Investigating Similarity Between Privacy Policies of Social Networking Sites as a Precursor for Standardization

The current execution of privacy policies, as a mode of communicating information to users, is unsatisfactory. Social networking sites (SNS) exemplify this issue, attracting growing concerns regarding their use of personal data and its effect on user privacy. This demonstrates the need for more informative policies. However, SNS lack the incentives required to improve policies, which is exacerbated by the difficulties of creating a policy that is both concise and compliant. Standardization addresses many of these issues, providing benefits for users and SNS, although it is only possible if policies share attributes which can be standardized. This investigation used thematic analysis and cross- document structure theory, to assess the similarity of attributes between the privacy policies (as available in August 2014), of the six most frequently visited SNS globally. Using the Jaccard similarity coefficient, two types of attribute were measured; the clauses used by SNS and the coverage of forty recommendations made by the UK Information Commissioner's Office. Analysis showed that whilst similarity in the clauses used was low, similarity in the recommendations covered was high, indicating that SNS use different clauses, but to convey similar information. The analysis also showed that low similarity in the clauses was largely due to differences in semantics, elaboration and functionality between SNS. Therefore, this paper proposes that the policies of SNS already share attributes, indicating the feasibility of standardization and five recommendations are made to begin facilitating this, based on the findings of the investigation.

[1]  Rozita Dara,et al.  Recommender Systems for Privacy Management: A Framework , 2014, 2014 IEEE 15th International Symposium on High-Assurance Systems Engineering.

[2]  T. Graepel,et al.  Private traits and attributes are predictable from digital records of human behavior , 2013, Proceedings of the National Academy of Sciences.

[3]  Alessandro Acquisti,et al.  When 25 Cents is Too Much: An Experiment on Willingness-To-Sell and Willingness-To-Protect Personal Information , 2007, WEIS.

[4]  Jörg Becker,et al.  The Effect of Providing Visualizations in Privacy Policies on Trust in Data Privacy and Security , 2014, 2014 47th Hawaii International Conference on System Sciences.

[5]  B. Glaser Theoretical Sensitivity: Advances in the Methodology of Grounded Theory , 1978 .

[6]  P. Jaccard THE DISTRIBUTION OF THE FLORA IN THE ALPINE ZONE.1 , 1912 .

[7]  V. Braun,et al.  Using thematic analysis in psychology , 2006 .

[8]  J. Reeve,et al.  Solutions to problematic polypharmacy: learning from the expertise of patients. , 2015, The British journal of general practice : the journal of the Royal College of General Practitioners.

[9]  Warren B. Chik,et al.  Information Technology Law , 2013 .

[10]  H. Bernard,et al.  Techniques to Identify Themes , 2003 .

[11]  Lorrie Faith Cranor,et al.  Necessary But Not Sufficient: Standardized Mechanisms for Privacy Notice and Choice , 2012, J. Telecommun. High Technol. Law.

[12]  S. Scott Risk Society: Towards a New Modernity (Book). , 1994 .

[13]  H Roberts,et al.  Risk Society: Towards a New Modernity , 1994 .

[14]  Luigi Logrippo,et al.  Platform for privacy preferences (P3P): Current status and future directions , 2012, 2012 Tenth Annual International Conference on Privacy, Security and Trust.

[15]  Mark E. J. Newman,et al.  Power-Law Distributions in Empirical Data , 2007, SIAM Rev..

[16]  Richard E. Boyatzis,et al.  Transforming Qualitative Information: Thematic Analysis and Code Development , 1998 .

[17]  Lorenzo Valeri,et al.  Review of the European Data Protection Directive , 2009 .

[18]  Thiago Alexandre Salgueiro Pardo,et al.  Finding related sentences in multiple documents for multidocument discourse parsing of Brazilian Portuguese texts , 2008, WebMedia.

[19]  Pamela Jordan Basics of qualitative research: Grounded theory procedures and techniques , 1994 .

[20]  Danah Boyd,et al.  Facebook privacy settings: Who cares? , 2010, First Monday.

[21]  L. Cranor,et al.  Are They Actually Any Different? Comparing Thousands of Financial Institutions’ Privacy Practices , 2013 .

[22]  Aleecia M. McDonald,et al.  The Cost of Reading Privacy Policies , 2009 .

[23]  Alessandro Acquisti,et al.  The Effect of Online Privacy Information on Purchasing Behavior: An Experimental Study , 2011, WEIS.