Title: Towards improving existing online social networks' privacy policies

Authors: Alexandra K. Michota; Sokratis K. Katsikas

Addresses: Systems Security Laboratory, Department of Digital Systems, School of Information and Communication Technologies, University of Piraeus, 150 Androutsou St. Piraeus 18532, Greece ' School of Pure and Applied Sciences, Open University of Cyprus, 33 Giannou Kranidioti Ave. Latsia 2220, Nicosia, Cyprus; Center for Cyber and Information Security, Norwegian University of Science and Technology, P.O. Box 191, Gjøvik N-2802, Norway

Abstract: The privacy policies of online social network (OSN) service providers are criticised as falling short of satisfying their users' privacy expectations letting huge quantities of their personally identifiable information (PII) exposed to unknown audiences. The purpose of this paper is twofold: to assess the conformance of the privacy policies applied in the five topmost leading OSNs to an internationally acknowledged benchmark such as the ISO 29100:2011 standard, and to propose improvements based on the findings of the assessment. Further, as serious mismatches between these privacy policies and the adherence criteria set out in the ISO 29100:2011 standard were identified, a data lifecycle model is proposed as the basis for an improved OSN privacy policy. A restructuring of the existing policies according to the data lifecycle model will allow them to enjoy characteristics that are known to be important in forming users' perceptions.

Keywords: privacy policy; standards; social networks; ISO29100:2011; PII lifecycle.

DOI: 10.1504/IJIPSI.2018.092062

International Journal of Information Privacy, Security and Integrity, 2018 Vol.3 No.3, pp.209 - 229

Received: 27 Apr 2017
Accepted: 14 Feb 2018

Published online: 30 May 2018 *

Full-text access for editors Access for subscribers Purchase this article Comment on this article