The other side of privacy: surveillance in data control

Privacy and surveillance take on new forms through social software technologies. Privacy may not be achieved by being let alone, rather, by choosing a group of people whom are trusted with one's data. Similarly, surveillance takes the form of monitoring users' data rather than monitoring users themselves. To offer privacy and counter surveillance, the \"privacy as control\" paradigm focuses on approaches that offer as much data control as possible. In practice, offering control to users depends on assigning control to non-user entities, who may have surveillance capabilities, which results in an interdependency of privacy and surveillance. This interdependency is problematic and contradicts what data control approaches should offer. In this paper, we examine this interdependency in data control within social software. We put forward criteria to evaluate the degree of control and privacy and the degree of surveillance entailed by a data control approach. We perform a comparative analysis of data control approaches in the technical and the legal context. The analysis shows how certain aspects of surveillance are deeply rooted in the realisations of \"privacy as control\". We argue that data control approaches should offer transparency, reciprocity and a balanced degree of control as a first step towards addressing the interdependency of privacy and surveillance.