Privacy in Social Network Sites

Privacy and Identity-relevant Information in Social Network Sites

Privacy Risks for Users of Social Network Sites

leave a comment »

My thesis on ‘Privacy Risks for Users of Social Network Sites’ is almost finished. I am very happy with the research results and the founded insights that Social Network Sites do cause privacy risks for users, but that it is possible to identify these risks and design preventive measures. I did not want to withhold the summary of my thesis to you, so find it below.

Social Network Sites (SNS) are websites that allow users to upload information to a public profile, create a list of online friends, and browse the profiles of other users of the SNS. The websites have membership rules and community standards. Users disclose identity-relevant information via their profile to others. This information is either referential, directly referring to a person, or attributive, describing attributes to the data subject. Although most laws and regulations restrict the access to referential information, attributive information is not protected as such. However, the aggregation of large amounts of attributive information on SNS profiles poses new privacy risks.

Information spreads faster through a Social Network Sites than through a real-life network. Information might be disclosed to a group of people unexpectedly, because the digital information is easy copyable, can be stored indefinitely and is searchable.  It especially  harms users when information travels through different spheres, and ends up with people whom it was not intended for. 

Furthermore, Social Network Sites have financial incentives to generate revenues from the information users upload. The usage of most of these websites is free, and SNS have to make up for the incurred costs by generating revenues from the identity-relevant information of their users. The most common way to achieve this is to create marketing profiles of users and serve them with targeted ads. As SNS and their marketing partners obtain more information about their users, informational inequality arises. Because the SNS have more information about their users and users are not in a position to bargain about the terms at which they disclose their information, an architecture of control surfaces, leaving the users vulnerable to harms.

Indeed, digital files of users are maintained that try to resemble the real person as closely as possible. Other users can contribute to this profile by uploading photos or text about the users, often without the user’s informed consent. This raises serious questions about the user’s control over his own identity-relevant information and his ability to construct his own moral identity within a SNS. Because SNS also collect information from other websites, with or without the user’s consent, the user is restricted in his moral autonomy. 

A fourth reason to restrict access to the information is the prevention of information-based harm. Some activities that harm users need specific information on the data subject before they can be executed, such as a Social Security Number to obtain credit. Indeed, your address and current employer can be used to determine when you are not home and this increases the possibility of criminals breaking into your house.

The activities that harm users are grouped into information collection, information processing and information dissemination. This classification helps in identifying the specific activities that cause harm to users, and design measures to prevent these activities and the damage they cause.

The survey shows that there are three main privacy risks for users of Social Network Sites: Total Information Awareness, dissemination to wrongdoers and no control over your identity-relevant information.

Social Network Sites track the activity of their users on their own websites and those of their marketing partners. They are able to gather unprecedented amounts of secondary personal information on their users, sometimes even without the informed consent of the users. An architecture of vulnerability emerges when the government collects this information and uses it to control its citizens. A Dutch judge found the private profile of a SNS user public, because people can be added to the friends list easily. Studies for the United States government have shown that it is easy to collect data from public Internet sources as SNS and connect them to existing government databases. This could lead to the chilling of free speech with respect to political dissidents.

Because of the great amount of identity-relevant information, which disseminates easily through a Social Network Sites, this could end up easily with wrongdoers. Stalkers, bullies and predators use the attributive information on SNS to identify with their victim and use the referential data to contact them. The profiles of users combined with the ease of contacting a user make SNS a useful platform for wrongdoers. The information on the websites can also easily be used to damage someone’s reputation, and with the large amount of attributive data on SNS, it is not difficult to reverse engineer information needed to steal someone’s identity. Although there is no proof that these things are affecting all users of SNS, experts agree that they affect a significant amount of users and can cause great damage to the users.

Social Network Sites interpret the consent that users give when signing up for their services as a broad informed consent, which can be stretched to secondary usage. In reality, users have minimal information and no control over secondary use of their information, the selling of their information or the disclosure of their information to groups unwanted, by the SNS. Above all, others can post information about the user, which can only be deleted after the fact, if possible at all. Information is posted about non-users, but they can not delete this, unless they become members.

Conventional laws and regulations do not address these issues. Of the American tort laws, only the publication of private facts tort and the appropriation tort seem to address the problems mentioned above. However, it is hard to proof that the facts are private when a user posts them on a SNS profile and the monetary damage is in both cases difficult to measure. Social Network Sites violate many of the Fair Information Practices as set forth by the OECD and recognized by many countries. The usage of the information is not limited to the specified purpose and the processing of the information is  very covert. The privacy watchdogs in various countries do not have the right means to sanction SNS for violating the Fair Information Practices.

A more colloquial approach is needed. Harmful activities should be grouped into information collection, processing and dissemination and harm should  be defined by the four moral reasons to restrict access to identity-relevant information: information-based harm, informational inequality, information injustice and the inability to define one’s own moral identity. The activities that cause specific harms can be identified and constrained. It is recommended to design and start a policy development process in which relevant actors jointly identify preventive measures to minimize privacy risks for users of Social Network Sites.

Written by davidrip

September 25, 2008 at 12:10 pm

Posted in Uncategorized

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: