Datenschutz und Identitätsmanagement für Communities - Communities für Datenschutz und Identitätsmanagement at INFORMATIK 2011 - Informatik schafft Communities
Berlin 2011

Abstract: Privacy preferences, according to EU regulation, are the handling rules and constraints under which the data subject allows a third party to process, store, and use his personal data. We use an analysis of Facebook to show how Social Network Systems (SNS) are failing to collect, manage, and hand-over to third-parties a user's consent to the SNS's usage of his personal data. Todays technical solutions of collecting the consent on the Internet can be argued to fullfil the regulatory requirements of an informed consent to the service's Privacy Policy (PP) and Terms of Use (ToU). Our analysis of Facebook's processes for collecting and managing user consent from 2009 and 2011 shows that not much has changed. Still the technical solutions used do not allow to manage, thus change this consent over time, nor allow to hand-over the consent to a third party. We sketch one technical solution, which lends a lot from public key infrastructures. A social network is already trusted by users to keep or federate their data. Hence, we describe the next step of Social Networks becoming an authority and sign the consent collected from its users to making the available data verifiable for third-parties. Better yet, if you do not trust the Social Network a user himself can run his own certificate authority or a group of users can provide one as a community service.