Risk and Regulation of Access to Personal Data on Online Social Networking Services in the UK

Abstract

This research investigates the relative effectiveness of different modes of regulation of access to personal data on social networking services in the UK. A review of the literature demonstrated that there was a gap in research comparing different regulatory modes applied to online social networking services (SNSs). A model of regulation was developed based on Lessig’s four modes of regulating the internet. Risk to individual users was selected as a way of testing different regulatory approaches, using the premise that risk-based regulation has become a key consideration in European regulation. The regulatory effects were tested using: online surveys, interviews with industry experts, content analysis of privacy policies, and a legislative review. The research data are appended to the main body of the thesis. The research demonstrated the potential of risk as a means of distinguishing between different regulatory modes and concluded that a combination of regulatory approaches was the most effective way of protecting individuals against abuse of personal data on online SNSs. Further research suggested includes: looking at risk from the perspective of companies, and of society; further development of the regulatory model; and country comparisons to discover whether the findings of this study are more generally applicable.