Privacy issues

Contrary to the popular beliefs of many adults, youth do care about their privacy.

As danah boyd notes, privacy “is a feeling that people have when they feel as though they have two important things: 1) control over their social situation; and 2) enough agency to assert control”. [1] As a result, having control of one’s personal information is vital.

In general, privacy issues can be thought of in two (related) senses: social privacy and data privacy.

Social privacy

Social privacy is perhaps most obviously relevant to social networks. As of the end of March, 2012, there were 901 million active Facebook users. [2] Micro-blogging site Twitter has 140 million users [3], while MySpace, formerly the most popular social networking site, still has approximately 25 million users. [4] On each of these sites, as well as other sites with social elements such as YouTube, there are a number of ways for privacy to be compromised.       

Youth once understood social networking sites and the Internet as a private space wherein they could communicate with their friends. While they are now fully aware that their actions are watched by parents, teachers, and others, there is still a sense among youth that simply because you can access something doesn’t mean you should. [5] As a result, many youth feel as though their privacy is invaded when parents, teachers, or uninvited observers read or comment on the material they have posted, even though it is posted in a public space.       

Social privacy issues also involve privacy ethics. Not only is it important to have our privacy respected and protected, it is important to respect and protect the privacy of others. Sexting is an example of a situation where privacy ethics are extremely important.

The issue of sexting may not be quite as widespread as first imagined: according to Pew Research Center Report, 4% of 12- to 17-year-olds report having sent a sexually suggestive naked (or nearly naked) picture in a text message, while 15% report having received one. However, a number of media stories represent the potentially harmful consequences that sexting can have, from tragic suicides to the senders (and receivers) being labeled as sex offenders and charged with possessing or distributing child pornography.

At the core of this problem is the notion of privacy ethics. Of course, it is important to ensure that the person sending the message is aware of the potential social and privacy consequences that these types of messages can have. The person receiving the ‘sext’, though, also has a responsibility. Most of the harm of sexting comes not from the initial message, but from the invasion of privacy that occurs when the picture(s) are forwarded to or shared with an unintended audience, along with the subsequent damage to reputation. [6]

Learning to respect privacy is an important component of the development of digital citizenship. Digital citizenship encompasses all aspects of online life, emphasizing ethical conduct and engagement, particularly when it comes to protecting private information, ensuring safety, and recognizing and managing online bullying, either as a target or a witness. [7] Digital citizenship involves being more aware of social privacy, by realizing the extent of the information that we share, as well as respecting the privacy of others.

While claims about “stranger danger” on the Internet are often exaggerated [8], it is still a good idea to limit the amount of personal information that is put online. Too much personal information being shared can lead to dangers well beyond unwanted contact from strangers.

Many social network users, including youth, share more than personal information online. Location is also commonly shared on these sites. Sometimes, this is done simply by indicated location or itinerary in a status update or tweet. Increasingly, through services such as FourSquare, individuals can “check in” to locations and earn badges for being the person with the most check-ins at a location. While this can allow for better interaction between friends, these services also allow any reader or unknown observer to know where you are and where you’re not. In addition, these updates and check-ins also create a record of where you’ve been.            

The website allows users to search their Twitter username to see if they have publically announced when they are not at home to a potentially unrestricted audience. The website is intended to make us face the contradictions between many of our actions: for example, we leave lights on and ask neighbours or family members to periodically check on our houses while we’re on vacation, while at the same time we announce to the world that we’re not at home. Many people simply forget the extent of the audience that can access our online postings.

While youth are concerned with the immediate consequences of social networking content and their social privacy, such as embarrassment or “drama” [9], it is also important to remember that, once information or a status is posted, it is no longer in our control. For example, on Facebook, while we can delete a post we’ve made on someone else’s wall, or one that someone else has made on ours, or take down an album, a detailed record of all of our actions and content may still exist. Others can read what is posted before it is deleted and save a record of it. Several websites save and maintain a record of the content that has been posted on their site. Information can be transmitted on the Internet in a variety of forms, potentially for a very long time.

A developing technology that has privacy implications is face-recognition software, which  Facebook has recently introduced for its users. This new tool (which is not yet available in Canada [10]) allows for the auto-tagging of individuals in pictures when they are uploaded, by using previously uploaded photos to identify a user based on a number of facial features. Facial recognition is enabled by default on Facebook, which means that users must choose to opt out if they do not want to use it (or have it used on photos of them.)        

Data privacy

While many young Canadians take concrete steps to manage their social privacy, such as being selective about the information they make public or “whitewashing” their profiles by deleting or removing posts, data privacy is more difficult to manage. [11]

One way in which social privacy and data privacy combine to create issues is through the information we make public on social networking sites. While posting our full birth date, hometown, phone numbers, email (and physical) addresses, and other information, it becomes easier for both social privacy and data privacy to be invaded.

For example, the frequency of identity theft is increasing. Most of the information needed to steal another’s identity can be found on a detailed social networking site page. According to the RCMP, some of the information needed for identity theft includes full name, date of birth, and address. [12] Furthermore, other information that is commonly used for security questions – such as childhood address, pet’s name, or mother’s maiden name – can often be accessed by potential identity thieves through the various quizzes or applications that circulate social networking sites. As such, it is good practice to limit the amount of information that we share on social networking sites and give away in the “fun” quizzes and tests that are sent across websites.

Even if our personal data is not used for the purposes of identity theft, it still has tremendous value to others. Corporations are able to use this data to target advertising, while companies that collect it are able to offer it to advertisers as a detailed social graph.

For instance, Facebook is notified every time you access a website that has a “Like” button – whether or not you click it, and even if you’re not logged into your account. [13] The traces of information we leave whenever we click on ads, browse items from retailers, or watch YouTube videos are marketed and sold as a commodity to a number of corporations. [14]

Beyond purchasing it from other companies, corporations are able to access our data in a number of ways, using tools and techniques such as cookies, web bugs, third party applications, and spyware.          

Cookies are small files that are placed on a user’s hard drive whenever a website is visited. Cookies were developed in the early stages of the Internet to store information on sites that had been visited so that users could save their progress. This prevents users from having to enter the same information each time they visit a website. On shopping sites, for instance, cookies allow users to select items to purchase, navigate away from the site, and return later to find those items saved in their shopping cart. [15]

Canada’s Office of the Privacy Commissioner has an informative fact sheet discussing what cookies are and what they do, how they impact privacy, and how to restrict or block cookies from accessing information.

Web bugs, or beacons, are small transparent images that are placed on websites and are invisible to users. [16] When a user accesses a site with a web bug, the site’s code instructs the computer to download the bug to another server. This download provides the other server with detailed information about the user such as browsing history, IP address, and the browser (such as Firefox or Internet Explorer) being used. In this sense, they function in the same way as cookies except that web bugs cannot be blocked or turned off. [17]

There are, however, programs that alert users to the presence of web bugs on sites they access. In addition, Canada’s Office of the Privacy Commissioner has discouraged websites and advertisers from using web bugs, [18] although it remains simply a suggestion rather than a requirement.

Third-party applications, or "apps," are games or programs that run on a specific platform but are not designed or developed by that platform (such as games like Farmville or Bejeweled Blitz on Facebook). However, in order to use these applications, users have to agree to allow the application to access all of their personal information. Many of these developers have privacy policies which are complex, complicated, and unclear regarding for what purpose they access this information.

Spyware, also known as malware, is a kind of software that is designed to monitor computer activities. This can include simply monitoring activities or websites, or in some cases can extend to collecting personal information such as financial information or passwords. Generally, spyware needs to be installed on a computer; it can be done to a personal computer in order to monitor a person’s activities (for example, a parent might install spyware on their child’s computer). It can also be installed by employers or organizations in order to monitor employee’s activities, or the use of shared or public computers. Spyware can also work to advertise, or change settings on a computer. [19]

In some cases, spyware can be installed during the process of downloading or installing another type of software or file, such as a program or a music file. Because spyware is fairly prevalent, there are a number of programs that are available to detect, block, and remove spyware from your computer. In addition to such programs, it is good practice to only download files from trusted sources.


[1] boyd, d. (2011). Networked Privacy. Personal Democracy Forum. New York, NY. June 6. Accessed 4 May 2012 from
[2] Facebook. (2012). Newsroom. Retrieved 8 May 2012 from default.aspx?NewsAreaId=22.
[3] Twitter. (2012). Twitter Turns Six. Twitter Blog (blog of Twitter). Retrieved 15 May 2012 from
[4] Halliday, J. (2012, February 14). Myspace adds 1M new users in 30 days. The Guardian. Retrieved 14 May 2012 from
[5] MediaSmarts. (2012). Young Canadians in a Wired World, Phase III: Talking to youth and parents about life online. Ottawa, Ontario.
[6] Hayward, J.O. (2012). Is sexting the new witchcraft? A plea for a common sense approach. Unpublished Paper. Note that this notion of harm refers only to consensual sexting, not to instances where the sender is coerced, forced, or blackmailed.
[7] Calgary Board of Education. (2012). Digital Citizenship. Retrieved 9 May 2012 from
[8] Marx, G.T., & Steeves, V. (2010). From the beginning: Children as subjects and agents of surveillance. Surveillance and Society, 7(3/4), 192-230.
[9] Marwick, A.E., & boyd, d. (2011). The drama! Teen conflict, gossip, and bullying in networked publics. A Decade in Internet Time: Symposium on the Dynamics of the Internet and Society. September 2011. Retrieved 11 May 2012 from
[10] Elash, I. (2011). Facebook facial-recognition feature won’t be available to Canadians. The Globe and Mail. Retrieved 14 May 2012 from
[11] boyd, d. (2010). Risk Reduction Strategies on Facebook. Accessed 4 May 2012 from http://
[12] Royal Canadian Mounted Police. (2012). Identity theft and identity fraud. Accessed May 4, 2011 from
[13] Consumer Reports. (2012). Facebook and your privacy. Accessed 7 May 2012 from
[14] Fuchs, C. (2011). Web 2.0, prosumption, and surveillance. Surveillance and Society, 8(3), 288-309.
[15] Cavoukian, A. & Hamilton, T.J. (2002). The Privacy Payoff. Toronto: McGraw-Hill Ryerson Limited.
[16] Gomez, Joshua, Travis Pinnick and Ashkan Soltani, KnowPrivacy. June 1, 2009.
[17] Cavoukian & Hamilton, 2002.
[18] Office of the Privacy Commissioner of Canada.