Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Privacy and Social Networks


Published on

Presentation for Internet Governance Forum on workshop "Governance of Social Media"

Published in: Technology, News & Politics
  • Be the first to comment

  • Be the first to like this

Privacy and Social Networks

  1. 1. Privacy and social networks Ian Brown (Oxford Internet Institute) Lilian Edwards (Sheffield University)
  2. 2. “ Sensitive” personal data <ul><li>Do Social Networking Sites contain: </li></ul><ul><li>“ personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, and the processing of data concerning health or sex life.” ( Article 8 Data Protection Directive) </li></ul>
  3. 3. Tagging <ul><li>Should you have a right to control what is “tagged” with your name or identifier? </li></ul><ul><li>Facebook lets you control who can find “your” tags </li></ul><ul><li>A29WP: “Users should be advised by SNS that pictures or information about other individuals, should only be uploaded with the individual’s consent.” </li></ul>
  4. 4. Tag control <ul><li>You can control who sees items tagged as you </li></ul><ul><li>Not possible in sites that expose tags to search engines </li></ul>
  5. 5. Facebook applications <ul><li>Over 350,000 active apps as of June 2009 </li></ul><ul><li>X’s consent may reveal personal data about Y </li></ul><ul><li>Canadian Privacy Commissioner: “ Facebook should be doing much more to ensure that meaningful consent is duly obtained from users when developers access their personal information [and] technological safeguards that will not simply forbid, but effectively prevent, developers’ unauthorized access to personal information that they do not need.” </li></ul>
  6. 6. Reasonable expectations? <ul><li>Oxford students fined on basis of Facebook photos of exam celebrations. Whose “fault”? </li></ul><ul><ul><li>Students who didn’t take appropriate security measures using available tools? </li></ul></ul><ul><ul><li>Oxford for snooping on a “private place”? </li></ul></ul><ul><ul><li>Facebook because it did not provide the right defaults for a “reasonable expectation of privacy”? </li></ul></ul><ul><li>A29WP: “ SNS should ensure privacy-friendly and free of charge default settings are in place restricting access to self-selected contacts” </li></ul><ul><li>Canadian Privacy Commissioner: “Facebook’s default settings in respect of photo albums and search engines do not meet users’ reasonable expectations” </li></ul>
  7. 7. User population issues <ul><li>If adults rarely take steps to protect their privacy, should we expect teenagers to? Risk awareness; jam today; culture of disclosure. But when FB users grow up.. </li></ul><ul><li>What would make kids privacy-aware? </li></ul><ul><li>Wired July 17 2007 report => “It seems the privacy threat is not so much Big Brother as your mother.” </li></ul><ul><li>Some suggestions of default of no spider-able profiles for under 18s on SNSs. </li></ul><ul><li>Some sites much more protective – cf Bebo. </li></ul>
  8. 8. Individuals ≠ data controllers <ul><li>How sustainable is Lindqvist? </li></ul><ul><li>A29WP: “when access to a profile is provided to all members within the SNS or the data is indexable by search engines, access goes beyond the personal or household sphere.” </li></ul><ul><li>Better privacy protection by infomediaries? </li></ul><ul><ul><li>Defaults/Nudges? </li></ul></ul><ul><ul><li>Expedited temporary restrictions on sharing? </li></ul></ul>
  9. 9. How to further privacy on Facebook and SNSs? <ul><li>EU Data Protection law on the whole requires consent to legitimise data collection, processing and transfer </li></ul><ul><li>Is the consent given when signing up for Facebook (and apps) good enough? Informed? “Explicit” for sensitive data? </li></ul><ul><li>Should current consent expose users to future risks? “The eternal memory of Google” </li></ul><ul><li>Can T & C which exclude liability for privacy and security breaches be potentially void as unfair consumer terms? </li></ul><ul><li>Some ideas: </li></ul><ul><ul><li>A legal regime requiring that defaults be provided at the most privacy-friendly setting? </li></ul></ul><ul><ul><li>Automatic expiration of data? </li></ul></ul>
  10. 10. References <ul><li>L. Edwards & I. Brown (2009) Data Control and Social Networking: Irreconcilable Ideas? In A. Matwyshyn (ed.) Harboring Data: Information Security, Law and the Corporation , Stanford University Press, 202-227. </li></ul><ul><li>Office of the Federal Privacy Commissioner, PIPEDA Case Summary #2009-008: CIPPIC against Facebook </li></ul><ul><li>Article 29 Working Party Opinion 5/2009 on online social networking </li></ul>