TY - JOUR
T1 - Informed consent in social media use
T2 - The gap between user expectations and EU Personal Data Protection Law
AU - Custers, Bart
AU - Appleby-Arnold, Sandra
AU - van der Hoof, Simone
AU - Brockdorff, Noellie
PY - 2013
Y1 - 2013
N2 - In this paper, user expectations with regard to privacy and consent when using social media are compared with the EU legal framework for personal data protection. This analysis is based on a set of criteria for informed consent distilled from an analytical bibliography. User expectations regarding these criteria are derived from survey results. For each of the criteria for informed consent it is assessed whether there exists legal provisions in the existing EU personal data protection law and in the proposed legal framework in this area. A gap analysis between user expectations regarding each criterion and the availability or absence of related legal provisions shows that many but not all aspects of consent are addressed in both the current and the proposed legislation. Furthermore, the EU personal data protection legislation only provides a very general scope regarding consent and does not contain many details on what adequate consent procedures should look like. There is, at some points, a disconnect between the abstract legal provisions and the concrete practical implementations in the architecture and privacy statements of social media. Suggestions for solving these disconnects are made by suggesting changes at a practical level, by adjusting the legal framework, or both. Finally, the limits of the current models for personal data protection and consent are discussed.
AB - In this paper, user expectations with regard to privacy and consent when using social media are compared with the EU legal framework for personal data protection. This analysis is based on a set of criteria for informed consent distilled from an analytical bibliography. User expectations regarding these criteria are derived from survey results. For each of the criteria for informed consent it is assessed whether there exists legal provisions in the existing EU personal data protection law and in the proposed legal framework in this area. A gap analysis between user expectations regarding each criterion and the availability or absence of related legal provisions shows that many but not all aspects of consent are addressed in both the current and the proposed legislation. Furthermore, the EU personal data protection legislation only provides a very general scope regarding consent and does not contain many details on what adequate consent procedures should look like. There is, at some points, a disconnect between the abstract legal provisions and the concrete practical implementations in the architecture and privacy statements of social media. Suggestions for solving these disconnects are made by suggesting changes at a practical level, by adjusting the legal framework, or both. Finally, the limits of the current models for personal data protection and consent are discussed.
M3 - Article
SN - 1744-2567
VL - 10
SP - 435
EP - 457
JO - SCRIPTed
JF - SCRIPTed
IS - 4
ER -