A Lightweight Scheme Exploiting Social Networks for Data Minimization According to the GDPR

In many application domains, there is a need to ensure that users satisfy some requirements to use a service: for example, there is a minimum age to buy alcoholic beverages or to watch some videos on YouTube. In these situations, organizations typically collect more personal information than necessary to provide a better service. The consequence is a personal data leakage that violates the data minimization principle stated by the General Data Protection Regulation 2016/679. This article proposes a new approach for allowing individuals to maintain control over the disclosure of their data, deciding which information to disclose and for how long. Our approach is based on the use of social networks, and implementation on Facebook is presented to show that the proposed solution is effective, cheap, friendly, and simple to adopt.