After Over-Privileged Permissions: Using Technology and Design to Create Legal Compliance

Consumers in the mobile ecosystem can putatively protect their privacy with the use of application permissions. However, this requires the mobile device owners to understand permissions and their privacy implications. Yet, few consumers appreciate the nature of permissions within the mobile ecosystem, often failing to appreciate the privacy permissions that are altered when updating an app. Even more concerning is the lack of understanding of the wide use of third-party libraries, most which are installed with automatic permissions, that is permissions that must be granted to allow the application to function appropriately. Unsurprisingly, many of these third-party permissions violate consumers’ privacy expectations and thereby, become “over-privileged” to the user. Consequently, an obscurity of privacy expectations between what is practiced by the private sector and what is deemed appropriate by the public sector is exhibited. Despite the growing attention given to privacy in the mobile ecosystem, legal literature has largely ignored the implications of mobile permissions. This article seeks to address this omission by analyzing the impacts of mobile permissions and the privacy harms experienced by consumers of mobile applications. The authors call for the review of industry self-regulation and the overreliance upon simple notice and consent. Instead, the authors set out a plan for greater attention to be paid to socio-technical solutions, focusing on better privacy protections and technology embedded within the automatic permission-based application ecosystem

The control over personal data: True remedy or fairy tale ?

This research report undertakes an interdisciplinary review of the concept of "control" (i.e. the idea that people should have greater "control" over their data), proposing an analysis of this con-cept in the field of law and computer science. Despite the omnipresence of the notion of control in the EU policy documents, scholarly literature and in the press, the very meaning of this concept remains surprisingly vague and under-studied in the face of contemporary socio-technical environments and practices. Beyond the current fashionable rhetoric of empowerment of the data subject, this report attempts to reorient the scholarly debates towards a more comprehensive and refined understanding of the concept of control by questioning its legal and technical implications on data subject\^as agency

PRIVACY ISSUES IN ONLINE SOCIAL NETWORKS: USER BEHAVIORS AND THIRD-PARTY APPLICATIONS

In contemporary society, social networking websites has developed dramatically and became an indispensable component in our daily life. Since it can help create a more feature-rich online social community, third-party service has been widely adopted in online social networks (OSNs). Integrating these third-party sites and applications has not only extended business of both social network server and third party and but also promises to break down the garden walls of social-networking sites. While at the same time it dramatically raises concerns on privacy leakage. This article mainly focuses on the privacy disclosure issues caused by user’s behavior and third-party applications and websites. On the one hand, because of the diversity of usage behaviors, the revelation of personal information varies significantly. A survey is conducted to present empirical and quantitative result. On the other hand, the access mechanism between OSN and third party is not perfect enough. Besides, it could be a potential source of privacy leak that third-party services sometimes act as advertisers and information aggregators of a user\u27s traversals. The relevant reasons and internal and external threats are presented. Finally, possible solutions to reduce the increasing information disclosure are provided. Actions should be taken along three fronts: the government, the users themselves as well as the third parties