ABSTRACT
Social login is the use of a social network account to get access to other services. Since the internet in its architecture does not have the possibility to identify the internet user, for many services, social logins are the solution to authenticate users without the need to set up individual identity management systems. Social logins are not useful for all types of services, however, and the potential lock-in and lock-out of users needs to be considered.
Disclosure statement
No potential conflict of interest was reported by the author .
ORCID
Jessica Schroers http://orcid.org/0000-0002-3741-8123
Notes
1 Various different identity management systems exist, for different applications (e.g. e-government, e-commerce, games and social media services, company specific internal access systems, etc.). The technology and initiatives are constantly evolving (see, for example, for an overview of the evolution of standards and technologies for user identity management from 1999 till 2013 (Jøsang Citation2014)).
2 Official term used in the literature, though sometimes also other terms are used, e.g. identity intermediary. In fact, this role can be divided across different entities, including e.g. a registration and/or an authentication authority.
3 From the Statista report, ‘Social login preference of global internet users as of 2nd quarter 2016’ Facebook has a share of 53.1%, Google+ 44.8% and Twitter, LinkedIn and others around 1% or below.
4 However, since the assessment of controller is a factual assessment, it is also possible that they could be considered joint controllers. E.g. the AG in case C-210/16 considered the administrator of a fan page on Facebook as joint controller of the processing of personal data that is carried out for the purpose of compiling viewing statistics for that fan page (Opinion of Advocate General Bot, delivered on 24 October 2017, Case C-210/16 Unabhängiges Landeszentrum für Datenschutz Schleswig-Holstein v Wirtschaftsakademie Schleswig-Holstein GmbH, nr 77). However, in that case both the administrator and Facebook use the viewing statistics, while in case of social login it seems that Facebook simply transfers the information to the relying party and therefore it is more likely a case of separate controllers.
5 However, it might still be considered, e.g. the UK NHS, see Marshall (Citation2016), and providers might use more reliable identification in future (e.g. Airbnb uses a combination of the offline identity (e.g. copy of ID card) and online identity (e.g. Facebook login) to authenticate its users (Airbnb verified ID: Airbnb. 2013. Introducing Airbnb verified ID. 30 April, 2013. https://blog.atairbnb.com/introducing-airbnb-verified-id/). In principle, Airbnb could then again become an identity provider with a more reliable identification than, e.g. Facebook.
6 For example, often the strict real name policy can be a reason for termination, as the author Salman Rushdie found, Wilson (Citation2011). Other examples: Leydon (Citation2013) and McCue (Citation2012). See also Van Alsenoy et al. (Citation2015) for more examples of Facebooks reasons for termination.