Centre for Internet & Society

While “privacy” on social network sites remains a highly ambiguous notion, much debate surrounding the issue to date has focused on privacy as the nonpublic-ness of personal information. However, as these social platforms become sites for diverse forms of “networking”, privacy must also be popularly conceptualized as control over personal data flows.


The perils of information exposure and the loss of privacy on social network sites (SNS) has become a talked about issue. Information once considered has private has in many instances become viewable by unintended audiences of parents, colleagues, college admission officers, employers, even the courts.  The recent Facebook privacy scandal, which left sensitive personal information for millions of users open and searchable via Google, heightened privacy consciousness amongst users, public interest groups, and Facebook itself.  As the free flowing nature of information on the internet has redefined practices surrounding the disclosure of information, new and multidimensional privacy challenges have arose as a result. 

The much-celebrated ethos of “openness” continues to attract numerous and diverse users to SNS, and without a doubt, these platforms have enabled users to stay connected and share information with the people around them -- for better or worse. However, it is within this inherently open context that notions of privacy are continuously being challenged and redefined.   While a particular user may prefer to keep certain information widely available to attract “potential friends” within a certain network or social circle, it may go without saying that the same user may not be comfortable with a family member viewing that same information, or having personal information open access to third parties.  It is this iterative tension between “openness” and privacy which beckons the need to balance the openness of SNS with the privacy of its members.

Privacy as a Semi-Public Personal Space

Most commonly, privacy has been interpreted by users as a “lack of access”, or the degree to which they are able to protect their information from the public gaze.  Various research examining the privacy (mal)practices of users have also, by in large, conceptualized privacy within this public/private binary.  The most popular SNS today do allow users to careful define their privacy level.  However, whether or not the information of a user remains open, restricted, or private will depend on the privacy preferences unique to the user, and to some degree, the architecture of a particular SNS.  Inferring from privacy in practice, researchers have generally labeled users as privacy fundamentalists, pragmatics, or the marginally concerned .  While making this distinction has been useful, is important to note that the diversity and complexity of relationships within a single networked space obscures the inherent simplicity of such typology.  With many online social networks becoming representative of offline affiliation, the challenges inherent to maintaining a diverse number of social relations online may lead researchers to interpret uncertain privacy practices as paradoxical.  Such a notion also calls into question the utility of categorizing users according to their privacy practices.

To illustrate such complexity, many users today are compelled to join sub-networks or groups within these sites, which then cluster users and relax the privacy settings between them.  While a college student may wish to keep weekend outings hidden from the professors they have connected with, they may also be tempted to reveal such information with his network of peers-- to which the professors may belong. The open nature of these sub-networks are inherently valuable for maintaining offline affiliations, friendships and collegial relationship. However, this also increases the likelihood invisible audiences of unintended users may gain access to potentially unflattering information to an .  By joining a network on Facebook, for example, the personal information of a users profile page becomes open to all “friends and networks”, even if the users may previously had their information set behind a more granular privacy settings. 

Within these open spaces, the ability of users to make appropriate or selective disclosures of information is becoming obscured.  While Facebook does allow for users to alter the settings after joining a network, such “openness by default” may catch many users off guard or only be brought to their attention once they face its negative repercussions.  Because the maintenance of a wide variety of such social relationships depends on the disclosure/non-disclosure of certain types of information, privacy in praxis has become an act of balancing the utility of social network with the privacy concerns they present. Users are now faced with the challenge of classifying certain pieces of information public or non public, or determining suitable practices of disclosures amongst a diverse social graph. It is not to be expected that such decisions will become easier within a context whose architecture is built on openness to make it “easier for friends to find, identify, and learn about you”. 

Privacy as Control over the Flow of Information

While the classification and coding of information vis-à-vis a diverse set of relationships forms the base of practice for most of the privacy conscious, this paradigm of privacy remains rather limited within a defined network of individuals, whether they be “friends”, within an intended audience, or not.  Within this framework, information is understood as being either socially or institutionally sensitive, as its exposure may affect certain social or institutional relationships.  Given the spatial and temporal context the “social profile” gives to personal information, it is reasonable to see how popular understandings of privacy have been within the public/private paradigm.

While this may be the case, it is important that users observe how the inherently “networked” nature of these spaces complicates the common privacy paradigm.  When a user joins a SNS, they enter into a complex and opaque set of networked relationships beyond those with their “friends” and “friends of friends”.  There exists sub-networks of third-party actors which constitute corporate entities, their partners and affiliates --may they be advertisers, third party developers, or a broad range of other service providers.  Many of which are granted access to your information in varying forms and for differing reasons.  With the introduction of the Open Social network, fronted by Google and various social advertising and developers networks, the ability for one to maintain the control and integrity of their information or “data” has become an increasingly complex endeavor.   

While the importance of maintaining non-public social spaces online should not be diminished, in a time when collecting, storing, aggregating and disseminating information has become increasingly easy and cost-effective, users of SNS must begin to conceptualize online privacy in a way which extends past the social context popularly understood to give “information” meaning.   Once information loses its contextual place of meaning, which may be the profile itself, users seem less apt to consciously consider the collection and dissemination of such data as a breach of privacy, or even a concern at all.  It may be true that the socially sensitive nature of such data is reduced once it is disassociated with a particular user, or that the click stream patterns and other information collected by advertisers through cookies may not always pose a direct and potential threat to our privacy as we’ve thus far conceived it.  However, a brief glance at the privacy policies, terms of use, and on-site practices of a few SNS illuminates that privacy must be seen as the control over the flows of personal information.that

Privacy vis-à-vis Third Parties

As many have illuminated, SNS are commercial enterprises with a business model based on the harvesting of personal information for marketing and other purposes.  Therefore, it may be naive for a users to believe what happens on these sites stays on these sites, or that privacy settings, however granular they may be, grants them adequate control over their information.  While SNS such as Bebo state that they “take your privacy very seriously”, the onus is on the user to determine whether or not the privacy standards of third party applications are up to par.  The transfer of responsibility for monitoring the privacy practices of third parties is characteristic of many popular SNS.  MySpace states in their privacy policy that they do not “control third parties” and cannot “dictate their actions”, while Facebook similarly states that they cannot guarantee that such third parties will “follow their rules”. 

As third parties are often governed by their own privacy policies, the unmonitored and unenforced nature of these networked relationships places further responsibility on the individual users to ensure that privacy practices are adequate.  This becomes quite difficult on SNS like Facebook, where third party developers are granted access to the personal information of all you and all your network members, including photos, videos, and other biographical information.

The relatively anonymous nature of these parallel sub-networks also obscures the ability of the user to take control over the accessibility of their information.  Further, the privacy policies of the various SNS give no indication as to “who” their affiliates, partners, and service providers are.  Most SNS also reserve the right to transfer personally identifiable information to its partners and affiliates if they have a “business reason to do so” and in all cases, advertisers are subject to their own privacy policies with regards to the information they collect -- some of it personally identifiable.  To complicate matters, all of the leading SNS, including Facebook, Orkut, Myspace, and Bebo, reserve the right to collect information about you from other companies and publicly available sources.  It is unclear as to what information is being collected or for what purposes, and unfortunately, such information is effectively kept “private”.

Redefining Privacy on Social Network Sites

Social network sites can be seen as open spaces which allow users to maintain diverse personal relationships.  However, the somewhat anonymous parallel networks of third parties which exist on these sites threatens the “open nature” of these sites vis-à-vis our privacy.  While users may maintain that the information they have provided is kept secure and private, these parallel third party networks negates the control an individual may assert over the flow of their information.   It is within this context that privacy needs to be conceptually redefined in relation to both user “information” as it appears on a social profile, and “data” once it is processed by third parties.  There is a need for an alternative paradigm to privacy on SNS which takes into consideration the flow, retention and use of personal information. 

While it may be too early to determine whether or not the expected digital dossiers complete with complex user-specific biographical data will be developed or come to threaten our privacy in a fundamentally new way, it is also premature and erroneous to assume that traditional notions of privacy are fundamentally antithetical to the net.  As communication become increasingly mediated by digital technologies, so to should our perceptions of privacy and ways of preserving it.  SNS must also become responsible for ensuring greater transparency in the flows and uses of personal information, working to standardize the privacy policies in such a way that makes the user experience one which is seamless with respect to privacy practices.  Initiatives such as the W3C’s P3P are a promising step towards nurturing a more nuanced understanding of privacy among internet users.  Only through understanding privacy as the control over the flows of personal information can be balance the interests of SNS users with the business models of these “open” networked spaces.

Top of Form

 

Filed under:
The views and opinions expressed on this page are those of their individual authors. Unless the opposite is explicitly stated, or unless the opposite may be reasonably inferred, CIS does not subscribe to these views and opinions which belong to their individual authors. CIS does not accept any responsibility, legal or otherwise, for the views and opinions of these individual authors. For an official statement from CIS on a particular issue, please contact us directly.