Premium
Disaster privacy/privacy disaster
Author(s) -
Sanfilippo Madelyn R.,
Shvartzshnaider Yan,
Reyes Irwin,
Nissenbaum Helen,
Egelman Serge
Publication year - 2020
Publication title -
journal of the association for information science and technology
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.903
H-Index - 145
eISSN - 2330-1643
pISSN - 2330-1635
DOI - 10.1002/asi.24353
Subject(s) - privacy policy , internet privacy , information privacy , agency (philosophy) , government (linguistics) , personally identifiable information , privacy by design , business , computer security , corporate governance , computer science , sociology , social science , linguistics , philosophy , finance
Privacy expectations during disasters differ significantly from nonemergency situations. This paper explores the actual privacy practices of popular disaster apps, highlighting location information flows. Our empirical study compares content analysis of privacy policies and government agency policies, structured by the contextual integrity framework, with static and dynamic app analysis documenting the personal data sent by 15 apps. We identify substantive gaps between regulation and guidance, privacy policies, and information flows, resulting from ambiguities and exploitation of exemptions. Results also indicate gaps between governance and practice, including the following: (a) Many apps ignore self‐defined policies; (b) while some policies state they “might” access location data under certain conditions, those conditions are not met as 12 apps included in our study capture location immediately upon initial launch under default settings; and (c) not all third‐party data recipients are identified in policy, including instances that violate expectations of trusted third parties.