Case study

Online users use more and more social login on third-party sites or applications. To use an existing account to login is faster than to fill in personal information forms over and over again. However, many online users, even those who frequently use social login systems, are not aware of the policies and conditions they agree with. They are often unaware of the consequences of their authentications to access websites and applications, and thus of the information that can be retrieved from their social networks. In this paper, we provide a case-study of the legal requirements that must be observed when social login features are used for authentication in a mobile application in the workplace. The legal requirements considered in this case-study follow from the Belgian implementation of the EU legal framework on privacy and data protection. Particularly interesting for this study is the storage of the data following from external social network profiles; the retention of the retrieved information processed to compute an extra layer of reputation; and the policies accompanying the social login features.