A Bill of Privacy Rights for Social Network Users

Social network service providers today are in a unique position. They are intermediaries and hosts to our communications, conversations and connections with loved ones, family, friends and colleagues. They have access to extremely sensitive information, including data gathered over time and from many different individuals.

Here at EFF, we’ve been thinking a lot recently about what specific rights a responsible social network service should provide to its users. Social network services must ensure that users have ongoing privacy and control over personal information stored with the service. Users are not just a commodity, and their rights must be respected. Innovation in social network services is important, but it must remain consistent with, rather than undermine, user privacy and control. Based on what we see today, therefore, we suggest three basic privacy-protective principles that social network users should demand:

  1. The Right to Informed Decision-Making – Users should have the right to a clear user interface that allows them to make informed choices about who sees their data and how it is used.Users should be able to see readily who is entitled to access any particular piece of information about them, including other people, government officials, websites, applications, advertisers and advertising networks and services.

    Whenever possible, a social network service should give users notice when the government or a private party uses legal or administrative processes to seek information about them, so that users have a meaningful opportunity to respond.

  2. The Right to Control – Social network services must ensure that users retain control over the use and disclosure of their data. A social network service should take only a limited license to use data for the purpose for which it was originally given to the provider. When the service wants to make a secondary use of the data, it must obtain explicit opt-in permission from the user. The right to control includes users’ right to decide whether their friends may authorize the service to disclose their personal information to third-party websites and applications.Social network services must ask their users’ permission before making any change that could share new data about users, share users’ data with new categories of people, or use that data in a new way. Changes like this should be “opt-in” by default, not “opt-out,” meaning that users’ data is not shared unless a user makes an informed decision to share it. If a social network service is adding some functionality that its users really want, then it should not have to resort to unclear or misleading interfaces to get people to use it.
  3. The Right to Leave – Users giveth, and users should have the right to taketh away.One of the most basic ways that users can protect their privacy is by leaving a social network service that does not sufficiently protect it. Therefore, a user should have the right to delete data or her entire account from a social network service. And we mean really delete. It is not enough for a service to disable access to data while continuing to store or use it. It should be permanently eliminated from the service’s servers.

    Furthermore, if users decide to leave a social network service, they should be able to easily, efficiently and freely take their uploaded information away from that service and move it to a different one in a usable format. This concept, known as “data portability” or “data liberation,” is fundamental to promote competition and ensure that users truly maintains control over their information, even if they sever their relationship with a particular service.


Related Posts

Data Privacy Day is January 28, 2010! Around the globe, people use powerful technologies and devices every day to improve their lives. Businesses develop software, build hardware and prov...
The Anatomy of a Modern GPL Violation I've been thinking the last few weeks about the evolution of the GPL violation. After ten years of being involved with GPL enforcement, it seems like ...
Enforcement of the GNU GPL in Germany and Europe A. Rationale for enforcement of the GPL - At present, the enforcement of the GPL license conditions is driven by single developers and organizations s...
In Networks We Trust European researchers are proposing a paradigm-shifting solution to trusted computing that offers better security and authentication with none of the d...
FreeBSD and the GPL Linus Torvalds has said Linux wouldn't have happened if 386BSD had been around when he started up. We trace the history of FreeBSD and how it's affect...
The Beginning of the End of Data Retention Last week, the German Constitutional Court issued a much-anticipated decision, striking down its data retention law as violating human rights. It was ...

We Recommend These Vendors and Free Offers

ContainerizeThis 2016 is a free, 2-day conference for all things containers and big data. Featured, will be presentations and free, hands-on workshops. Learn more at ContainerizeThis.com

Launch an SSD VPS in Europe, USA, Asia & Australia on Vultr's KVM-based Cloud platform starting at $5:00/month (15 GB SSD, 768 MB of RAM).

Deploy an SSD Cloud server in 55 seconds on DigitalOcean. Built for developers and starting at $5:00/month (20 GB SSD, 512 MB of RAM).

Want to become an expert ethical hacker and penetration tester? Request your free video training course of Online Penetration Testing and Ethical Hacking

Whether you're new to Linux or are a Linux guru, you can learn a lot more about the Linux kernel by requesting your free ebook of Linux Kernel In A Nutshell.

Leave a Comment

Your email address will not be published. Required fields are marked *