Privacy Codes of Practice for the Social Web:

70 views

Published on

The Analysis of Existing Privacy Codes and Emerging Social-Centric Privacy Risks

Girma Nigusse & Bart De Decker
Stanford University, Palo Alto, California, USA,
March 2010

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
70
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Privacy Codes of Practice for the Social Web:

  1. 1. Privacy Codes of Practice for the Social Web: <ul><li>The Analysis of Existing Privacy Codes and Emerging Social-Centric Privacy Risks </li></ul><ul><li>Girma Nigusse & Bart De Decker </li></ul><ul><li>Stanford University, Palo Alto, California, USA, </li></ul><ul><li>March 2010 </li></ul>
  2. 2. Introduction
  3. 3. Privacy Risks in Social Network Sites <ul><li>profiles mostly represent genuine identities, </li></ul><ul><li>profiles regularly updated by users, </li></ul><ul><li>default profile visibility is public , </li></ul><ul><li>users do not change default settings, </li></ul><ul><li>crawling public profiles is easy, </li></ul>
  4. 4. Private Information Flow Model <ul><li>Web = client/server, request/response, unidirectional </li></ul>Private information flow model in the Web
  5. 5. Private Information Flow Model Private information flow model in the Social Web <ul><li>Social Web = interactive, participatory, content-regeneration, multidirectional </li></ul><ul><li>Blogging, bookmarking, tagging, sharing, befriending etc </li></ul>
  6. 6. 1. Transparency <ul><li>Identity of the SP, purpose, data retention, user participation, recipients, accountability, and security. </li></ul><ul><li>Befriending = exchanging profile information </li></ul><ul><li>Third parties = direct access to user data </li></ul><ul><li>Policy authoring = user transparency </li></ul>
  7. 7. 2. Consent <ul><li>Primary and Secondary consent </li></ul><ul><li>Third parties = profile information collection is mostly invisible, no software license agreement, terms of use or privacy policy </li></ul><ul><li>Social software features = boost profile information sharing, linking, aggregation without users’ explicit consent </li></ul><ul><li>Spillovers = unauthorized disclosure </li></ul>
  8. 8. 3. User Participation <ul><li>Users’ right to access, challenge its correctness, amend, erase, or block their private data. </li></ul><ul><li>Intuitive profile editing tools </li></ul>
  9. 9. 4. Data Quality <ul><li>collected private data should be accurate, complete, and up-to-date </li></ul><ul><li>SNS users update their profile regularly </li></ul><ul><li>Profile = digital dossier </li></ul><ul><li>Fake characters (Fakesters) </li></ul><ul><li>Denigration = pretending to be someone in order to damage others </li></ul>
  10. 10. 5. Security <ul><li>Avoid unauthorized access, use, alteration, erasure, or disclosure </li></ul><ul><li>Confidentiality (Web) - Visibility (Social Web) </li></ul>
  11. 11. Discussion
  12. 12. Conclusion <ul><li>Future privacy codes and privacy policy languages should address: </li></ul><ul><ul><li>Emerging social-centric privacy risks (such as spillovers, denigration, visibility etc) </li></ul></ul><ul><ul><li>The current shift in data handling responsibility and the model of interaction in the Web </li></ul></ul>

×