Defining user risk in social networking services
| DOI | https://doi.org/10.1108/AJIM-07-2014-0087 |
| Pages | 94-115 |
| Date | 19 January 2015 |
| Published date | 19 January 2015 |
| Author | David Haynes,Lyn Robinson |
| Subject Matter | Library & information science,Information behaviour & retrieval |
Defining user risk in social
networking services
David Haynes and Lyn Robinson
Department of Library and Information Science, City University London,
London, UK
Abstract
Purpose –The purpose of this paper is to identify the risks faced by users of online social networking
services (SNSs) in the UK and to develop a typology of risk that can be used to assess regulatory
effectiveness.
Design/methodology/approach –An initial investigation of the literature revealed no detailed
taxonomies of risk in this area. Existing taxonomies were reviewed and merged with categories
identified in a pilot survey and expanded in purposive sample survey directed at the library and
information services (LIS) community in the UK.
Findings –Analysis of the relationships between different risk categories yielded a grouping of risks
by their consequences. This aligns with one of the objectives of regulation, which is to mitigate risks.
Research limitations/implications –This research offers a tool for evaluation of different modes
of regulation of social media.
Practical implications –Awareness of the risks associated with use of online SNSs and wider social
media contributes to the work of LIS professionals in their roles as: educators; intermediaries; and
users of social media. An understanding of risk also informs the work of policy makers and legislators
responsible for regulating access to personal data.
Originality/value –A risk-based view of regulation of personal data on social media has not been
attempted in such a comprehensive way before.
Keywords Social media, Risk, Regulation, Privacy, Social networking services
Paper type Research paper
Introduction
Background and context
Users of social networking services (SNSs) make personal information available to
social network providers in exchange for “free at the point of use”services. This
personal information is voluntarily provided by users, and is usually covered in the
terms and conditions of service or is gathered by service providers who track online
behaviour using agents such as “cookies”. Making personal data available to a wide
audience exposes users to risk. Although there have been attempts to enumerate some
of these risks, which are described below, there has not been a comprehensive review of
the risks or any attempt to develop a model of user risk in the context of SNSs. There is
a tension about the relative importance of individual and social factors in the study of
information behaviour (Bawden and Robinson, 2013). This is apparent in the individual
response to social media and the way in which different interest groups regulate access
to personal data.
An Oxis survey suggested that contrary to popular perceptions, users are becoming
more aware of privacy as a concern on the internet, especially when it comes to using
Aslib Journal of Information
Management
Vol. 67 No. 1, 2015
pp. 94-115
©Emerald Group Publishing Limited
2050-3806
DOI 10.1108/AJIM-07-2014-0087
Received 11 July 2014
Revised 15 October 2014
Accepted 14 November 2014
The current issue and full text archive of this journal is available on Emerald Insight at:
www.emeraldinsight.com/2050-3806.htm
The authors acknowledge with thanks the contribution of survey participants and interview
respondents who give their time generously. They also acknowledge the comments and feedback
provided by colleagues at City University London and by members of the wider research
community.
94
AJIM
67,1
social media (Dutton and Blank, 2013). A comprehensive review of Facebook research
in the social sciences recognised the need for researchers to analyse the risks associated
with Facebook use (Wilson et al., 2012, p. 216):
By better understanding the threats to privacy, researchers and developers can construct
countermeasures to mitigate the risks, and users can take informed steps towards protection
their personal information.
This paper sets out to identify the risks to individual SNS users and to develop a model
of risk that can be applied more widely to internet use and social media as they
continue to evolve. The research questions were:
RQ1. What are the risks to individuals that are associated with personal data
on SNSs?
RQ2. Is there an existing typology of individual risk that adequately covers SNSs?
RQ3. Can a model of risks to users be used to differentiate between possible
regulatory responses?
Regulation is one area where an up-to-date and relevant model of risk could contribute
to improved protection of users. Risk-based regulation has emerged as a dominant
approach in Europe and the UK in the last few decades. Baldwin et al. (2012, p. 83)
suggest that “Regulation can be seen as being inherently about the control of
risks […]”. This is a view supported by Hutter (2006, p. 205): “[…] regulation has come
to be defined as controlling and also as a way of managing risks”.
Methodology
In order to address these questions, this research was based on a systematic review of
the literature, and a survey of information professionals in the UK. Modelling
techniques were used to develop a concept of risk that is relevant to internet use and,
more specifically, to SNSs. The literature review identified general risk typologies
which were analysed in terms of: their applicability to SNSs; their focus on risk to
individuals; and their ability to distinguish between types of risk to individuals.
A survey of library and information service (LIS) professionals in 2014 provided
insight into the perceived importance of different risk categories (Appendix 1). This
sector was chosen because it is a well-developed professional group representing
users (many LIS staff act as intermediaries), and who are information literate and
are therefore likely to be exposed to a wide range of online scenarios. It is also a
cohesive group with a track record of active use of social media (Cooke and Hall, 2013).
The survey was directed at UK users of SNSs using a filter question at the start of
the survey to exclude non-UK users. This was cross-checked against the location
of the IP Address of the device accessing the survey and logged by SurveyGizmo. The
survey objective was to identify the range of risks to which users are exposed and
to gain some insight into the perceptions of risk and priorities for managing risk. The
survey was based on purposive sampling directed at LIS professionals in the UK, using
a variety of forums (listed in Appendix 2) to generate a snowball effect (David and
Sutton, 2011, p. 232). Participants were encouraged to publicise the survey through
their own professional and personal networks.
95
Social
networking
services
To continue reading
Request your trial