Search
Join ACM
Opinion
Security and Privacy

Two Types of Data Privacy Controls

Differentiating privacy between a user and institutions and privacy between a user and other users.

By
Posted
people walking and using cell phones in an urban environment, illustration

Users share a vast amount of data while using Web-based and mobile applications. Most service providers such as email and social media providers provide users with privacy controls, which aim to give users the means to control what, how, when, and with whom, users share data. Nevertheless, it is not uncommon to hear users say they feel they have lost control over their data on the Web.

This Opinion column aims to shed light on the often-overlooked difference between two main types of privacy from a control perspective: Privacy between a user and other users, and privacy between a user and institutions. I discuss why this difference is important and what we need to do from here.

Two Types of Privacy

Raynes-Goldie coined the term social privacy as opposed to institutional privacy.5 The former is about controlling access to personal information while the latter is about controlling how institutions such as Facebook and their partners might use this information. Heyman et al. defined the term privacy as subject to refer to controlling a user’s personal information disclosure to other users, and privacy as object to refer to controlling information disclosure to third parties, which represent the user as an object in a data mining process.3 Brandimarte et al. classified privacy controls according to purpose, where release controls refer to controlling information disclosure between users, while usage controls refer to controlling the use of users’ information, for example, by the service providers or third parties.2 Bazarova and Masur introduced multiple approaches to privacy, which include the networked approach where information flows in a horizontal direction between users, and the institutional approach where information flows in a vertical direction between a user and institution.1

I will use the terms user-to-user privacy and user-to-institution privacy. In user-to-user, the other users could be family, friends, coworkers, and others. In user-to-institution, the institution could be a service provider, organization, government, and so forth.

In recent years, many service providers, for example, social media platforms, have improved the privacy controls provided to users. However, they may have improved one type of privacy controls: the user-to-user.3 Ignoring the difference between the two types of privacy controls may lead users to have an illusory sense of control over their privacy.2,3 For example, users’ perceived control over user-to-user privacy may result in fewer privacy concerns as a result of an incomplete assessment of the associated risks of data sharing, ignoring what Stutzman called “silent listeners.”6 The user-to-user privacy is a subset of the user-to-institution privacy. However, when service providers emphasize the user-to-user privacy controls, or even worse, do not offer user-to-institution controls, users can get confused about where did they fail in controlling their privacy.

The distinction between the types of privacy is also important in privacy surveys and studies. Looking at privacy constructs, such as awareness, behaviors, attitudes, and concerns, researchers need to design their surveys and studies with the distinction in mind to avoid any confusion. They should clearly communicate which type of privacy controls the study or question is about. Let’s look at privacy awareness for example: users may be aware of the more prominent user-to-user privacy controls such as restricting Facebook’s profile information visibility from other users, but not the user-to-institution controls such as restricting what information the provider can use in the ads shown to the user. Similarly, for privacy concerns, users may be more concerned about the user-to-user privacy (for example, that their manager sees a Facebook post they did not want them to see) than an advertiser uses their post information to show relevant ads, or vice versa.

The distinction between the types of privacy controls is important to account for multi-cultural differences in privacy perceptions that may arise in one type of privacy controls, but not the other. For example, we may find different privacy awareness and behaviors for the user-to-user privacy controls due to societal norms that drive a society to be more aware of the user-to-user privacy. For example, in conservative societies, a considerable fraction of women do not prefer to share their photos publicly, thus, they are well aware of how to hide their profile visibility on social media platforms. On the other hand, these cultural differences may not appear in the user-to-institution privacy controls, as the societal norms are less relevant here.

Drawing a line between the two types of privacy in privacy studies, surveys, and discussions is important for an accurate perception and understanding of the privacy issues societies face. 

What Do We Need to Do Next?

From here, first, as researchers, we need to agree on accurate and sensible terms to describe the different types of data privacy from a control perspective. To this end, we first need to identify what terms are already there in the literature—we listed some of the terms we are aware of earlier in this article, but there might be more. We do not only need a list of existing terms, but an understanding of the reasoning behind them and their definitions, if any. We then need to provide definitions for each type of privacy controls in a more systematic way, including the actors and data flows that each type involve. Before we move to suggest rigorous studies to evaluate existing terms, we may need to crowdsource more terms that can capture the definitions more precisely, both from privacy experts and non-experts. From there, we can move forward to evaluate users’ comprehension and sentiments toward the terms. Eventually, we should be able to shortlist, then identify, the most sensible terms that accurately define the two types of privacy controls. To realize this, we will likely need a combination of both qualitative and quantitative approaches. There have been studies in the literature that examined terminology issues, for example, the terms used in cookie consent interfaces4 and privacy policies,7 which we can learn from.

After identifying the most sensible terms to describe both types of privacy controls, researchers and the industry need to adopt them, and raise awareness about the different types of privacy controls. We should adopt sensible and common terms in our product designs, research studies, and in our privacy discussions in general. Users eventually should adopt these terms too and be more precise in communicating their privacy perceptions, behaviors, and concerns.

Reaching a consensus on terms is not going to be free from limitations. For example, from my own perspective as a bilingual, I wonder if I conducted the study for choosing the most accurate and sensible terms in English as a representative language for service providers, would the results still hold if the terms were translated to another language? This may require follow-up studies.

Finally, with precise, sensible, easy to comprehend and use terms to differentiate the two intrinsic types of privacy controls, I believe this will positively impact the accuracy of privacy research and discussions, and this is a worthwhile endeavor.

    References

    • 1. Bazarova, N.N. and Masur, P.K. Towards an integration of individualistic, networked, and institutional approaches to online disclosure and privacy in a networked ecology. Current Opinion in Psychology 36 (2020).
    • 2. Brandimarte, L., Acquisti, A., and Loewenstein, G. Misplaced confidences: Privacy and the control paradox. Social Psychological and Personality Science 4, 3 (2013).
    • 3. Heyman, R., De Wolf, R., and Pierson, J. Evaluating social media privacy settings for personal and advertising purposes. Info 16, 4 (2014).
    • 4. Jiwani, S. et al. Crumbling cookie categories: Deconstructing common cookie categories to create categories that people understand. In Proceedings on Privacy Enhancing Technologies 3 (2024).
    • 5. Raynes-Goldie, K. Aliases, creeping, and wall cleaning: Understanding privacy in the age of Facebook. First Monday 15, 1 (2010).
    • 6. Stutzman, F.D., Gross, R., and Acquisti, A. Silent listeners: The evolution of privacy and disclosure on Facebook. J. Privacy and Confidentiality 4, 2 (2013).
    • 7. Tang, J. et al. Defining privacy: How users interpret technical terms in privacy policies. In Proceedings on Privacy Enhancing Technologies (2021).

Eman Alashwali () is an assistant professor at King Abdulaziz University (KAU), Jeddah, Saudi Arabia.

Submit an Article to CACM

CACM welcomes unsolicited submissions on topics of relevance and value to the computing community.

You Just Read

Two Types of Data Privacy Controls

View in the ACM Digital Library

This work is licensed under a Creative Commons Attribution-NonCommercial International 4.0 License.

© 2025 Copyright held by the owner/author(s).

DOI

10.1145/3723453

August 2025 Issue

Vol. 68 No. 8

Pages: 34-35

Table of Contents

Related Reading

Advertisement

Advertisement

Join the Discussion (0)

Become a Member or Sign In to Post a Comment

The Latest from CACM

Explore More

Shape the Future of Computing

ACM encourages its members to take a direct hand in shaping the future of the association. There are more ways than ever to get involved.

Get Involved

Communications of the ACM (CACM) is now a fully Open Access publication.

By opening CACM to the world, we hope to increase engagement among the broader computer science community and encourage non-members to discover the rich resources ACM has to offer.

Learn More