Towards legal privacy risk assessment automation in social media

Abstract

End users activities in social media lead to regular changes in the overall privacy impact because they continually encounter or meddle in all forms of private data associations. Users are exposed to regular changes in risk level as a result of regular updates. To keep an overview over risk exposure, privacy risk assessments, in theory, should be re-done upon every update in a user's network. End users could reduce their risk assessment burden if they could rely on an appropriate risk assessment tool providing information on risk levels as a result of changes in associations. We have several information technology (IT) security risk assessment tools available for such purpose. However, we cannot rely on such tools for legal privacy risk assessment because of their classic security focus. The security-focused risk assessment tools are based on the knowledge of security experts, and have strong focus on tangible assets and system security. Using such security risk assessment tools to assess legal privacy risk may impair communication and understanding, and may increase uncertainty in the risk estimation because such tools lack the domain knowledge. A risk assessment tool base on the legal privacy principles can reduce uncertainty in the risk estimation and enhance the risk assessment communication. This article focuses on privacy risk assessment from a legal perspective and how it applies to social media.