You are here: Resources > FIDIS Deliverables > Profiling > D7.9: A Vision of Ambient Law > 
Nissenbaum's contextual integrity and its operationalisation  Title:
 Summary of the conceptual exploration


IPTS’ D1gital Territ0ries concept – an overview

As discussed extensively in several FIDIS deliverables (D7.3, 7.4, 7.5, 7.7), the legal regulation of informational privacy often proves to be inadequate to ensure the protection of our privacy and personal data in the digital space, since sometimes it cannot be enforced adequately or cannot keep up with rapid technological developments and social changes.  

In this context and to address these considerations, the European Commission’s Institute for Prospective Technological Studies (IPTS) has engaged in research towards developing a concept that would allow individuals to manage distance and boundaries, the ‘territories’ in this new space, in a social and legal sense, while also providing a proper balance between security and privacy. Although the issues are not always that clear, people have learnt to become aware of the boundaries between physical and digital space and act accordingly.

At this point, the D1gital Territ0ries (DT) concept is brought forward to provide an appropriate way to protect privacy and personal data in the digital world, while promoting freedom of expression and enhancing collaboration and communication in public places of the digital world. Because law in a constitutional democracy is involved in empowering citizens to create, shift, and sustain borders in order to develop and sustain their personal identity (self), the concept of digital territories compares well to Nissenbaum’s contextual integrity and may be presented as a second example of how to rethink law from the era of the printed script into the digital age. 

The idea of ‘territory’ has been present in the physical space almost as long as human presence on earth. Legal rules and tacit socio-cultural norms and even traditions constitute the guidelines for people’s understanding of what is private or public space or of what is socially accepted as private or public space. The fenced land, the ‘keep out’ sign on someone’s private lawn, the questioning look and cold stare given to strangers in a neighborhood bar, are just a few examples of the ‘intuitive validity of the idea of territory’ in the physical space; territorial behavior basically aims at achieving a desired level of privacy. 

Daskala and Maghiros have identified the following three different types or layers of digital territories, according to the degree of control that individuals exercise over their data in the specific space and the relative duration of the individuals’ claims to the space. 

  1. Primary or Personal DT – The primary digital territory regards a person’s digital personal space. This space encompasses the individual’s digital identities as well all digital personal data of a person, including any data which are generated by the person’s on-line activities. As such, the personal DT aims at achieving a desired level of privacy, while allowing the performance of any number of selected everyday tasks.

  2. Secondary or Group DT – This type or layer of DT is a hybrid, as it combines both the total and pervasive control allowed to participants in primary territories and the almost-free use of public territories by all persons. It basically regards groups of individuals that share common interests or purposes; hence, it is also referred to as a group DT. The secondary or group DT has elements of public access, considering that it is ‘used’ by two or more persons, but at the same time, its owners enjoy a certain degree of control, albeit not to the same degree as over their personal DT. A characteristic example of this type of DT is the future smart home or the workplace environment.

  3. Public DT – Any individual has free access and may exercise a low level of control in the context of a public DT. It is a kind of ‘commons’ in digital space, a free territory, open to the society members at large. In the physical, space it could be for example a beach, a street or a park; in the digital space, it is for example a non-moderated on-line forum, or a publicly available digital space such as an on-line newspaper offering space with individuals’ comments.

Apart from the types or layers of the DT, Daskala and Maghiros have also identified four basic components of a DT that are necessary in order to enable a functional DT: bubbles, borders, markers, and bridges.  

  1. Bubble – Firstly, the (digital) bubble is a dynamic personal info-sphere, or better data-sphere, since it basically ‘holds’ the person’s personal data, and is used to set the borders, restricting or allowing data and information coming in or going out of it. The notion of bubble encompasses all the interfaces, formats, rights and agreements, etc. needed for the management of personal data and informational interactions.

The size of the bubble may vary as a result of its information content, the form of interaction the individual wants to perform, and the overall ‘trust’ assigned to the environment of the interaction. Using a cell-membrane analogy, the bubble has a two-way exchange with the environment, sometimes from the inside of the cell out to the environment and sometimes from the environment into the cell.  

  1. Borders – The second component of a DT, the borders, are seamless, fictitious lines that draw its perimeter, implementing the permissions set through the bubble. Therefore, these borders are always under negotiation and they adapt to different situation or spaces; they are also not autonomous but are set by the bubble. They thus change, decrease, or increase according to the ‘will’ of the bubble, and the boundaries that it wishes or is obliged to set.

  2. Markers – The way of expressing and making boundaries visible, is by setting markers. In the physical world, a marker would be the ‘Keep Out!’ sign placed in one’s garden, informing other people that this is a private space where entering is not permitted. In digital space, it could be the log-in screens for accessing a personal computer or it could be the ‘private’ tag put on a folder.

  3. Bridge – The bridge is the fourth component of a DT. It differs from the other components in the sense that it is not a component per se, but provides the link between the physical and digital or virtual world; for example, a bridge can be an RFID tag which contains a link to information about the object that embeds it, thus providing a link between a physical entity (object) and its virtual history and thus ‘bridging’ the physical and the digital world. As the boundaries between these two worlds blur with the development of new technologies in a future AmI environment, the concept of the bridge will become increasingly important in relation to the identification of the personal data-space and the drawing of the DT boundaries.

Furthermore, as a special case and example of DT, IPTS has developed the concept of ‘Virtual Residence’ (VR), which basically projects the concept of a protected ‘residence’ in the on-line, digital world. This protection could be either legal or in the form of social norms and ‘netiquette’. It relates to the individuals’ lives and the personal data stored at home, which at times need to be remotely accessible from the digital world. VR is also an attempt to address the need for more privacy-enhancing initiatives, at least in the ‘home environment’ which constitutes a first clear example of territory (physical and digital) that may require regulatory protection. VR is an attempt to identify alternative legislation to protect data of a personal nature, exactly as it is protected in our physical homes now. VR is a DT, made up by the integrated DTs of the ‘home’ residents who take turns in managing the ‘shared’ data, since in many cases, more than one person use the same physical infrastructures. VR could become the first DT application area, since current applications put additional pressure on taking relevant action, and the issues posed are perceived as easier to address. 

If we look at the concept of AmL as developed above, and connect it with IPTS’ concept of digital territories and virtual residence, we can recognise many ways in which this conceptualisation of territory in the digital space provides an interesting example for AmL: 

  1. the traditional concept of territory, part of the physical space, is transposed to the digital space; 

  2. the concept of DT acknowledges the need for boundary creation and maintenance as central to privacy, and it aims to empower people to achieve this; 

  3. the concept of DT acknowledges the blurring of private and public space in the digital space, allowing a more contextual approach to privacy (like virtual residence); 

  4. if the concept of DT is made operational by translating it into digital code, it can be used as an example of how to inscribe values or (legal) norms into the architecture of AmI. 


Nissenbaum's contextual integrity and its operationalisation  fidis-wp7-d7.9_A_Vision_of_Ambient_Law.sxw  Summary of the conceptual exploration
17 / 31