Nowadays, people often say: “If you have nothing to hide, you have nothing to fear.” They dismiss digital privacy as a niche concern for “nerds” or those with secrets, treating it as a luxury rather than a basic human right. This misconception ignores a critical truth: privacy is not about secrecy, but about controlling how our data is used and shared—especially in relation to the context in which we disclose it. Every time we share information online, whether it is a grocery list, a location check-in, or a message to a friend, we implicitly expect that data to stay within the context we intend. This blog breaks down why contextual integrity is the key to meaningful digital privacy, how tech companies break this context for profit, and what we can do to take back control of our personal information.
What Is Contextual Privacy, Anyway?
Contextual integrity, a theory developed by scholar Helen Nissenbaum (2018) in her influential work on digital ethics, redefines privacy in the digital age by shifting the focus from secrecy to contextual appropriateness: it is not about keeping data secret or hidden from view, but about ensuring that information flows only in ways that fit the specific context in which it is shared and the implicit expectations we have for that data.
In a world where every digital interaction—from a doctor’s appointment to a grocery run—generates data, Nissenbaum’s theory addresses a critical gap in how we understand privacy: it is not the data itself that violates privacy, but the act of removing that data from its original context and using it in ways we never intended.
A simple, everyday example illustrates this clearly: when you share sensitive health details with your doctor during a check-up, you do so with the implicit trust that this information will remain within the doctor-patient relationship—a context built on confidentiality, care, and medical necessity. You expect that information to stay within the doctor-patient context—not to be sold to your insurer to raise your premiums, shared with your employer to influence hiring decisions, or used by a political campaign to target you with personalized messaging. That breach of context, the act of taking data meant for one purpose and repurposing it in a completely unrelated sphere, is the true privacy violation—not the fact that you shared your health details with a medical professional.
“Privacy is violated not when data is exposed, but when it is moved into a context where it does not belong.” — Helen Nissenbaum
Nissenbaum identifies two core rules for maintaining contextual integrity in digital interactions: Appropriateness and Distribution. Appropriateness means that the information shared fits the setting—for example, health data belongs in a medical context, not in advertising. Distribution means that data should only be shared with the recipients we expect—grocery shopping habits, for instance, should stay with the supermarket, not be passed to insurers or political parties. For example, sharing your location with a maps app to get directions is appropriate, but that same app selling your location data to political campaigns to target you with ads is a harmful context breach—one that happens daily across countless digital platforms.
Why Context Is Everything in Digital Privacy
This short video explains Nissenbaum’s theory simple, with real world context breach example:
This video focuses on the ineffectiveness of common privacy protection methods and the hidden risks of data context breaches in daily digital interactions. It further explains how tech companies use obscure rules to bypass user consent and misuse personal data across different contexts, which is highly consistent with the core viewpoint of this blog—contextual integrity is the key to protecting digital privacy. By watching this video, you can better understand why simple “privacy settings” are not enough to safeguard your data and how to identify potential context breach risks in your daily online activities.
Hidden Digital Rules: How Corporations Undermine Privacy and Human Rights
Scholar Kari Karppinen, in his 2017 book chapter Human Rights and the Digital, explores the link between digital technologies and human rights, noting that unregulated practices undermine privacy by breaking data’s contextual boundaries. He argues digital life is shaped by power imbalances, allowing corporations to impose hidden, unaccountable rules that prioritize data collection over human rights protection.
These opaque rules erode data’s contextual integrity, making widespread context breaches inevitable through four key mechanisms outlined by Karppinen. These mechanisms work together to violate digital human rights, starting with hidden app code that collects user data without explicit knowledge, undermining data autonomy, and overly complex privacy policies that deny users informed consent.
The remaining mechanisms include “opt-out” default settings that burden users with privacy protection, and terms of service that force consent to data exploitation for essential services. Karppinen emphasizes these practices not only breach data context but also violate the human right to privacy, stripping individuals of control and perpetuating inequality.
Online consent, the cornerstone of most privacy regulations, is essentially a myth. A 2021 study conducted by Ibdah et al. found that most users click “I Agree” on privacy policies without reading a single word—their only alternative is to lose access to essential services like social media, banking apps, or even online shopping platforms. This extreme power imbalance allows companies to take data out of context freely, with little to no real accountability for how that data is reused or shared with third parties.
The Australian Supermarket Loyalty Card Scandal
Context breaches are not limited to social media platforms or tech giants—they happen in everyday activities like grocery shopping, often in ways that feel routine and harmless. A stark example of this is the 2024–2025 Australian Supermarket Loyalty Card Scandal, which involved two of the country’s largest retailers: Woolworths and Coles. As Dawson et al. (2025) detail in their investigation, the scandal revealed three key issues with how these supermarkets handled customer data collected through their loyalty programs, which are used by over 80% of Australian households. The supermarkets collected detailed shopping behavior, sold this data to third parties for millions of dollars annually, and hid these practices in unreadable privacy policies that most users never read.
Users shared their shopping habits with supermarkets in exchange for discounts and rewards, not to have their data used to raise insurance premiums—for example, customers who bought gluten-free products were labeled as “high-risk” by insurers, even without medical evidence—or to judge job reliability, such as late-night shopping being misinterpreted as a sign of unreliability. Political campaigns also used this data, targeting users with family-related purchases (like baby products) with tailored messaging. This is a clear breach of contextual integrity: grocery data, shared in a retail context, should not impact insurance costs, job opportunities, or political exposure.
Why This Harms Everyone — Not Just “Privacy Nerds”
Broken context turns mundane, everyday data into real, tangible harm, and these harms disproportionately affect vulnerable groups—an issue Karppinen (2017) highlights as a critical violation of digital human rights. Three key harms stand out as particularly concerning. First, invisible discrimination: out-of-context data leads to unfair judgments that can impact people’s lives, such as higher insurance premiums, job rejections, or denied credit (Nissenbaum, 2018). Second, the “chilling effect”: when users fear their data will be misused, they avoid searching for sensitive topics like mental health support or political information, limiting their freedom of expression—a fundamental human right that Karppinen argues is increasingly threatened in the digital age. A 2020 study by Lustgarten et al. found that 43% of users avoid online mental health resources because they fear their data will be shared with insurers or employers. Third, inequality: low-income households, elderly users, and non-digital natives rely more on loyalty programs and free apps to access essential services, making them more vulnerable to data exploitation (Karppinen, 2017; Dawson et al., 2025)—a form of digital exclusion that violates the human right to equal access to digital resources.
Why “Notice and Consent” Laws Keep Failing Us
Most privacy laws around the world, including the EU’s General Data Protection Regulation (GDPR) and Australia’s Privacy Principles, rely on a “notice and consent” model. The idea is simple: companies provide users with a privacy policy (notice), and users agree to it (consent), which is supposed to protect their privacy. But Nissenbaum and Karppinen (2017) both agree this model is fundamentally broken, as it fails to uphold the human right to privacy in the digital realm. Consent is not voluntary because users cannot say “no” without losing access to essential services. Even informed users cannot predict how their data will be used across different contexts in the future. Current laws treat data as a sellable product, but we need rules that limit cross-context data sharing and prioritize contextual integrity to truly protect users and uphold digital human rights—an argument Karppinen emphasizes in his exploration of media and human rights in the digital age.
What You Can Actually Do to Protect Your Context
You do not need to abandon the internet to protect your data—four simple, actionable steps can help you keep your data in the right context:
1. Question every permission: only share data that is necessary for a specific task. For example, if a flashlight app asks for access to your contacts, say no—there is no reason it needs that data to function.
2. Choose privacy-by-design services that collect less data by default and do not sell user information. Look for apps and platforms that are transparent about their data practices and give you control over your information.
3. Demand better laws: contact your elected representatives and let them know that privacy is important to you, and that you support rules limiting cross-context data sharing.
4. Talk about it: share this knowledge with friends and family to build broader awareness about contextual privacy and data misuse.
When we navigate the digital world, the line between sharing and overstepping is often defined by context—not by how “secret” our information is. Contextual integrity is not just an academic theory; it is the unspoken agreement we all expect when we share our data, whether that means grocery habits with a supermarket or health details with a doctor. Yet, as the Australian supermarket loyalty card scandal shows, corporations continue to break that agreement, using hidden rules and unfair consent practices to profit from our data, with real harms that touch every corner of our lives—from unfair insurance premiums to limited freedom of expression. “Notice and consent” laws may fall short, but individual awareness and advocacy for stronger, context-focused regulation can help shift the balance. In the end, protecting our digital privacy is not about hiding away—it is about ensuring our data stays where it belongs, and that we hold the power to decide how it is used.
Reference
Dawson, S., et al. (2025). Internet, privacy and data – a year in review. JWS Legal Insights. https://jws.com.au/what-we-think/internet-privacy-data-a-year-in-review/
Ibdah, D., et al. (2021). “Why Should I Read the Privacy Policy, I Just Need the Service”: A Study on Attitudes and Perceptions Toward Privacy Policies. IEEE Access, 9, 166465–166487. https://ieeexplore.ieee.org/document/9624976
Lustgarten, S. D., et al. (2020). Digital privacy in mental healthcare: current issues and recommendations for technology use. Current Opinion in Psychology, 36, 25–31. https://www.sciencedirect.com/science/article/pii/S2352250X20300415
Nissenbaum H. Respecting Context to Protect Privacy: Why Meaning Matters. Science and engineering ethics. 2018;24(3):831-852. doi:10.1007/s11948-015-9674-9
Office of the Australian Information Commissioner. (2025).Social media and online privacy. https://www.oaic.gov.au/privacy/your-privacy-rights/social-media-and-online-privacy
Karppinen K. Human rights and the digital. In: H. Tumber, S. Waisbord, eds The Routledge Companion to Media and Human Rights. 2017:95-103. doi:10.4324/9781315619835
YouTube. (2024). Short explainer on how privacy policies fail users and why consent is often meaningless [Video]. https://www.youtube.com/watch?v=vc7_TKN0kfw
Coles Group. (n.d.). Check balance page [Photograph]. Gift Cards Australia. https://www.giftcards.com.au/checkbalance
European Parliament. (2015). Protecting online privacy by enhancing IT security [Infographic]. European Parliament. https://www.europarl.europa.eu/committees/en/product/product-details/20151208CHE00191
Pixabay. (n.d.). Regulation GDPR data protection [Photograph]. Pixabay. https://pixabay.com/photos/regulation-gdpr-data-protection-3246979/
Be the first to comment