An Extended Investigation of the Similarity Between Privacy Policies of Social Networking Sites as a Precursor for Standardization



Published Apr 24, 2016
  • Emma Cradock
  • David Millard
  • Sophie Stalla-Bourdillon


Privacy policies are unsatisfactory in communicating information to users. Social networking sites (SNS) exemplify this, attracting growing concerns regarding their use of personal data, but lack incentives to improve their policies. Standardization addresses many of these issues, but is only possible if policies share attributes which can be standardized. This investigation assessed the similarity of two attributes (the clauses used and the coverage of forty recommendations made by the UK Information Commissioner) between the privacy policies of the six most frequently visited SNS globally. Similarity was also investigated by looking at whether there were any recommendations all SNS did not address and any themes of information discussed in the policies but not included in the ICO Code. Similarity in the clauses was low, yet similarity in the recommendations covered was high, indicating SNS use different clauses, but to convey similar information. There were a number of ICO Code recommendations which none of the SNS addressed and four themes of information that all six SNS addressed, which were not present in the ICO Code. This paper proposes the policies of SNS already share attributes, indicating the feasibility of standardization and five recommendations are made to begin facilitating this.

Abstract 581 | PDF Downloads 189


[1] Aleixo, P. and Pardo, T.A.S. 2008. Finding Related Sentences in Multiple Documents for Multidocument Discourse Parsing of Brazilian Portuguese Texts. In Anais do VI Workshop em Tecnologia da Informação e da Linguagem Humana – TIL, pp. 298-303. Vila Velha, Espírito Santo. October, 26-28.

[2] Alexa. 2014. Actionable Analytics for the Web. [Online]Available: [Accessed: 21st August 2014].

[3] Anderson, H. 2009. A privacy wake-up call for social networking sites. Ent. L.R. 20(7), 245-248

[4] Beck, U. 1992. Risk society: Towards a new modernity (Vol. 17). London: Sage Publications

[5] Becker, J., Heddier, M., Oksuz, A. and Knackstedt, R. (2014). The Effect of Providing Visualizations in Privacy Policies on Trust in Data Privacy and Security. In System Sciences (HICSS), 2014 47th Hawaii International Conference on (pp. 3224-3233). IEEE

[6] Boyatzis, R. E. 1998 Transforming qualitative information: Thematic analysis and code development. London: Sage Publications.

[7] Boyd, D. and Hargittai, E. 2010. Facebook privacy settings: Who cares? First Monday 15(8).

[8] Braun, V., and Clarke, V. 2006 Using thematic analysis in psychology. Qualitative research in psychology, 3(2), 77- 101.
[9] Clauset, A., Shalizi, C. R., & Newman, M. E. 2009. Power- law distributions in empirical data. SIAM review, 51(4), 661- 703.

[10] Cranor, L. F. 2012. Necessary But Not Sufficient: Standardized Mechanisms for Privacy Notice and Choice Journal on Telecommunications and High Technology Law 10(2), 273-307.

[11] Cranor, L.F., Idouchi, K., Leon, P.G., Sleeper, M. & Ur, B. 2013 Are They Actually Any Different? Comparing Thousands of Financial Institutions’ Privacy Practices. In Proceedings of the 12th Workshop on the Economics of Information Security (WEIS 2013), Jun 11-12, Washington, DC.

[12] Earl Ferrers (HL Deb (1993-1994 549 col. 37).

[13] Electronic Privacy Information Center (2009) Complaint, Request for Investigation, Injunction, and Other Relief [Online] Available: [Accessed: 21st July 2015]

[14] European Parliament and of the Council. 1995. DIRECTIVE 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data [Online] Available at: http://eur- 5L0046:en:HTML [Accessed 21st December 2014].

[15] Glaser, B. G. 1978. Theoretical sensitivity: Advances in the methodology of grounded theory (Vol. 2). Mill Valley, CA: Sociology Press.

[16] Great Britain. Data Protection Act 1998: Elizabeth II (1998) London: The Stationary Office

[17] Grossklags, J., and Acquisti, A. 2007. When 25 Cents is Too Much: An Experiment on Willingness-To-Sell and Willingness-To-Protect Personal Information. In WEIS. [Online] Available at: [Accessed: 21st December 2014].

[18] Information Commissioner’s Office. 2010. Privacy notices code of practice [Online] Available at: des/~/media/documents/library/Data_Protection/Detailed_specialist_guides/PRIV ACY_NOTICES_COP_FINAL.ashx [Accessed 21st July 2015]

[19] Jaccard, P. 1912. The distribution of the flora in the alpine zone. 1. New phytologist, 11(2), 37-50.

[20] Kelley, P. G., Cesca, L., Bresee, J., & Cranor, L. F. (2010, April). Standardizing privacy notices: an online study of the nutrition label approach. In Proceedings of the SIGCHI Conference on Human factors in Computing Systems (pp. 1573-1582). ACM.

[21] Kosinski, M., Stillwell, D., and Graepel, T. 2013. Private traits and attributes are predictable from digital records of human behavior. Proceedings of the National Academy of Sciences, 110(15), 5802-5805.

[22] McDonald, A. M. and Cranor, L. F. 2008. The Cost of reading privacy policies ISJLP, 4, 543.

[23] Oecd. Working Party On Security And Privacy In The Digital Economy (2014) Protecting Privacy in a Data-driven Economy: Taking Stock of Current Thinking [Online] Available at: g%282014%293&doclanguage=en [Accessed 23 June 2015]

[24] Olurin, M., Adams, C., and Logrippo, L. 2012. Platform for privacy preferences (P3P): Current status and future directions. In Privacy, Security and Trust (PST), 2012 Tenth Annual International Conference on (pp. 217-220). IEEE.

[25] Oxford University Press Oxford English Mini Dictionary. 2011. New York: Oxford University Press

[26] Rasmussen, C., and Dara, R. 2014. Recommender Systems for Privacy Management: A Framework. In High-Assurance Systems Engineering (HASE), 2014 IEEE 15th International Symposium on (pp. 243-244). IEEE.

[27] Robinson, N., Grauz, H., Botterman, M. and Valeri, L. 2009. Review of the European Data Protection Directive [Online] Available at: detailed_specialist_guides/review_of_eu_dp_directive.ashx [Accessed 4th September 2014]

[28] Rowland, D., Kohl, U. and Charlesworth, A. 2012. Information Technology Law. 4th Ed. Oxon: Routledge Publishing

[29] Ryan, G. W., and Bernard, H. R. 2003. Techniques to identify themes. Field methods, 15(1), 85-109.

[30] Scribbins, K. 2001. Privacy@ net: an international comparative study of consumer privacy on the internet. Consumers International [Online] Available: y@net%20an%20international%20comparative%20study%2 0of%20consumer%20privacy%20on%20the%20internet.pdf [Accessed 21st December 2014].

[31] Sellars, S. 2011. Online privacy: do we have it and do we want it? A review of the risks and UK case law. European Intellectual Property Review, 33(1), 9-17.

[32] Society Of Computers And Law (2015) SCL Consultation: The ICO’s Privacy Notices Code - 29 July 2015 – Morning Meeting [Online] Available from: [Accessed: 17th June 2015]

[33] Special Eurobarometer 359. 2011. Attitudes on Data Protection and Electronic Identity in the European Union [Online] Available at: pdf [Accessed 4th September 2014]

[34] Strauss, A., and Corbin, J. M. 1990. Basics of qualitative research: Grounded theory procedures and techniques. London: Sage

[35] Tsai, J. Y., Egelman, S., Cranor, L. Acquisti, A. 2011. The Effect of Online Privacy Information on Purchasing Behaviour: An Experimental Study, Information Systems Research, 1047-7047, Vol. 22(2) 254-268.

[36] United States. Children's Online Privacy Protection Act 1998. 15 U.S.C. 6501–6505