Efficacy of GDPR’s Right-to-be-Forgotten on Facebook

  • Vishwas T. PatilEmail author
  • R. K. Shyamasundar
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11281)


Online social networks (OSNs) like Facebook witness our online activities either by our consent or by bartering our desire to avail free services. Being a witness, OSNs have access to users’ personal data, their social relationships and a continuous flow of their online interactions from various tracking techniques the OSNs deploy in collaboration with the content providers across the Internet. Users’ behavioral data critical in predicting their interests, which is not only useful in targeting the users with relevant advertisements but also in clustering them into distinct personality traits that are useful in effective persuasion. Realizing the potential privacy implications of such a collection and usage of personally identifiable data and its potential misuse, the European Union has enacted a law, referred to as GDPR, to regulate the way collection and processing of personal data occurs. One of the core tenets of this regulation is the right-to-be-forgotten. In this paper, we analyze the efficacy of this tenet and the challenges when it is invoked by users on online social networks like Facebook. We investigate the reasons behind these challenges and associate their causes to the nature of the communication on social networks in general, the business model of such social platforms, and the design of the platform itself; say for Facebook. In short, in its current form, if the right-to-be-forgotten tenet of GDPR is to be enforced in its spirit, it will jeopardize Facebook’s business model.


Online social network Privacy Linkability Inverse privacy GDPR 


  1. 1.
    Acar, G., Eubank, C., Englehardt, S., Juarez, M., Narayanan, A., Diaz, C.: The web never forgets: persistent tracking mechanisms in the wild. In: ACM CCS 2014, pp. 674–689 (2014)Google Scholar
  2. 2.
    Barth, A., Datta, A., Mitchell, J.C., Nissenbaum, H.: Privacy and contextual integrity: framework and applications. In: IEEE S&P 2006, pp. 184–198 (2006)Google Scholar
  3. 3.
    Chaabane, A., Kaafar, M.A., Boreli, R.: Big friend is watching you: analyzing online social networks tracking capabilities. In: Proceedings of ACM Workshop on Online Social Networks, pp. 7–12. ACM (2012)Google Scholar
  4. 4.
    Costa, P.T., McCrae, R.R.: The Five-Factor Model, Five-Factor Theory, and Interpersonal Psychology, Chap. 6, pp. 91–104. Wiley-Blackwell, Hoboken (2012)Google Scholar
  5. 5.
    De Montjoye, Y.A., Hidalgo, C.A., Verleysen, M., Blondel, V.D.: Unique in the crowd: the privacy bounds of human mobility. Sci. Rep. 3, 1376 (2013)CrossRefGoogle Scholar
  6. 6.
    DeKoven, L.F., Savage, S., Voelker, G.M., Leontiadis, N.: Malicious browser extensions at scale: bridging the observability gap between web site and browser. In: 10th USENIX Workshop on Cyber Security Experimentation and Test (CSET 17) (2017)Google Scholar
  7. 7.
    Esteve, A.: The business of personal data: Google, Facebook, and privacy issues in the EU and the USA. Int. Data Priv. Law 7(1), 36–47 (2017)CrossRefGoogle Scholar
  8. 8.
  9. 9.
    Forbrukerrådet: Deceived by Design: how tech companies use dark patterns to discourage us from exercising our rights to privacy, Norwegian Consumer Council (2018).
  10. 10.
    FTC: Protecting Consumer Privacy in an Era of Rapid Change: Recommendations for Businesses and Policymakers (2012).
  11. 11.
    Gurevich, Y., Hudis, E., Wing, J.M.: Inverse privacy. Commun. ACM 59(7), 38–42 (2016)CrossRefGoogle Scholar
  12. 12.
    International Personality Item Pool: The 3,320 IPIP Items in Alphabetical Order (2018).
  13. 13.
    Kosinski, M., Stillwell, D., Graepel, T.: Private traits and attributes are predictable from digital records of human behavior. Proc. Natl. Acad. Sci. 110(15), 5802–5805 (2013)CrossRefGoogle Scholar
  14. 14.
    Kristensen, J.B., lbrechtsen, T., Dahl-Nielsen, E., Jensen, M., Skovrind, M., Bornakke, T.: Parsimonious data: how a single Facebook like predicts voting behavior in multiparty systems. PLOS ONE 12(9), 1–12 (2017)CrossRefGoogle Scholar
  15. 15.
    Edwards, L.: Cambridge Analytica and the deeper malaise in the persuasion industry (2018).
  16. 16.
    Leon, P.G., et al.: What matters to users?: factors that affect users’ willingness to share information with online advertisers. In: SOUPS, pp. 7:1–7:12. ACM (2013)Google Scholar
  17. 17.
    McCallister, E., Grance, T., Scarfone, K.A.: SP 800–122. Guide to protecting the confidentiality of personally identifiable information (PII). Technical report, National Institute of Standards and Technology (2010)Google Scholar
  18. 18.
    de Montjoye, Y.A., Radaelli, L., Singh, V.K., Pentland, A.: Unique in the shopping mall: on the reidentifiability of credit card metadata. Science 347(6221), 536–539 (2015)CrossRefGoogle Scholar
  19. 19.
    Ohm, P.: Broken promises of privacy: responding to the surprising failure of anonymization. UCLA Law Rev. 57, 1701 (2009, 2010)Google Scholar
  20. 20.
    Patil, V.T., Jatain, N., Shyamasundar, R.K.: Role of apps in undoing of privacy policies on facebook. In: Kerschbaum, F., Paraboschi, S. (eds.) DBSec 2018. LNCS, vol. 10980, pp. 85–98. Springer, Cham (2018). Scholar
  21. 21.
    Patil, V.T., Shyamasundar, R.K.: Privacy as a currency: un-regulated? In: Proceedings of the 14th International Joint Conference on e-Business and Telecommunications (ICETE 2017). SECRYPT, vol. 4, pp. 586–595. SciTePress (2017)Google Scholar
  22. 22.
    Patil, V.T., Shyamasundar, R.K.: Undoing of privacy policies on Facebook. In: Livraga, G., Zhu, S. (eds.) DBSec 2017. LNCS, vol. 10359, pp. 239–255. Springer, Cham (2017). Scholar
  23. 23.
    Portokalidis, G., Polychronakis, M., Keromytis, A.D., Markatos, E.P.: Privacy-preserving social plugins. In: USENIX Security Symposium, pp. 631–646 (2012)Google Scholar
  24. 24.
    ProPublica Data Store: Facebook ad categories (2016).
  25. 25.
    Quercia, D., Lambiotte, R., Stillwell, D., Kosinski, M., Crowcroft, J.: The personality of popular Facebook users. In: Proceedings of the ACM 2012 Conference on Computer Supported Cooperative Work, pp. 955–964 (2012)Google Scholar
  26. 26.
    Schneier, B.: Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World. W. W. Norton & Company, New York City (2015)Google Scholar
  27. 27.
    Youyou, W., Kosinski, M., Stillwell, D.: Computer-based personality judgments are more accurate than those made by humans. Proc. Natl. Acad. Sci. 112(4), 1036–1040 (2015)CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  1. 1.Information Security R&D Center, Department of Computer Science and EngineeringIndian Institute of Technology BombayMumbaiIndia

Personalised recommendations