Online users use more and more social login on third-party sites or applications. To use an existing account to login is faster than to fill in personal information forms over and over again. However, many online users, even those who frequently use social login systems, are not aware of the policies and conditions they agree with. They are often unaware of the consequences of their authentications to access websites and applications, and thus of the information that can be retrieved from their social networks. In this paper, we provide a case-study of the legal requirements that must be observed when social login features are used for authentication in a mobile application in the workplace. The legal requirements considered in this case-study follow from the Belgian implementation of the EU legal framework on privacy and data protection. Particularly interesting for this study is the storage of the data following from external social network profiles; the retention of the retrieved information processed to compute an extra layer of reputation; and the policies accompanying the social login features.
[1]
C. Kuner.
European Data Protection Law: Corporate Compliance and Regulation
,
2007
.
[2]
Jean-Marc Seigneur,et al.
Online e-Reputation Management Services
,
2013
.
[3]
N. Nugent,et al.
European Commission
,
1993,
European Energy and Environmental Law Review.
[4]
James A. Hendler,et al.
Accuracy of Metrics for Inferring Trust and Reputation in Semantic Web-Based Social Networks
,
2004,
EKAW.
[5]
Stephen Marsh,et al.
Formalising Trust as a Computational Concept
,
1994
.
[6]
Yong Chen,et al.
Using Trust for Secure Collaboration in Uncertain Environments
,
2003,
IEEE Pervasive Comput..
[7]
Jean-Marc Seigneur,et al.
A Survey of User-centric Identity Management Technologies
,
2007,
The International Conference on Emerging Security Information, Systems, and Technologies (SECUREWARE 2007).
[8]
Dirk De Bot.
Verwerking van persoonsgegevens
,
2001
.