Towards Improving Existing Online Social Networks’ Privacy Policies

Abstract

Abstract: The privacy policies of online social network (OSN) service providers are criticised as falling short of satisfying their users’ privacy expectations letting huge quantities of their personally identifiable information (PII) exposed to unknown audiences. The purpose of this paper is twofold: to assess the conformance of the privacy policies applied in the five topmost leading OSNs to an internationally acknowledged benchmark such as the ISO 29100:2011 standard, and to propose improvements based on the findings of the assessment. Further, as serious mismatches between these privacy policies and the adherence criteria set out in the ISO 29100:2011 standard were identified, a data lifecycle model is proposed as the basis for an improved OSN privacy policy. A restructuring of the existing policies according to the data lifecycle model will allow them to enjoy characteristics that are known to be important in forming users’ perceptions.