On Privacy

On Privacy
Flickr image by rpongsaj.

Social media and privacy have a complicated relationship, as using social media implies giving up at least some privacy. And the value of a social networking site is directly related not only to the number of users, but also the extend of personal data that the site has collected. All this is of course not unique to social networking tools for scientists, but conducting science using online tools is different from connecting to friends or people with similar personal interests with these tools. One area where privacy issues are particularly prominent is the creation of unique identifiers for scientists, and here I'm involved in the ORCID initiative. We need a discussion about required privacy standards, and about the limitations of privacy that we accept in order to increase our scientific productivity.

I've collected a couple of thoughts below. They are of course only starting points for a discussion, and I welcome any comments and suggestions.

1. The service allows anonymous access

Social networking sites for scientists can be quite useful for anonymous users, e.g. for reading of blog or forum posts. Users should not be required to sign up for a service just for reading a public message or looking at the public part of a user profile. Many social networking sites unfortunately require a user account these activities, and they often nag users to “complete their personal profiles”, i.e. to provide as much personal information as possible.

2. The service has a privacy policy

I've randomly checked five social networking sites for scientists, and they all provide a privacy policy:

The privacy policy should make clear what user data the service is collecting, whether the service is providing these user data to third parties, and should provide an email address for further privacy questions.

3. Personal data are owned by the user

All personal data that a user uploads should be owned by the user, and the privacy policy should make this clear. This implies that a user should be allowed to cancel an account and delete all personal information (surprisingly difficult with most social networking sites), and that the user decides which part of the personal data is shared with others, and with whom.

To give users control over their privacy settings, these settings should default to not being public for everything beyond the most basic information, and they should not change over time (The Evolution of privacy on Facebook).

Obviously, there is a large grey area. If I comment on a blog post by someone else, who owns this comment, and who should be allowed to delete this comment – me, the author of the blog post, and/or the provider of the social networking site? And who owns my usage data of a service, how often I logged in, my activity in the service, etc.?

4. The service protects the user data

The social networking site should make all efforts necessary to protect the personal data of a user. There are examples where this has gone wrong, and this includes examples involving scientists (Fake Facebook pages spin web of deceit).

Update 5/25/10: I didn't see it when I wrote the post, but last week the Electronic Frontier Foundation published a Bill of Privacy Rights for Social Network Users (thanks to Renny Guida for the link).

Copyright © 2010 Martin Fenner. Distributed under the terms of the Creative Commons Attribution 4.0 License.