DISCUSSION

Following the footsteps of previous research [37, 23, 14], this research models SMPs as a simple undirected graph1 G=(V,E)¹ G = (V, E), whereV is the set of users (i.e. SMP members), and E is the set of social relationships between the users. Each node v ∈ V represents a user, and each edge e = (u, v) ∈ E represents a social relationship between usersuandv. Figure3.1below, shows a simple representation of a SMP according to the above conceptualisation.

1In reality, many SMPs permit uni-directional relationships (e.g. subscriberelationships in Facebook, and thefollowrelationship in Twitter). However, for the purpose of this work, only bi-directional relationships are considered.

32

N A

C

O

F

L Z G

I K J

M E B

H

Figure 3.1:A simple representation of a social media platform.

3.2.1 User Profiles

SMPs allow their users to construct and maintainprofiles, which is indeed one of the main characteristics that differentiate SMPs from other online applications.

User profiles can be defined as follows:

Definition 3.1. A user profile (denoted asP) is a personal page (or space) that serves as a digital representation of the user. A user profile consists of a fixed set ofprofile attributesand a collection ofuser-generated contents.

Both profile attributes and user-generated content can be defined as follows:

Definition 3.2. Profile attributes (denoted asA={a₁, a₂, . . . , a_n}) are bits of in-formation that describe the profile owner. These profile attributes may include demographic information, such as age or gender, as well as other information like email and location. Profile attributes are universal, meaning that all users have the same profile attributes, but with different values.

Definition 3.3. User-generated contents (denoted asC ={c₁, c₂, . . . , c_t}) are, as the name indicates, pieces of content that the user generates and shares during his/her interaction in the SMP, such as posts, status updates, notes, photos,

Social Media Platform

Provide Privacy Policies?

Control Individual Attributes?

Control Individual Contents?

Allow Customised Audiences?

Privacy Policies Granularity

Facebook 3 3 3 3 Fine Grained

Google+ 3 3 3 3 Fine Grained

LiveJournal 3 3 3 3 Fine Grained

Twitter 3 7 7 7 Coarse Grained

LinkedIn 3 3 3 7 Fine Grained

RenRen 3 7 7 7 Coarse Grained

ResearchGate 3 7 7 7 Coarse Grained

Table 3.1:Privacy policies granularity level across different SMPs

videos, etc. User-generated contents are user-specific, meaning that each user can have different contents in his/her profile.

3.2.2 Privacy Policies

Users’ profiles can contain information that is quite sensitive and personal, that is why most SMPs provide users with some form of privacy policies. These pri-vacy policies enable users to specify who can access their sensitive and personal information, thereby specifying the boundaries within which this information should reside.

The granularity (the level of flexibility and expressiveness) provided by these privacy policies varies from one SMP to another. For instance, allowing users to control access to the profile as a single unit vs. control access profile attributes individually.

Table3.1above shows the granularity of the privacy policies of different SMPs.

The privacy policies provided by each of these SMPs were inspected and cat-egorised into eitherfine-grainedorcoarse-grained, depending on whether or not these policies enable users to control access to individual profile attributes and individual pieces of user-generated content.

Havingfine-grainedprivacy policies provides users with more detailed control over their sensitive information. Therefore, in the SMP model of this study it is assumed that the SMP provides fine-grained privacy policies that enable users to regulate access to every single profile attribute and piece of user-generated content in their profiles. Privacy policies can be defined as follows:

Definition 3.4. A privacy policy is a user-defined rule in the form< item, l >, where item can be any profile attribute a_j ∈ A or any piece of content c_j ∈ C, while l ⊆ V represents the audience, that is, the set of users allowed to access theitem. Usually users are provided with a finite set of audiences L = {l₁, l₂, . . . , l_k}to choose from. Some of these audiences are defined by the SMPs, while users can customise others.

LetL = {me, closef riends, teammates}be the set of audiences that useruhas.

An example of a privacy policy can be something like: < age, closef riends >, which means, only users who are members of theclosefriends audience are al-lowed to access user u’s age attribute. Another example of a privacy policy is < photo1, teammates >, which means, only users who are members of the teammatesaudience are allowed to accessphoto1.

Privacy policies do offer SMP users a great deal of control over their personal and sensitive information, which is the essence of privacy as described in Chap-ter2. However, since the SMP cannot specify ahead which privacy policies are suitable for which user, the burden of manually configuring (i.e. fine tuning) these privacy policies is left to the user’s discretion. This burden causes many users to avoid using these privacy policies, and thus jeopardise their own pri-vacy.

The next chapter discusses the theoretical framework of the privacy policy rec-ommender system proposed to alleviate the problem of privacy policy enforce-ment in SMPs.

Recommender System Framework

4.1 Introduction

This chapter explains the technical details and theoretical framework of the pri-vacy policy recommender system (recommender system for short) mentioned in Chapter1. This chapter begins with a general overview of the recommender system and then proceeds to outline its main components and functionalities.