Privacy codes of practice developed in the 1980s in response to the concerns about the introduction of computerized databases, automated personal information processing systems, and easy transmission of personal information across national and international boundaries. The current data-practice guidelines, laws, and model-codes have been modeled based on these early codes. Starting from the early 2000, the socialization of the Web introduced a new kind of private information flow model and new privacy risks. In this paper, we analyzes the core principles of existing privacy codes with respect to emerging social-centric privacy risks. Our major contribution in this work is twofold. Legally - this evaluation is useful to enhance current privacy codes for the Social Web. Technically - this evaluation is useful to design the future social-centric privacy policy languages and their data handling specifications.
Using Web 2.0 tools to drive take-up and engagement
Privacy Codes of Practice for the Social Web: The Analysis of Existing Privacy Codes and Emerging Social-Centric Privacy Risks
1. Privacy Codes of Practice
for the Social Web:
The Analysis of Existing Privacy Codes and
Emerging Social-Centric Privacy Risks
Girma Nigusse & Bart De Decker
3. Privacy Risks in
Social Network Sites
profiles mostly represent genuine identities,
profiles regularly updated by users,
default profile visibility is public,
users do not change default settings,
crawling public profiles is easy,
4. Private Information
Flow Model
Web = client/server, request/response,
unidirectional
Private information flow model in the Web
5. Private Information
Flow Model
Social Web = interactive,
participatory, content-
regeneration,
multidirectional
Blogging, bookmarking,
tagging, sharing,
befriending etc
Private information flow model in the Social Web
6. 1. Transparency
Identity of the SP, purpose, data retention, user
participation, recipients, accountability, and
security.
Befriending = exchanging profile information
Third parties = direct access to user data
Policy authoring = user transparency
7. 2. Consent
Primary and Secondary consent
Third parties = profile information collection is
mostly invisible, no software license agreement,
terms of use or privacy policy
Social software features = boost profile
information sharing, linking, aggregation
without users’ explicit consent
Spillovers = unauthorized disclosure
8. 3. User Participation
Users’ right to access, challenge its correctness,
amend, erase, or block their private data.
Intuitive profile editing tools
9. 4. Data Quality
collected private data should be accurate,
complete, and up-to-date
SNS users update their profile regularly
Profile = digital dossier
Fake characters (Fakesters)
Denigration = pretending to be someone in
order to damage others
11. peo- formation. Users should also take appropriate measures to
es. In safeguard other users’ private information. In Table 1, ser-
bility
most
Gross
Discussion
vice providers, third-party service, and third-party applica-
tion providers are generally considered as service providers.
Wills
rofile Table 1: The responsibilities (Resp.) and rights of users (U)
, and and service providers (SP) in the Web and the Social Web.
Chen
, ser- Web Social Web
man- Right Resp. Right Resp.
y op- Codes U SP U SP U SP U SP
ures. Transparency
com- Consent
ermi- Participation
osted Data quality
eover, Security
t only Enforcement
ioned
n the
s, but In the Social Web, privacy protection must consider the
12. Conclusion
Future privacy codes and privacy policy
languages should address:
Emerging social-centric privacy risks (such
as spillovers, denigration, visibility etc)
The current shift in data handling
responsibility and the model of interaction in
the Web