Classifying Social Network Data

August 11, 2010

Those of you who use, or know someone who uses, Facebook may be aware of the site’s periodic changes in its privacy policy and mechanisms, and the more or less predictable rows that follow each change.  Part of the problem seems to be that both the administrators (of Facebook and other social networking sites) and the users have some difficulty articulating just what their privacy expectations are, or should be.

Bruce Schneier has an interesting essay in his blog, Schneier on Security, called “A Revised Taxonomy of Social Networking Data”.   In the essay (which appeared originally in IEEE Security & Privacy), he attempts to classify data on social networking sites into six different categories.  For example, “Disclosed Data” is information that you post yourself, such as things you post on your own Facebook page, or the entries I post in this blog.   Schneier argues that these different categories should be treated differently, and that users’ expectations should depend on the type of information.

It’s also clear that users should have different rights with respect to each data type. We should be allowed to export, change, and delete disclosed data, even if the social networking sites don’t want us to.

Of course, as Schneier says, this is not the only possible way to analyze the data.  Nonetheless, I think the essay is worth reading (it’s short) and thinking about.  My own perception is that having some sort of rational framework for information privacy discussions might produce more light and less heat.

One of the comments  on Schneier’s post mentions another valuable paper [abstract, PDF download available] on privacy, by Daniel Solove of the George Washington University Law School.  The entire issue of privacy in a networked world is a lot trickier than it might seem at first glance.

%d bloggers like this: