Social media privacy explained - In plain English

Filed Under: Facebook, Featured, Privacy, Social networks, Twitter

shutterstock_onlineprivacy170Privacy is important to most of us and based on the feedback we get from Naked Security readers, especially important to you.

The problem with attempting to protect our privacy online begins with the policies.

They vary in complexity, but invariably they are confusing, contain carefully crafted language designed to hold up in a court of law and are too long for most people to get their heads around.

Fortunately some very smart people at the University of Victoria in British Columbia, Canada created The Canadian Access to Social Media Information Project (CATSMI Project).

The project analyzes the privacy policies of more than 20 popular social media services and provides a plainly worded description of what you can expect from them concerning the following topics:

  • Who is your Personally Identifiable Information (PII) disclosed to?
  • How can you complain? Is there a specific privacy officer listed?
  • Will your PII possibly be disclosed to law enforcement agencies? If so, why?
  • Can the site change its privacy policy without telling you?
  • Does the PII collected change depending on whether you are an adult or a child?
  • If you're a child, can you sign up with adult consent?
  • What counts as PII that the site collects?
  • Can you opt out of disclosing your PII?
  • Does the privacy policy mention national or international privacy laws?
  • Can you permanently delete information that you previously provided?
  • Is the privacy policy just for that site or is it part of a larger organization?
  • Does the privacy policy involve self-regulation or a seal of approval?
  • Can you find out when the privacy policy was last updated? Can you see older versions?
  • Does the site make commitments to keeping your PII secure?
  • If there's a breach of information on the site, will they let you know?
  • Can you access the privacy policy from the home page? Is the policy all in one place or in different parts of the website?
  • Can you correct or update your PII if you want to? Does the site tell you how to do this?

That's quite a list! But it does pull out the most important information to know about what companies are collecting and what they are going to do with it.

For Canadians there is additional information on our privacy law, PIPEDA, and what might change if Parliament passes bill C-30.

CATSMICATSMI is a great resource for Canadians and I think a great resource for everyone. The easiest way to get started is to click on "Learn About..." -> "A Network" and choose a provider you are interested in.

It isn't that hard and you owe it to yourself to be aware of what organizations want to do with your PII.

Spend a few minutes on CATSMI and use that information to help you decide what you want to share online.

Image of Online Privacy courtesy of Shutterstock.

, , , , ,

You might like

3 Responses to Social media privacy explained - In plain English

  1. Peter Panegyricou · 868 days ago

    I question the words "explain" and "analyze" and "research" applied to this site.

    It's a great-looking site, and very useful, but a cynic might argue that it's really just 20 questions asked of 20 social networks, and the answers delivered with some nifty editing, CSS and JavaScript.

    So it's the social networks speaking for themselves, leaving out the hard bits, but through the "imprimature" of a university portal. Don't you think this could make things worse by giving a false and uncritical sense of understanding that is legally unbinding on the social networks?

    • Chester Wisniewski · 866 days ago

      It isn't so much "asked of social networks". They analyzed the legal documents provided by the networks to answer the questions. It is my understanding that this is not coloured by the networks themselves, but purely what the privacy policies actually mean.

      • Peter Panegyricou · 866 days ago

        Sorry to disagree but there isn't anything which suggests "they analyzed the legal documents." Quite the opposite because there is a list of questions which you list above and for each one an answer that the website describes as "Find out how social networks responded to a question..."

        You've only got to look at the different styles etc. of the answers to reasonably assume the answers are cut-and-pasted from the social networks directly. Funny sort of analysis that doesn't include any analytical comments. I say you are right that the answers aren't colored by the networks, they /are/ the answers of the networks.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Chester Wisniewski is a Senior Security Advisor at Sophos Canada. He provides advice and insight into the latest threats for security and IT professionals with the goal of providing clear guidance on complex topics. You can follow Chester on Twitter as @chetwisniewski, on as Chester, Chester Wisniewski on Google Plus or send him an email at