Abstract
Online social networks (OSNs) like Facebook witness our online activities either by our consent or by bartering our desire to avail free services. Being a witness, OSNs have access to users’ personal data, their social relationships and a continuous flow of their online interactions from various tracking techniques the OSNs deploy in collaboration with the content providers across the Internet. Users’ behavioral data critical in predicting their interests, which is not only useful in targeting the users with relevant advertisements but also in clustering them into distinct personality traits that are useful in effective persuasion. Realizing the potential privacy implications of such a collection and usage of personally identifiable data and its potential misuse, the European Union has enacted a law, referred to as GDPR, to regulate the way collection and processing of personal data occurs. One of the core tenets of this regulation is the right-to-be-forgotten. In this paper, we analyze the efficacy of this tenet and the challenges when it is invoked by users on online social networks like Facebook. We investigate the reasons behind these challenges and associate their causes to the nature of the communication on social networks in general, the business model of such social platforms, and the design of the platform itself; say for Facebook. In short, in its current form, if the right-to-be-forgotten tenet of GDPR is to be enforced in its spirit, it will jeopardize Facebook’s business model.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Data Transfer Project, https://datatransferproject.dev.
- 2.
The tyranny of convenience, Tim Wu, The New York Times, 16/2/2018.
- 3.
How News Feed Works, https://www.facebook.com/help/1155510281178725.
- 4.
- 5.
- 6.
- 7.
Facebook’s Onavo gives social-media firm inside peek at rivals’ users, WSJ, Aug 2017. https://www.wsj.com/articles/facebooks-onavo-gives-social-media-firm-inside-peek-at-rivals-users-1502622003.
- 8.
How does Facebook work with data providers?, Facebook. https://www.facebook.com/help/494750870625830.
- 9.
In 2016, ProPublica collected, through crowd-sourcing, more than 52,000 unique attributes (categories/data points) that Facebook had used to classify users [24].
- 10.
- 11.
A Free and Fair Digital Economy: Protecting Privacy, Empowering Indians. http://meity.gov.in/writereaddata/files/Data_Protection_Committee_Report.pdf.
- 12.
- 13.
- 14.
- 15.
Facebook admits it does track non-users, for their own good, The Register, Apr 2018. https://www.theregister.co.uk/2018/04/17/facebook_admits_to_tracking_non_users/.
- 16.
- 17.
Net neutrality blocked ISPs from providing services subsidized with advertising.
References
Acar, G., Eubank, C., Englehardt, S., Juarez, M., Narayanan, A., Diaz, C.: The web never forgets: persistent tracking mechanisms in the wild. In: ACM CCS 2014, pp. 674–689 (2014)
Barth, A., Datta, A., Mitchell, J.C., Nissenbaum, H.: Privacy and contextual integrity: framework and applications. In: IEEE S&P 2006, pp. 184–198 (2006)
Chaabane, A., Kaafar, M.A., Boreli, R.: Big friend is watching you: analyzing online social networks tracking capabilities. In: Proceedings of ACM Workshop on Online Social Networks, pp. 7–12. ACM (2012)
Costa, P.T., McCrae, R.R.: The Five-Factor Model, Five-Factor Theory, and Interpersonal Psychology, Chap. 6, pp. 91–104. Wiley-Blackwell, Hoboken (2012)
De Montjoye, Y.A., Hidalgo, C.A., Verleysen, M., Blondel, V.D.: Unique in the crowd: the privacy bounds of human mobility. Sci. Rep. 3, 1376 (2013)
DeKoven, L.F., Savage, S., Voelker, G.M., Leontiadis, N.: Malicious browser extensions at scale: bridging the observability gap between web site and browser. In: 10th USENIX Workshop on Cyber Security Experimentation and Test (CSET 17) (2017)
Esteve, A.: The business of personal data: Google, Facebook, and privacy issues in the EU and the USA. Int. Data Priv. Law 7(1), 36–47 (2017)
European Union: 2018 reform of EU data protection rules (2018). https://ec.europa.eu/commission/priorities/justice-and-fundamental-rights/data-protection/2018-reform-eu-data-protection-rulesen
Forbrukerrådet: Deceived by Design: how tech companies use dark patterns to discourage us from exercising our rights to privacy, Norwegian Consumer Council (2018). https://fil.forbrukerradet.no/wp-content/uploads/2018/06/2018-06-27-deceived-by-design-final.pdf
FTC: Protecting Consumer Privacy in an Era of Rapid Change: Recommendations for Businesses and Policymakers (2012). https://www.ftc.gov/sites/default/files/documents/reports/federal-trade-commission-report-protecting-consumer-privacy-era-rapid-change-recommendations/120326privacyreport.pdf
Gurevich, Y., Hudis, E., Wing, J.M.: Inverse privacy. Commun. ACM 59(7), 38–42 (2016)
International Personality Item Pool: The 3,320 IPIP Items in Alphabetical Order (2018). https://ipip.ori.org/AlphabeticalItemList.htm
Kosinski, M., Stillwell, D., Graepel, T.: Private traits and attributes are predictable from digital records of human behavior. Proc. Natl. Acad. Sci. 110(15), 5802–5805 (2013)
Kristensen, J.B., lbrechtsen, T., Dahl-Nielsen, E., Jensen, M., Skovrind, M., Bornakke, T.: Parsimonious data: how a single Facebook like predicts voting behavior in multiparty systems. PLOS ONE 12(9), 1–12 (2017)
Edwards, L.: Cambridge Analytica and the deeper malaise in the persuasion industry (2018). http://blogs.lse.ac.uk/polis/2018/03/26/cambridge-analytica-a-symptom-of-a-deeper-malaise-in-the-persuasion-industry/
Leon, P.G., et al.: What matters to users?: factors that affect users’ willingness to share information with online advertisers. In: SOUPS, pp. 7:1–7:12. ACM (2013)
McCallister, E., Grance, T., Scarfone, K.A.: SP 800–122. Guide to protecting the confidentiality of personally identifiable information (PII). Technical report, National Institute of Standards and Technology (2010)
de Montjoye, Y.A., Radaelli, L., Singh, V.K., Pentland, A.: Unique in the shopping mall: on the reidentifiability of credit card metadata. Science 347(6221), 536–539 (2015)
Ohm, P.: Broken promises of privacy: responding to the surprising failure of anonymization. UCLA Law Rev. 57, 1701 (2009, 2010)
Patil, V.T., Jatain, N., Shyamasundar, R.K.: Role of apps in undoing of privacy policies on facebook. In: Kerschbaum, F., Paraboschi, S. (eds.) DBSec 2018. LNCS, vol. 10980, pp. 85–98. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-95729-6_6
Patil, V.T., Shyamasundar, R.K.: Privacy as a currency: un-regulated? In: Proceedings of the 14th International Joint Conference on e-Business and Telecommunications (ICETE 2017). SECRYPT, vol. 4, pp. 586–595. SciTePress (2017)
Patil, V.T., Shyamasundar, R.K.: Undoing of privacy policies on Facebook. In: Livraga, G., Zhu, S. (eds.) DBSec 2017. LNCS, vol. 10359, pp. 239–255. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-61176-1_13
Portokalidis, G., Polychronakis, M., Keromytis, A.D., Markatos, E.P.: Privacy-preserving social plugins. In: USENIX Security Symposium, pp. 631–646 (2012)
ProPublica Data Store: Facebook ad categories (2016). https://www.propublica.org/datastore/dataset/facebook-ad-categories
Quercia, D., Lambiotte, R., Stillwell, D., Kosinski, M., Crowcroft, J.: The personality of popular Facebook users. In: Proceedings of the ACM 2012 Conference on Computer Supported Cooperative Work, pp. 955–964 (2012)
Schneier, B.: Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World. W. W. Norton & Company, New York City (2015)
Youyou, W., Kosinski, M., Stillwell, D.: Computer-based personality judgments are more accurate than those made by humans. Proc. Natl. Acad. Sci. 112(4), 1036–1040 (2015)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Switzerland AG
About this paper
Cite this paper
Patil, V.T., Shyamasundar, R.K. (2018). Efficacy of GDPR’s Right-to-be-Forgotten on Facebook. In: Ganapathy, V., Jaeger, T., Shyamasundar, R. (eds) Information Systems Security. ICISS 2018. Lecture Notes in Computer Science(), vol 11281. Springer, Cham. https://doi.org/10.1007/978-3-030-05171-6_19
Download citation
DOI: https://doi.org/10.1007/978-3-030-05171-6_19
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-05170-9
Online ISBN: 978-3-030-05171-6
eBook Packages: Computer ScienceComputer Science (R0)