On Consent in Online Social Networks: Privacy Impacts and Research Directions (Short Paper)

  • Sourya Joyee DeEmail author
  • Abdessamad ImineEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11391)


The EU General Data Protection Regulation (GDPR) recognizes data subject’s consent as a legitimate ground of data processing. At present, consent mechanisms in OSNs are either non-existent or not GDPR compliant. While the absence of consent means a lack of control of the OSN user (data subject) on his personal data, non-compliant consent mechanisms can give them a false sense of control, encouraging them to reveal more personal data than they would have otherwise. GDPR compliance is thus the only way to obtain meaningful consents, thereby protecting user privacy. In this paper, we discuss the characteristics of valid consent as per the GDPR, analyze the present status of consent in OSNs and propose some research directions to arrive at GDPR compliant consent models acceptable to users and OSN providers (data controller). We observe that evaluating privacy risks of consents to data processing activities can be an effective way to help users in their decision to give or refuse consents and hence is an important research direction.


Online Social Networks (OSN) Privacy Consent GDPR Privacy risk 


  1. 1.
    Article 29 Data Protection Working Party. Guidelines on Consent under Regulation 2016/679 (2018)Google Scholar
  2. 2.
    De, S.J., Imine, A.: To reveal or not to reveal - balancing user-centric social benefit and privacy in online social networks. In: Proceedings of the 33rd Annual ACM Symposium on Applied Computing (ACM SAC 2018). ACM (2018)Google Scholar
  3. 3.
    De, S.J., Métayer, D.L.: Privacy risk analysis to enable informed privacy settings. In: 2018 IEEE European Symposium on Security and Privacy Workshops, Euro S&P Workshops 2018, London, UK, 23–27 April 2018, pp. 95–102 (2018)Google Scholar
  4. 4.
    European Commission: General Data Protection Regulation (2016)Google Scholar
  5. 5.
    Fruchter, N., Specter, M., Yuan, B.: Facebook/Cambridge Analytica: Privacy Lessons and a Way Forward (2018).
  6. 6.
    Hull, G., Lipford, H.R., Latulipe, C.: Contextual gaps: privacy issues on Facebook. Ethics Inf. Technol. 13(4), 289–302 (2011)CrossRefGoogle Scholar
  7. 7.
    New York Times: Mark Zuckerberg Testimony: Senators Question Facebook’s Commitment to Privacy (2018).
  8. 8.
    Solove, D.J.: Introduction: privacy self-management and the consent dilemma. Harv. Law Rev. 126, 1880 (2012)Google Scholar
  9. 9.
    Squicciarini, A.C., Xu, H., Zhang, X.: CoPE: enabling collaborative privacy management in online social networks. J. Am. Soc. Inf. Sci. Technol. 62(3), 521–534 (2011)Google Scholar
  10. 10.
    Sweeney, J.: GDPR and the Major Social Networks: What You Need to Know (2018).
  11. 11.
    Venkatadri, G., et al.: Privacy risks with Facebook’s PII-based targeting: auditing a data Broker’s advertising interface. In: IEEE Symposium on Security and Privacy (SP), pp. 221–239 (2018)Google Scholar
  12. 12.
    Zheleva, E., Getoor, L.: To join or not to join: the illusion of privacy in social networks with mixed public and private user profiles. In: Proceedings of the 18th International Conference on World Wide Web, pp. 531–540. ACM (2009)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.LORIA-CNRS-INRIA Nancy Grand-EstNancyFrance

Personalised recommendations