According to the European Network and Information Service Agency (ENISA), the popularity of social-networking sites often leads to disclosures that are "not appropriate to a public forum." In October, ENISA issued a detailed report describing the privacy threats faced by users of social networks and offered several recommendations to minimize the associated risks.
"It's a thoughtful analysis and chilling critique," Jeff Chester, executive director of the Center for Digital Democracy, said in an e-mail. "It's time for both advocates and governments in the EU and U.S. to work together to develop meaningful rules to govern the collection on these networks."
Paul Stephens, the director of public policy at the Privacy Rights Clearinghouse, agreed that social networks pose a significant privacy problem. "Obviously, the social networking sites are set up for them to make money," Stephens said by phone. "Their primary interest is going to be making money and not protecting the privacy of individuals who provide information to the sites."
Old Worries, New Threats
The ENISA report details several well-known privacy threats and describes some chilling new possibilities. Among the more familiar risks are the compilation of digital dossiers by third parties who download profiles from social networks; the compilation of usage data by the social networking sites; possible theft through the use of publicly disclosed information; cyberstalking and bullying; and corporate espionage.
But the report also raises the possibility of some startlingly new dangers. For instance, ENISA warned, the photographs that users post of themselves on social networks can be used as a facial-recognition tool to identify an anonymous profile on another site (for instance, a dating site).
Another emerging technology is Content-Based Image Retrieval (CBIR), in which the features of a photo can be used as the basis for other image searches or can even be used to identify where the photo was taken.
You Can Check In, But...
One of the more disconcerting findings of the ENISA report is that it is very difficult for users to delete information related to their accounts if they decide to leave a social networking site. It is particularly difficult, ENISA said, for users to delete information that is somehow related to their account but on other people's profiles -- comments, for instance, or tagged photos.
Among its 19 recommendations, ENISA suggested that social-networking sites offer convenient tools for completely deleting account data, and giving users more control over information that refers to them.
For Stephens, the issue is much more basic. "I think the key issue from a privacy standpoint," he said, "is adequate disclosure, or more properly, the lack of adequate disclosure by social-networking sites. A lot of people go onto these sites and disclose information, and they are not informed about the uses to which that information is put."