Bruce Schneier has an interesting essay in his blog, Schneier on Security, called “A Revised Taxonomy of Social Networking Data”. In the essay (which appeared originally in IEEE Security & Privacy), he attempts to classify data on social networking sites into six different categories. For example, “Disclosed Data” is information that you post yourself, such as things you post on your own Facebook page, or the entries I post in this blog. Schneier argues that these different categories should be treated differently, and that users’ expectations should depend on the type of information.
It’s also clear that users should have different rights with respect to each data type. We should be allowed to export, change, and delete disclosed data, even if the social networking sites don’t want us to.
Of course, as Schneier says, this is not the only possible way to analyze the data. Nonetheless, I think the essay is worth reading (it’s short) and thinking about. My own perception is that having some sort of rational framework for information privacy discussions might produce more light and less heat.
One of the comments on Schneier’s post mentions another valuable paper [abstract, PDF download available] on privacy, by Daniel Solove of the George Washington University Law School. The entire issue of privacy in a networked world is a lot trickier than it might seem at first glance.