Abstract
Privacy management in online social networks (OSNs) is a major concern. However, the complexity of privacy policies and the plethora of privacy controls make it very difficult to assess whether the controls adequately implement the intended policies. This paper proposes a method to assess the degree of traceability between privacy policies and privacy controls in OSNs. The resulting analysis enables one to pinpoint key privacy management gaps that must be plugged. The method can be utilised by privacy watchdogs, user rights groups as well as OSNs themselves to assess the effectiveness of privacy measures.
Keywords
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
http://www.pewinternet.org/Commentary/2012/March/Pew-Internet-Social-Networking-full-detail.aspx (last accessed December 4, 2012): Pew internet: Social networking
http://www.businessinsider.com/facebook-now-has-900-million-monthly-users-2012-4 , Facebook now has 901 million monthly users (2012) (last accessed: December 4, 2012)
http://epic.org , Electronic privacy information center (last accessed: December 4, 2012)
http://www.ftc.gov/reports/privacy3/ , Privacy online: A report to congress (1998) (last accessed: December 12, 20102)
http://eur-lex.europa.eu/LexUriServ/LexUriServ Eu data directive 95/46/ec (2011) (last accessed: December 4, 2012):
http://www.bbc.co.uk/news/technology-17205754 Google privacy changes ’breach eu law, (last accessed: December 4, 2012)
http://blog.facebook.com/ Facebook - new privacy controls (2011) (last accessed: December 12, 2012)
Bonneau, J., Preibusch, S.: The privacy jungle: on the market for data protection in social networks. In: Economics of Information Security and Privacy. Springer, US (2010)
Brandtzaeg, P.B., Lüders, M.: Privacy 2.0: Personal and consumer protection in new media reality. Tech. Rep. SINTEF A12979 (November 2009)
Singh, R., Sumeeth, M., Miller, J.: A user-centric evaluation of the readability of privacy policies in popular web sites. Information Systems Frontiers (2010)
Majeski, M., Johnson, M., Bellovin, S.M.: The failure of online social network privacy settings. Technical Report CUCS-010-11 (February 2011)
Anthonysamy, P., Greenwood, P., Rashid, A.: Can privacy policies be traced to privacy controls on social networking sites?: A qualitative study. IEEE Computer (2012) (accepted and to appear)
Young, J.: Commitment analysis to operationalize software requirements from privacy policies. Requirements Engineering (2011)
Young, J., Anton, A.: A method for identifying software requirements based on policy commitments. In: 2010 18th IEEE International Requirements Engineering Conference (RE), September 27-October 1 (2010)
Antón, A.I., Earp, J.B., Carter, R.A.: Precluding incongruous behavior by aligning software requirements with security and privacy policies. Information & Software Technology (2003)
Breaux, T., Antón, A.: Analyzing regulatory rules for privacy and security requirements. IEEE Trans. Softw. Eng. (January 2008)
Squicciarini, A.C., Bhargav-Spantzel, A., Czeskis, A., Bertino, E.: Traceable and automatic compliance of privacy policies in federated digital identity management. In: Danezis, G., Golle, P. (eds.) PET 2006. LNCS, vol. 4258, pp. 78–98. Springer, Heidelberg (2006)
Cleland-Huang, J., Czauderna, A., Gibiec, M., Emenecker, J.: A machine learning approach for tracing regulatory codes to product specific requirements. In: ICSE (2010)
Antoniol, G., Canfora, G., de Lucia, A., Casazza, G.: Information retrieval models for recovering traceability links between code and documentation. In: Proceedings of the International Conference on Software Maintenance (ICSM 2000). IEEE Computer Society, Washington, DC (2000)
Marks, D., Yardley, L.: Research Methods for Clinical and Health Psychology, 3rd edn. Sage Publications, Inc. (2004)
Antón, A.I., Earp, J.B.: A requirements taxonomy for reducing web site privacy vulnerabilities. Requirements Engineering (2004)
Schneier, B.: A taxonomy of social networking data. IEEE Security Privacy (July-August 2010)
Moisil, G.: Lectures on the logic of fuzzy reasoning. Scientific Editions, Bucareat (1975)
http://en.wikipedia.org/wiki/List_of_social_networking_websites , List of social networks (2011) (last accessed: December 4, 12)
http://www.ico.gov.uk/for_organisations/privacy_and_electronic_communications/the_guide/cookies.aspx , New eu cookie law (e-privacy directive) (last accessed: December 4, 2012)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Anthonysamy, P., Greenwood, P., Rashid, A. (2014). A Method for Analysing Traceability between Privacy Policies and Privacy Controls of Online Social Networks. In: Preneel, B., Ikonomou, D. (eds) Privacy Technologies and Policy. APF 2012. Lecture Notes in Computer Science, vol 8319. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-54069-1_12
Download citation
DOI: https://doi.org/10.1007/978-3-642-54069-1_12
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-54068-4
Online ISBN: 978-3-642-54069-1
eBook Packages: Computer ScienceComputer Science (R0)