualist. So, on some measure the Federal Republic of Nigeria—did you notice that we just switched from culture to countries?—the Federal Republic of Nigeria would have a more collectivist culture. While the culture of the Commonwealth of Australia would be more individualistic.

What difference might individual-ism and collectiv-ism make for how people think about privacy? It’s not the case, Li says, that the one cultural orientation cares about privacy, whereas the other doesn’t. That just would be a bit of a stereotype. Instead, the idea is that it’s about how and where privacy considerations come in. For example, people in a more collectivist culture would comparatively have more concerns about how information sharing would impact on other people; other people’s privacy and their well-being. If I post this on TikTok, fill my auntie feel exposed, even embarrassed? Or if I allow LinkedIn to import all of my contacts, might they maybe not like that very much? Whereas people in cultures with an individualist orientation are thought to be less concerned with how information sharing might impact on other people, and more concerned with their own personal privacy loss. So: I don’t want Google to read all of my emails. I prefer Siri not to listen in while I’m eating or napping.

Li’s paper suggests that it would be good if globally-operating tech companies that slurp data and personal information didn’t have just this one-size-fits-all privacy setting. But if, instead, they would tailor the privacy options to match the dominant privacy habits and preferences of the countries that they’re operating in. How might that look?

Basically, the idea is that in predominantly ‘collectivist’ countries, tech companies could offer more options for collective privacy management, and more support for users to protect other people’s privacy. For example, they could send users an alert if their information-sharing could put other people’s privacy at risk. Were in predominantly individualist countries, they could strengthen the protections for individual privacy. So in that way, tech companies could move away from the one-size-fits-all approach to privacy design, and really tailor privacy offerings to the cultural orientation that’s dominant in a specific country.

Here’s my thought. All of this is good. Personally, I love anyone paying attention to privacy. Whether I’m walking the dog or am on my lunch break—seriously, talk to me anytime. Also: praise to anyone who’s drawing attention to how humanity is not just a homogenous blob, but displays—shall we say—some variety across different regions of the world.

But I’m really not sure about this proposal. It sounds a lot like it might reinforce the existing status quo and still impose whatever privacy preferences are dominant within a country onto smaller groups? For instance, if you live in an individualist country, will it just be: ‘Sod your concerns about other people’s privacy, here are some tools to protect yourself’? Or, in a country that’s deemed to be more collectivist, will it just be: ‘fuggedabout your personal privacy loss’? Li says that social media platforms in collectivist cultures should reinforce a commitment to cultural norms of promoting collective interest. Really? Should?

Here’s an alternative take. Why not offer everyone, wherever you live, maximum options for individual and social privacy protection online? Heavens (and I know this is unthinkable) why wouldn’t tech companies take a step back, and maybe not gulp up seas and seas of personal data on people who used our product, just because they can? Ha no, I know you are not here for the fairy tales. Because data harvesting is these companies’ business. Oh, no, never, no they shan’t step back from that.

But it could make you think. Maybe the issue isn’t so much which menu of privacy settings you get offered, given the dominant cultural orientation in your country. (Oh, the joys of clicking yet another ‘legitimate interest’ cookie discontent pop-up!) Maybe the issue is … the product? Thank you for joining us at Vulnerable By Design this week. If you have your eye on vulnerability research that we should cover, do let us know. You will find all our details and episodes on I’m Chris Onrust. Thank you for listening and bye for now.

See also