Skip to main content
SpringerLink
Log in

Efficacy of GDPR’s Right-to-be-Forgotten on Facebook

  • Conference paper
  • First Online:
Information Systems Security (ICISS 2018)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11281))

Included in the following conference series:

Abstract

Online social networks (OSNs) like Facebook witness our online activities either by our consent or by bartering our desire to avail free services. Being a witness, OSNs have access to users’ personal data, their social relationships and a continuous flow of their online interactions from various tracking techniques the OSNs deploy in collaboration with the content providers across the Internet. Users’ behavioral data critical in predicting their interests, which is not only useful in targeting the users with relevant advertisements but also in clustering them into distinct personality traits that are useful in effective persuasion. Realizing the potential privacy implications of such a collection and usage of personally identifiable data and its potential misuse, the European Union has enacted a law, referred to as GDPR, to regulate the way collection and processing of personal data occurs. One of the core tenets of this regulation is the right-to-be-forgotten. In this paper, we analyze the efficacy of this tenet and the challenges when it is invoked by users on online social networks like Facebook. We investigate the reasons behind these challenges and associate their causes to the nature of the communication on social networks in general, the business model of such social platforms, and the design of the platform itself; say for Facebook. In short, in its current form, if the right-to-be-forgotten tenet of GDPR is to be enforced in its spirit, it will jeopardize Facebook’s business model.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Data Transfer Project, https://datatransferproject.dev.

  2. 2.

    The tyranny of convenience, Tim Wu, The New York Times, 16/2/2018.

  3. 3.

    How News Feed Works, https://www.facebook.com/help/1155510281178725.

  4. 4.

    https://lifehacker.com/5994380/how-facebook-uses-your-data-to-target-ads-even-offline.

  5. 5.

    https://www.nytimes.com/2018/03/22/opinion/democracy-survive-data.html.

  6. 6.

    https://www.project-syndicate.org/bigpicture/the-privacy-paradox.

  7. 7.

    Facebook’s Onavo gives social-media firm inside peek at rivals’ users, WSJ, Aug 2017. https://www.wsj.com/articles/facebooks-onavo-gives-social-media-firm-inside-peek-at-rivals-users-1502622003.

  8. 8.

    How does Facebook work with data providers?, Facebook. https://www.facebook.com/help/494750870625830.

  9. 9.

    In 2016, ProPublica collected, through crowd-sourcing, more than 52,000 unique attributes (categories/data points) that Facebook had used to classify users [24].

  10. 10.

    https://gdpr-info.eu/recitals/no-52/.

  11. 11.

    A Free and Fair Digital Economy: Protecting Privacy, Empowering Indians. http://meity.gov.in/writereaddata/files/Data_Protection_Committee_Report.pdf.

  12. 12.

    https://www.facebook.com/business/gdpr.

  13. 13.

    https://gdpr-info.eu/art-17-gdpr/.

  14. 14.

    https://gdpr-info.eu/recitals/no-26/.

  15. 15.

    Facebook admits it does track non-users, for their own good, The Register, Apr 2018. https://www.theregister.co.uk/2018/04/17/facebook_admits_to_tracking_non_users/.

  16. 16.

    https://www.eff.org/issues/do-not-track.

  17. 17.

    Net neutrality blocked ISPs from providing services subsidized with advertising.

References

  1. Acar, G., Eubank, C., Englehardt, S., Juarez, M., Narayanan, A., Diaz, C.: The web never forgets: persistent tracking mechanisms in the wild. In: ACM CCS 2014, pp. 674–689 (2014)

    Google Scholar 

  2. Barth, A., Datta, A., Mitchell, J.C., Nissenbaum, H.: Privacy and contextual integrity: framework and applications. In: IEEE S&P 2006, pp. 184–198 (2006)

    Google Scholar 

  3. Chaabane, A., Kaafar, M.A., Boreli, R.: Big friend is watching you: analyzing online social networks tracking capabilities. In: Proceedings of ACM Workshop on Online Social Networks, pp. 7–12. ACM (2012)

    Google Scholar 

  4. Costa, P.T., McCrae, R.R.: The Five-Factor Model, Five-Factor Theory, and Interpersonal Psychology, Chap. 6, pp. 91–104. Wiley-Blackwell, Hoboken (2012)

    Google Scholar 

  5. De Montjoye, Y.A., Hidalgo, C.A., Verleysen, M., Blondel, V.D.: Unique in the crowd: the privacy bounds of human mobility. Sci. Rep. 3, 1376 (2013)

    Article  Google Scholar 

  6. DeKoven, L.F., Savage, S., Voelker, G.M., Leontiadis, N.: Malicious browser extensions at scale: bridging the observability gap between web site and browser. In: 10th USENIX Workshop on Cyber Security Experimentation and Test (CSET 17) (2017)

    Google Scholar 

  7. Esteve, A.: The business of personal data: Google, Facebook, and privacy issues in the EU and the USA. Int. Data Priv. Law 7(1), 36–47 (2017)

    Article  Google Scholar 

  8. European Union: 2018 reform of EU data protection rules (2018). https://ec.europa.eu/commission/priorities/justice-and-fundamental-rights/data-protection/2018-reform-eu-data-protection-rulesen

  9. Forbrukerrådet: Deceived by Design: how tech companies use dark patterns to discourage us from exercising our rights to privacy, Norwegian Consumer Council (2018). https://fil.forbrukerradet.no/wp-content/uploads/2018/06/2018-06-27-deceived-by-design-final.pdf

  10. FTC: Protecting Consumer Privacy in an Era of Rapid Change: Recommendations for Businesses and Policymakers (2012). https://www.ftc.gov/sites/default/files/documents/reports/federal-trade-commission-report-protecting-consumer-privacy-era-rapid-change-recommendations/120326privacyreport.pdf

  11. Gurevich, Y., Hudis, E., Wing, J.M.: Inverse privacy. Commun. ACM 59(7), 38–42 (2016)

    Article  Google Scholar 

  12. International Personality Item Pool: The 3,320 IPIP Items in Alphabetical Order (2018). https://ipip.ori.org/AlphabeticalItemList.htm

  13. Kosinski, M., Stillwell, D., Graepel, T.: Private traits and attributes are predictable from digital records of human behavior. Proc. Natl. Acad. Sci. 110(15), 5802–5805 (2013)

    Article  Google Scholar 

  14. Kristensen, J.B., lbrechtsen, T., Dahl-Nielsen, E., Jensen, M., Skovrind, M., Bornakke, T.: Parsimonious data: how a single Facebook like predicts voting behavior in multiparty systems. PLOS ONE 12(9), 1–12 (2017)

    Article  Google Scholar 

  15. Edwards, L.: Cambridge Analytica and the deeper malaise in the persuasion industry (2018). http://blogs.lse.ac.uk/polis/2018/03/26/cambridge-analytica-a-symptom-of-a-deeper-malaise-in-the-persuasion-industry/

  16. Leon, P.G., et al.: What matters to users?: factors that affect users’ willingness to share information with online advertisers. In: SOUPS, pp. 7:1–7:12. ACM (2013)

    Google Scholar 

  17. McCallister, E., Grance, T., Scarfone, K.A.: SP 800–122. Guide to protecting the confidentiality of personally identifiable information (PII). Technical report, National Institute of Standards and Technology (2010)

    Google Scholar 

  18. de Montjoye, Y.A., Radaelli, L., Singh, V.K., Pentland, A.: Unique in the shopping mall: on the reidentifiability of credit card metadata. Science 347(6221), 536–539 (2015)

    Article  Google Scholar 

  19. Ohm, P.: Broken promises of privacy: responding to the surprising failure of anonymization. UCLA Law Rev. 57, 1701 (2009, 2010)

    Google Scholar 

  20. Patil, V.T., Jatain, N., Shyamasundar, R.K.: Role of apps in undoing of privacy policies on facebook. In: Kerschbaum, F., Paraboschi, S. (eds.) DBSec 2018. LNCS, vol. 10980, pp. 85–98. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-95729-6_6

    Chapter  Google Scholar 

  21. Patil, V.T., Shyamasundar, R.K.: Privacy as a currency: un-regulated? In: Proceedings of the 14th International Joint Conference on e-Business and Telecommunications (ICETE 2017). SECRYPT, vol. 4, pp. 586–595. SciTePress (2017)

    Google Scholar 

  22. Patil, V.T., Shyamasundar, R.K.: Undoing of privacy policies on Facebook. In: Livraga, G., Zhu, S. (eds.) DBSec 2017. LNCS, vol. 10359, pp. 239–255. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-61176-1_13

    Chapter  Google Scholar 

  23. Portokalidis, G., Polychronakis, M., Keromytis, A.D., Markatos, E.P.: Privacy-preserving social plugins. In: USENIX Security Symposium, pp. 631–646 (2012)

    Google Scholar 

  24. ProPublica Data Store: Facebook ad categories (2016). https://www.propublica.org/datastore/dataset/facebook-ad-categories

  25. Quercia, D., Lambiotte, R., Stillwell, D., Kosinski, M., Crowcroft, J.: The personality of popular Facebook users. In: Proceedings of the ACM 2012 Conference on Computer Supported Cooperative Work, pp. 955–964 (2012)

    Google Scholar 

  26. Schneier, B.: Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World. W. W. Norton & Company, New York City (2015)

    Google Scholar 

  27. Youyou, W., Kosinski, M., Stillwell, D.: Computer-based personality judgments are more accurate than those made by humans. Proc. Natl. Acad. Sci. 112(4), 1036–1040 (2015)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Information Security R&D Center, Department of Computer Science and Engineering, Indian Institute of Technology Bombay, Mumbai, 400076, India

    Vishwas T. Patil & R. K. Shyamasundar

Authors
  1. Vishwas T. Patil
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. R. K. Shyamasundar
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Vishwas T. Patil .

Editor information

Editors and Affiliations

  1. Indian Institute of Science, Bangalore, India

    Vinod Ganapathy

  2. Pennsylvania State University, University Park, PA, USA

    Trent Jaeger

  3. Indian Institute of Technology Bombay, Mumbai, India

    R.K. Shyamasundar

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Patil, V.T., Shyamasundar, R.K. (2018). Efficacy of GDPR’s Right-to-be-Forgotten on Facebook. In: Ganapathy, V., Jaeger, T., Shyamasundar, R. (eds) Information Systems Security. ICISS 2018. Lecture Notes in Computer Science(), vol 11281. Springer, Cham. https://doi.org/10.1007/978-3-030-05171-6_19

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-05171-6_19

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-05170-9

  • Online ISBN: 978-3-030-05171-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation