Online Social Networks have become an important part of daily digital interactions for more than half a billion users around the world. Studying and addressing these privacy and security concerns in online social networks is the research challenge that we are undertaking in SPION. Our Researchers are centered around a number of Workpackages. You can read up on our latest Publications and stay up to date with our Announcements.

SPION and EMSOC researchers advise Belgian Privacy Commission in Facebook investigation

In December 2014, Facebook announced that it would revise its Data Use Policy and Terms of Service. At the request of the Belgian Privacy Commission, ICRI/CIR (KU Leuven - iMinds), in cooperation with iMinds-SMIT (Vrije Universiteit Brussel) conducted an extensive analysis of Facebook’s revised policies and terms.

Facebook rolled out its new policies and terms on January 30th, 2015. In the text, Facebook authorizes itself to (1) track its users across websites and devices; (2) use profile pictures for both commercial and non-commercial purposes and (3) collect information about its users’ whereabouts on a continuous basis. Facebook announced the changes more than a month in advance, but the choice for its +1 billion users remained the same: agree or leave Facebook.

To be clear: the changes introduced in 2015 weren’t all that drastic. Most of Facebook’s “new” policies and terms are simply old practices made more explicit. Our analysis indicates, however, that Facebook is acting in violation of European law. First, Facebook places too much burden on its users. Users are expected to navigate Facebook’s complex web of settings (which include “Privacy”, “Apps”, “Adds”, “Followers”, etc.) in search of possible opt-outs. Facebook’s default settings related to behavioural profiling or Social Ads, for example, are particularly problematic. Moreover, users are offered no choice whatsoever with regard to their appearance in “Sponsored Stories” or the sharing of location data. Second, users do not receive adequate information. For instance, it isn’t always clear what is meant by the use of images “for advertising purposes”. Will profile pictures only be used for “Sponsored Stories” and “Social Adverts”, or will it go beyond that? Who are the “third party companies”, “service providers” and “other partners” mentioned in Facebook’s data use policy? What are the precise implications of Facebooks’ extensive data gathering through third-party websites, mobile applications, as well recently acquired companies such as WhatsApp and Instagram?

At the request of the Belgian Privacy Commission, ICRI/CIR and iMinds-SMIT drafted a report analysing Facebook’s revised policies and terms. The report forms part of the documentation upon which the Privacy Commission will rely in the course of its further investigation. The Belgian Privacy Commission is also part of a European task force, which includes data protection authorities from the Netherlands, Belgium and Germany. ICRI/CIR and iMinds-SMIT will continue to support the Privacy Commission in the context of its investigation and future updates to the report will also be shared with their German and Dutch colleagues.

You can download the latest version of the report here.

SPION is a project funded by the Flemish Agency for Innovation by Science and Technology that brings together seven project partners from universities in Belgium and a cooperation partner in the USA. Four of the project partners, COSIC, DTAI, DistriNet and ICRI are based at the K.U. Leuven. iMinds SMIT is based in the Vrije Universiteit, Brussels. OWK is based at the University of Ghent. And our partner from the USA, Heinz College is based at the Carnegie Melon University in Pittsburgh, PA. Find out more about our partners.

SPION brings together researchers from communication studies, computer science, law, educational sciences and behavioral economics. We collaborate to better understand privacy issues in the context of online social networks. We use our insights to propose socio-technical solutions as well as make policy recommendations. The output of the project is organized in different workpackages.