To whom will all the data flow? Enable users to monitor the proliferation of shared information

Due to a possibly upcoming federated social web, the risk for users of publishing information to an unintentional broad circuit of people will increase. Nowadays, it is already an issue for social network users to take every person into account who will get an information be- fore sharing it. Moreover, a possibility to monitor data flows and control access to personal data after sharing information is almost nonexistent. In contrast to enterprise identity management systems in which provider- engineered processes control the access to and flow of information, such management will be within the area of responsibility of users themselves with respect to a federated social web. Consequently, a privacy require- ment for a federated social web is to offer possibilities to control the flow of identity information across participating networks. Particularly, such user-based identity management should provide capabilities to con- trol data flows in a proactive manner as well as reactive components to monitor the data proliferation. In this position paper, we motivate the necessity of such management opportunity on the basis of a study on th ... mehre publicly available data in online social networks and the current linka- bility of social network profiles. Furthermore, we contrast user-based management of data flows with experiences we gained by developing and operating federated identity management services at the Karlsruhe In- stitute of Technology (KIT).