Sunday, May 2, 2010

Limiting Information Sharing Based on Context

In this article, Computer World describes an argument made by Microsoft research Danah Boyd that social networks should consider the context in which information is provided, and not re-use the information outside of that context. The argument, to the extent it can be distilled down to one paragraph is as follows:

"You're out joking around with friends and all of a sudden you're being used to advertise something that had nothing to do with what you were joking about with your friends," Boyd said. People don't hold conversations on Facebook for marketing purposes, she said, so it would be incorrect for marketing efforts to capitalize on these conversations.

In the article, this concept was described as "relatively new." I'm not sure that that's correct. After all article 6 of the EU Data Privacy Directive provides that

1. Member States shall provide that personal data must be:
(a) processed fairly and lawfully;
(b) collected for specified, explicit and legitimate purposes and not further processed in a way incompatible with those purposes. Further processing of data for historical, statistical or scientific purposes shall not be considered as incompatible provided that Member States provide appropriate safeguards;
(c) adequate, relevant and not excessive in relation to the purposes for which they are collected and/or further processed;
(d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that data which are inaccurate or incomplete, having regard to the purposes for which they were collected or for which they are further processed, are erased or rectified;
(e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the data were collected or for which they are further processed. Member States shall lay down appropriate safeguards for personal data stored for longer periods for historical, statistical or scientific use.

which appears to be analogous to the concept of recognizing the context in which data is provided when deciding how that data should be used.

Of course, the question of whether an idea is a new one is entirely different from the question of whether the idea is a good one. However, recognizing the similarity between the proposed context limitations on social networks and the EU's data privacy directive can certainly be beneficial in evaluating the merits of the new idea. Specifically, the criticisms of the EU directive (e.g., here) can be examined to see if they also apply to the specific context based limitations, and if context based limitations can somehow be implemented in a way that addresses those criticisms.


Robin Wilton said...

Hmm. Another great post... my comment is not so much about what you say as about the CNET article you cite. It's all very well for Ms Arrison to say that all consumers need do is "vote with their wallets", but there are a couple of problems with that analysis.

First, as current experience of data mining and behavioural/targeted advertising shows, the major financial levers here are not in the hands of the consumer: the big money flows behind the scenes, between the likes of Facebook and its customers. (Bear in mind, the 'users' of Facebook are not its customers; they are the product which Facebook sells to its customers). As long as it costs nothing to sign up for a Facebook account, I have no 'wallet' with which to vote...

Second, what of public sector data controllers? Again, as a citizen/consumer I don't have a financial lever to apply, as a way of expressing my privacy preferences. Statute is really the only protection I can call upon.

I also happen to think Ms Arrison is stretching the point when she cites 'suppression of free speech' as an argument against the EU Data Protection Directive. I'd be interested to see any research which backs up that claim.

Finally - as far as contextual data-sharing in social networks is concerned: users are currently, for the most part, deliberately kept in the dark, by social networking services, about the true nature of the context in which they are making their disclosures. Social networks intentionally create the impression that users are "just" talking to their buddies - when in fact, there is at least one third party in the room (the SN service itself), and there are frequently others (the advertisers to whom SN services sell behavioural data). I would argue that a lot more needs to be done to make those contextual factors evident to the user, before we can say that users are making a truly informed judgement about the context in which they make disclosures via SN services.

digital signature autocad said...

I am also using Facebook on regular basis and I personally feel that Its not sure how secure my information on facebbok is.Is there any security or is it all public.The applications I access need permission to access my profile information are they allowed to access all or limited?