User Beware: Privacy Settings just a Facade

computer-1591018_640
Image via

By Brenda Curtis, Ph.D.

Social media platforms continue to improve and refine their privacy settings as the demand for advanced user protections increases. Although enabling catered privacy settings to online profiles allows users to indicate who they would like share personal information with, it does not necessarily protect them from the platforms – i.e. websites and apps – themselves. Since social media accounts provide users with a sense of control over personal data, users assume that their information is safe. However, no matter what settings or privacy protections are applied to personal profiles, users do not generally have control over the online platform itself. What this means is the website or app being used usually shares information from accounts with third parties like advertising agencies or other databases. This data sharing is widespread throughout the industry, but it is not generally known by the public. This is partly because the disclosure of this sharing is done in the social media platform’s “Terms and Conditions” Which are often skimmed over or ignored.

Aside from social media websites, there are several other websites and apps that access your personal information via this information sharing to create a single database for everyone in the country. This is generally called data aggregation. One such site that has been in the news recently is FamilyTreeNow.  FamilyTreeNow is explicitly a genealogy site, and compiles information from various legal online sources to create a database full of personal information for genealogical research. This site pairs information from public records such as police records and court documents with the information collected from social media and address databases to create a sometimes way too revealing profile. Not too long ago, most of this information would only be accessible after exhaustive research, but Now FamilyTreeNow makes this information as easy to find as a click of a button, and publicly accessible.

Although the website might be fascinating for someone with genuine curiosity about their own family tree, the danger of anyone having access to information to a person’s age, birth year, address, family members and even public records is something that cannot be ignored. In today’s world, access to this type of personal information makes crimes like identity theft much easier to conduct and can provide the basis for access to financial accounts, credit records and other accounts and assets. For years we have been cautioning users against posting too much information online, but increasingly, due to data aggregators like FamilyTreeNow, this information is being posted without our knowledge or consent on publicly accessible sites.

Because data aggregation is becoming so prevalent, even if  people “opt out” of data collection for a particular social media platform, there are a multitude of other avenues where that same information can be collected. The situation is only getting more problematic as our dependency and use of technology grows. Increasingly, users are providing more and more specific personal information in real-time as they update these platforms from their computers, tablets and cell phones with the events from their daily lives.

Informational risk, or the potential for harm from disclosure of information about an identified individual, is increasingly an everyday aspect of life in our society.  There is just so much information easily available about individuals, that the strategies to deal with informational risk often focus on managing the issue as opposed to avoiding it entirely. This is true even for people who do not have an online presence. Whether you sign up for Facebook or not, your information is being collected on the Internet.

As researchers, we have to be extremely careful about informational risk in our work because the information that we collect is generally not the type of information that is widely available, thus the harm caused by its disclosure is much harder to quantify.  Data we collect is not part of the commercially available databases and we, as researchers, should work to ensure that it remains that way.  Researchers need to be more aware of the issues surrounding informational risk and held to a higher standard regarding the safeguarding of their research data.  While there are certainly strong ethical arguments for this, I think the practical arguments are just as strong. If participants believe their data can be compromised – or be made widely available, research will inevitably suffer. Not only will we get fewer research participants, but the data we do collect will be less valid.


For more on ethical challenges in social networking and online recruitment in research, please read Dr. Curtis’ article “Social Networking and Online Recruiting for HIV Research: Ethical Challenges.”

brenda_curtisDr. Brenda Curtis is an  Assistant Professor of Psychology in Psychiatry at the Perelman School of Medicine University of Pennsylvania. She received a Master of Science in Public Health from the University of Illinois and her Doctoral degree from the Annenberg School for Communication at the University of Pennsylvania. Dr. Curtis completed a fellowship at the Fordham University HIV and Drug Abuse Prevention Research Ethics Training Institute in 2012 and currently serves as a peer mentor for incoming fellows.

Rimah Jaber, MA, Senior Editor of Ethics and Society blog


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s