Stewardship of personal data on social networking sites

The extant Information Management literature highlights the asymmetric distribution of power between users and online platforms, while the issues related to the stewardship of personal data on such platforms remain problematic and largely unresolved. To address that lacuna, we propose a conceptual design that can help to overcome many of the challenges related to storage, analysis, and integrity associated with the stewardship of personal data on online platforms. We adopt a systemic perspective and propose a shift from the current user-platform relationship to one in which users control the level of access to their data, organisations are relieved from the burden of maintaining personal data, and the data are not decoupled from information about their provenance and context of origin. We apply our conceptual design to the context of social networking sites, where we specifically address issues related to privacy, and identity and pave the path to a broader set of possible applications. We discuss the significance and timeliness of our proposed conceptual design for the stewardship of personal data, and the importance of our findings for future research, as well as for the design of online platforms.


Introduction
The escalation in quantity and granularity of personal data can reveal the behaviours, preferences, and personality traits of users on online platforms (Georgiadou, Angelopoulos, & Drake, 2019;Ioannou, Tussyadiah, & Lu, 2020).The ability to manage and leverage personal data is a critical determinant of competitive advantage (Liu, Soroka, Han, Jian, & Tang, 2019), and this imperative has spawned business models associated with data trading (Perera et al., 2017), and the possibility for payments in exchange for personal data (Lu, Ou, & Angelopoulos, 2018).Such opportunities entail addressing integrity, and security issues and bring to the fore issues related to the breach of privacy, the transparency of purpose for which personal data is collected, and the use to which it is put (Ghasemaghaei, 2020).
The Information Management (IM) literature to date has focused on data management problems (e.g. de Camargo Fiorini, Seles, Jabbour, Mariano, & de Sousa Jabbour, 2018;Ghasemaghaei, 2019Ghasemaghaei, , 2020)), highlighting the asymmetric distribution of power between users and online platforms that collect and exploit personal data (e.g.Ioannou et al., 2020;Spanaki, Gürgüç, Mulligan, & Lupu, 2019), while the problems related to the stewardship of personal data on such platforms remain timely and largely unresolved (Gregory, Henfridsson, Kaganer, & Kyriakou, 2020).We address that lacuna, by articulating a conceptual design (Nunamaker, Chen, & Purdin, 1991) to overcome the challenges of stewardship of personal data, and to enable the development of privacy-focused platforms (e.g.Ioannou et al., 2020).
We frame our work along the lines of established IM studies (e.g.Conboy, 2009), and follow a design science approach (Gregor & Hevner, 2013;Grønli, Ghinea, & Bygstad, 2013;Hevner, March, Park, & Ram, 2004;Peffers, Tuunanen, Rothenberger, & Chatterjee, 2007).In doing so, we first identify the shortcomings of the stewardship of personal data on online platforms, based on which we then define the objectives for a solution, and propose a conceptual design incorporating them.Specifically, we use the principles of distributed computing (e.g.Bayramusta & Nasir, 2016;Senyo, Addae, & Boateng, 2018) and separation of concerns (SoC) (Hürsch & Lopes, 1995) to address issues related to data storage, analysis, and integrity, whilst enabling online platform users to exercise more control over their data.We adopt a systemic perspective and propose a shift from the current user-platform relationship to one in which: i) users control the level of access to their data, ii) organizations are relieved of the burden of maintaining data, and iii) data are not decoupled from information about their provenance and context of origin.Following these, we demonstrate the utility of our conceptual design through an application on social networking sites (SNS), for which we conduct a survey to identify strategies deployed by users to manage their privacy on the various SNS (e.g.Huberman et al., 2005).Specifically, considering recent cases of alleged misuse of SNS personal data, we address issues related to privacy and identity (e.g.Krasnova, Veltri, Eling, & Buxmann, 2017;Shibchurn & Yan, 2015) and complement our conceptual design with two proposed processors for privacy and identity management, paving the path to a broader set of applications that can provide users of online platforms with greater granularity of control over their data.
This study makes an artefactual contribution (Ågerfalk & Karlsson, 2020) to the extant IM literature focusing on privacy issues (Ghasemaghaei, 2019(Ghasemaghaei, , 2020) ) and systemic problems (Abbasi, Sarker, & Chiang, 2016;de Camargo Fiorini et al., 2018), by motivating and implementing a conceptual design in response to the challenges related to the stewardship of personal data on online platforms, without compromising users' privacy (Agarwal & Dhar, 2014;Goes, 2014).We also contribute to the IM literature on privacy-focused SNS, by applying our conceptual design to this context to address issues related to privacy and identity (Krasnova et al., 2017), and to pave the path to a broader set of possible applications.
Our paper is organized as follows: in the next section, we delineate the features of personal data and the issues of leveraging their potential, revealing the need to develop an alternative to the current approach of personal data collection, storage, and analysis.We then propose a conceptual design to meet that need, and illustrate its merits by applying it in SNS.In the penultimate section, we present the limitations of the proposed design, as well as its implications for organizations, users, and the society at large concerning a change in public perceptions.We conclude the paper by reflecting on opportunities for further research.

Background and problem statement
Following the approach of Peffers et al. (2007), we initially pinpont the shortcomings of the stewardship of personal data on online platforms.Extending the harvesting of personal data across various aspects of peoples' daily lives can enable organizations to articulate individuals' behaviours, preferences, and identities (Agarwal & Dhar, 2014;Goes, 2014).The collection of individuals' intimate information on online platforms presents a series of significant ethical challenges, the more wicked of which are concerned with: • The provenance of data and the need to address the relevance of original contextual information when combining data from diverse sources (Montealegre, Hovorka, & Germonprez, 2014), • The context-dependent immediacy and relevance of the required information, and the contingent nature and complexity of the socially situated systems-in-use (Lycett, 2013) • The legal and ethical issues, and the behavioural inferences related to the exploitation of personal data in ways that the users are not aware of (Abbasi et al., 2016).
Whilst the value proposition for using personal data may be attractive to organizations (2020( , Ghasemaghaei, 2019;;Liu et al., 2019;Zuo, Angelopoulos, Ou, Liu, & Liang, 2020) and governments (Georgiadou et al., 2019), their use can spawn significant ethical concerns (Janse, Ou, Angelopoulos, Davison, & Jia, 2017;Perera et al., 2017).Novel models for incentivizing and engaging users, challenge conventional positions on issues such as privacy protection, and make use of gamification (Lowry, Gaskin, & Moody, 2015) and monetary or other incentives (Lu et al., 2018) to persuade users to hand over personal data.The terms of service (ToS) force individuals who want to register on online platforms to agree to their data being used by those platforms and potentially by others contracting with them.Even when reasonable ToS are offered, there is always a possibility that an online platform could merge with another that is less scrupulous with the use of personal data.In terms of the premises of the newly emerged field of Human-Data Interactions (e.g.Mortier et al., 2016;Perera et al., 2017), such models lack legibility, agency, and negotiability, since the users: • Cannot discern the multiple sources their data are collected from, the analysis that is performed on their data, and the consequences of that analysis, • Lack awareness regarding the ways that exist to affect data collec- tion and analysis, and • Are trapped by the imposed features, facing binary accept/reject ToS mechanisms, the difficulty of refining decisions, and of correcting data or inferences held about them.
Concurrently, data regulations around the world (with prominent ones being Europe's GDPR, USA's HIPAA, NIST 800-171, GLBA, FISMA, Canada's PIPEDA, and Australia's APA), shifted the discussion and presented organizations that collect personal data with a new reality-one in which holding personal data can become a liability.Consequently, many organizations that collect personal data have become sensitive to the issue, especially those associated with SNS, which have recently suffered from several personal-data-related liabilities.
The difficulty in quantifying the risk of handling and abusing personal data raises significant privacy concerns (Abbasi et al., 2016).The work of Kramer, Guillory, and Hancock (2014), for instance, highlights a more insidious aspect of the acquisition and deployment of personal data, demonstrating how such data can be used to manipulate emotions without the consent of users.More recently, the alleged misuse of Facebook users' data by Cambridge Analytica illustrates the problem of transitivity of personal data: users entrusted their data to Facebook for a specific set of reasons and benefits, but, without their consent or knowledge, their data were passed on to 3rd parties, who allegedly committed the transgression of exploiting these data for analysis, psychological profiling, targeting change of opinions, and tampering with democratic processes.
These cases bring to the fore the burden that responsible stewardship of personal data imposes on organizations, highlighting the ethical, psychological, legal, economic, and political consequences that follow when the stewardship of personal data is compromised.They also accentuate the need for novel solutions that safeguard the privacy of users on online platforms without stifling the ethical deployment of personal data in business, and society (Georgiadou et al., 2019;Ghasemaghaei, 2019Ghasemaghaei, , 2020;;Janse et al., 2017;Liu et al., 2019).
These considerations have led to greater public scrutiny of questionable practices regarding the sharing of personal data with 3rd parties and have prompted popular SNS to make promises regarding their safeguarding of personal data.Whilst such promises have failed to materialize, they have also failed to address the fact that personal data remain consolidated and stored on the organization side, creating in this way a 'honey-pot' for malicious entities.As a result, the continuous leak of personal data by such entities remains a serious problem.
Concurrently, SNS users with overlapping networks extending in both the online and offline spaces resort to alternative solutions to selfmanage their privacy by using multiple identities (Angelopoulos & Merali, 2015, 2017).In projecting their identities through their SNS interactivity, users demonstrate a small number of identities at a time, based on their situational context, making these exposures context-dependent.Through the self-management of their multiple identities, the users can control how others perceive them within a certain setting (Ellison, Heino, & Gibbs, 2006;Schwämmlein & Wodzicki, 2012).SNS users, thus, may turn into the distinctive affordances and social norms of the various SNS to craft contextually specific presentations of self, and to distribute specific content on specific SNS, possibly influenced by the affordances as well as the ToS of the SNS (Zhang & Leung, 2015).Such practices, however, impede the development of consolidated profiles, and their attendant risks (Krasnova et al., 2017;Shibchurn & Yan, 2015).To address the aforementioned issues, we frame our study along the lines of established IM research (e.g.Conboy, 2009), and follow a design science approach (Gregor & Hevner, 2013;Grønli et al., 2013;Hevner et al., 2004;Peffers et al., 2007).

Methodology
Design science seeks to develop artifacts for solving problems while differing from theory-building and theory-testing, which seek observation-based explanations (Holmström, Ketokivi, & Hameri, 2009).In doing so, design science studies make artefactual contributions to the IM literature (Ågerfalk & Karlsson, 2020), and as such, the approach has attracted the interest of many IM scholars (Gregor & Hevner, 2013;Grønli et al., 2013;Hevner et al., 2004;Peffers et al., 2007).We follow Holmström et al. (2009) and adopt a definition that focuses on exploration by design, in which design science explores novel alternatives to solve a problem, elaborates on this exploration, and ultimately improves problem-solving.Typically, design science studies: i) identify the problem, ii) define the objectives for a solution, iii) propose a design for the solution, iv) demonstrate the design, v) evaluate it, and ultimately vi) communicate the solution (Peffers et al., 2007).Whilst the evaluation phase is crucial in design science (Hevner et al., 2004;Peffers et al., 2007), it is not uncommon to be omitted when the research context does not allow such an opportunity or to be limited by the study conditions (e.g.Spanaki, Karafili, Sivarajah, Despoudi, & Irani, 2020).
Aligning our work to the design science approach (Peffers et al., 2007), we first i) identify the problem, and ii) define the objectives based on the considerations described in our problem statement.We then iii) propose a conceptual design in response to the challenges related to the stewardship of personal data on online platforms, without compromising users' privacy.Following this, iv) we demonstrate the utility of our proposed conceptual design through an application on SNS to address issues related to privacy and identity.To understand the privacy-related needs of SNS users, as well as the strategies they employ to manage their privacy on the various SNS, we conduct a survey, and based on the results, we enhance our conceptual design by proposing further enhancements.Our study is limited by the absence of an evaluation phase, as this would require collaboration with existing SNS in implementing our design, along with the possible business models that could complement it, which is beyond our scope.

Conceptual design
The considerations that we described in the problem statement, define the objectives for the development of our conceptual design, which embodies a paradigm shift in how personal data are accessed and used by online platforms.In our proposed conceptual design, personal data reside with the users, allowing them greater control over access to the data (Fig. 1).
An organization wanting to conduct analytics over a particular set of attributes, can locate those users that allow access to the required set, negotiate access to the specific data needed to conduct analytics directly on the privately-held data, and receive back only the results of the required analysis, while the data remain on the user-side throughout this chain of events (Fig. 2).In contrast to traditional approaches based on the selection of representative data, our approach allows organizations to target users, and so can be used for more accurate service personalization based on the preferences of users, or for analytics on specific groups of users.
The ownership and possession of data reside with the originators, along with the discretion to choose whether to allow access to specific services.This entails a shift in power from the online platforms that exploit personal data to the originators of the data.Our approach retains the originator's context and information and eliminates the need for centralized management and storage by providing distributed, and granular personal data store maintained by the users.Moreover, the sample selected in traditional statistical analysis is predicated on a frame derived from ontological assumptions about the structure of the world, while currently for personal data analytics the selection of a representative sample is predicated on the intrinsic structure of the data, in an algorithmically determined way (Chang, Kauffman, & Kwon, 2014;Kitchin, 2014).Furthermore, in the traditional approach, the wealth that personal data held is rarely used by organizations, but organizations still bear the burden of maintaining costly infrastructures to retain the data.Our proposed conceptual design eliminates such a need, and provides organizations with a way to directly target specific users or groups of users.
Our design is predicated on the principle of SoC, providing a connecting layer over existing services, to enable a common interface for flexible and scalable access to personal data across a heterogeneous user base.SoC rests on the idea that system elements should have exclusivity of purpose, and there should not be elements sharing responsibilities.It, thus, focuses on delineating system elements to make the system manageable, resilient, and robust.This entails establishing constraints so that the system comprises of elements with non-repeating responsibilities, reducing the overhead for managing the complexity of the system.
Based on the proposed conceptual design, we implement an application architecture which-following the principles of SoC-has three layers: shim, storage, and processing.To account for interoperability, the application functions similarly to an email client, aggregating SNS activity by using secure communication protocols.The application architecture is shown in Fig. 3, where the various SNS are represented as 'Data Source', from which the application updates the 'Shim Layer', which provides compatibility with application programming interfaces (APIs).The data are then transferred to the 'Storage Layer', which resides on the user-side as predicated by our proposed conceptual design (Fig. 1).The proposed architecture is enhanced with a series of 'processors', which are responsible for transforming data with small, agentlike applications before, ultimately, the user receives the information through the client.
Shim layer.Following the principles of SoC in our architecture, we incorporate a shim layer that prevents duplication and provides extensibility, lowering the deployment and maintenance costs.Such a layer ensures compatibility with newer versions of applications and resolves issues during the development of applications for new online platforms.The shim layer provides a connection with the existing SNS Fig. 1.Data storage and access in the proposed conceptual design.
S. Angelopoulos, et al. International Journal of Information Management 56 (2021) 102208 to aggregate data into a unified format, and to distribute their transmission.Furthermore, this layer collects the ToS of each SNS, which are then used by the processing layers.Such a layer in our architecture, thus, communicates with the various SNS, and converts the SNS data to a uniform format, making them available to the other layers.
Storage layer.Data storage and redundancy represent a significant element of the proposed conceptual design, since all personal data are stored and replicated on the user-side.The sharing of information through data replication ensures consistency amongst redundant resources and improves reliability, fault-tolerance, and data accessibility.The data aggregated by the shim layer are stored in the storage layer, which is a distributed repository, acting as an intermediary for the user client, releasing the user from the need to communicate directly with the SNS.Such a design enables real-time operation, by receiving the data from the first layer and providing them to the processors, while storing them for later use, based on the user preferences.Data such as ToS and past communication, therefore, can be stored and updated only when it is needed, for later use by the processing layer.The storage layer, therefore, enhances resilience by providing transparency, redundancy, and efficacy to the system.
Processing layer.The processing layer provides an input and output interface and is responsible for transforming the data flowing through it with a series of processors before users receive the information through a client.This layer is pluggable with published APIs, which can enable 3rd parties to experiment with it and extend the architecture with additional processors.Moreover, the processing layer enables control over the presentation of content to the users.

Processor design: a design science approach to address user requirements
As predicated by the approach of Peffers et al. (2007), we demonstrate the utility of our conceptual design through an application on SNS.To better understand the privacy-related needs of SNS users (Wang, Yan, Lin, & Cui, 2017;Dinev & Hart, 2006;Guo, Lu, Kuang, & Wang, 2020;Malhotra, Kim, & Agarwal, 2004;Sullivan & Koh, 2019;Wang, Duong, & Chen, 2016), as well as the strategies they employ to manage their privacy on the various SNS (e.g.Huberman et al., 2005), we conducted an online survey, exploring i) how users behave on the various SNS, ii) how they self-manage their multiple context-dependent identities, iii) how much and what they reveal about their lives on those SNS, and iv) how they manage their online social networks overall.Following Peffers et al. (2007), and considering cultural influences on users' perception and preferences when initiating a system design, we constructed a questionnaire based on the relevant literature (Dholakia, Bagozzi, & Pearo, 2004;Karl & Peluchette, 2011;Kodjamanis & Angelopoulos, 2013;Koh & Kim, 2003;Kuhn & McPartland, 1954;Peluchette, Karl, & Fertig, 2013;Wasko & Faraj, 2005;Zhang & Leung, 2015), and by grouping the related questions, we created distinctive attitudinal measures (Table A1, Appendix A).To maximize the validity and minimize the bias of our survey, a pilot phase preceded the data collection, which included n = 66 participants.The findings of our pilot phase (Appendix B) show that users tend to use different SNS to address different interests and to separate their personal and professional lives.They tend to use multiple accounts on the same SNS for the same reasons.They tend, however, to use the same account on specific SNS to contact specific users, and they also use the same email account to communicate with specific users.The users tend to post the same information on their accounts on the various SNS, and overall, they are satisfied with the use of multiple accounts on the various SNS to selfmanage their identities.The findings from our survey, described in greater detail below, enabled us to develop a more nuanced architecture for the proposed processors of our design.
The data collection lasted ten days, and overall 324 SNS users participated.All the participants were native English speakers.Out of these participants, 51 did not complete all the questions and were excluded from the analysis.From the remaining 273 participants, 4 refused the privacy statement and were also excluded from further analysis, leaving a total of 269 participants.The survey was conducted online and addressed an international audience.Demographic information about age, gender, and education was collected.In Table 1, we present the demographic descriptive statistics of the participants in our survey.
As the purpose of the survey was to determine the wider privacyrelated needs of SNS users, a cross-sectional analysis related to the nationality of the participants is beyond the scope of this paper.Out of the 269 participants in our study, 251 (93 %) report having a Facebook account, 151 (56 %) a Twitter account, 177 (65 %) a LinkedIn account, and 81 (30 %) an account on other SNS.Facebook, Twitter, and LinkedIn are the most prominent SNS, which is consistent with the results of our pilot study.In terms of multiple account holders, 49 participants (18 %) report having multiple Facebook accounts, 33 multiple Twitter accounts (12 %), 2 multiple LinkedIn accounts (less than 1%), and 10 (approximately 4%) multiple accounts in other SNS, whilst 189 participants (70 %) report not having multiple accounts in any SNS.To ascertain the overall effect between the various SNS and the use of multiple accounts, these differences are explored using a 2*5 chi-squared, followed by a post hoc examination of standardized adjusted residuals to identify areas which made a significant contribution to the chi-squared results.We use a binary logistic regression between the use of SNS and our attitudinal measures to explore their relationship.A chi-squared test reveals differences between the use of single and multiple accounts with specific SNS in this context to be significant (chi 2 = 43.53,df = 4, p = 8.028*10 −9 ).The results of the analysis of chi-squared standardized residuals reveal that the use of multiple accounts within the same SNS is more common amongst Facebook and Twitter users, and considerably less common amongst the users of the other SNS (see Table 2).
Our findings show that participants who tend to use multiple SNS (Exp[β] = 1.47,CI 1.10-1.97),use them for a wider variety of purposes (Exp[β] = 1.01,CI 1.01-1.02),and they tend to engage in a higher level of offline audience management (Exp[β] = 1.27,CI 1.00-1.60).Our results show that the total number of accounts on SNS is the strongest predictor of the multiple uses of SNS (see Table 3), which means that the more SNS a user has at least one account on, the more likely it is for this user to have more than one account on at least one of those SNS.Our analysis reveals differences regarding the information sharing patterns of users on the various SNS.In terms of the total information revelation, a repeated measure MANOVA using Wilks' Lambda reveals significant and large effect amongst the various SNS (F = 32.009,Hyp df = 3, Error df = 83, p = 1.76*10 −13 , Eta 2 = 0.536).Moreover, we identify that there is considerable variation in the type of information shared by users on each SNS (Table 2).
A chi-squared analysis demonstrates that these differences are statistically significant (chi 2 = 330.12,df = 27, p = 6.87*10 −54 ), and an examination of the standardized residuals reveals the effects contributing considerably to the chi-square results.To explore the differences in attitudes between the users holding multiple accounts and single accounts, we performed an independent subject MANOVA including the type of SNS user as the independent variable and the attitudinal measures as the dependent variables.The multivariate test was significant (λ = 0.913, F = 2.415, Hyp df = 10, Error df = 253, sig = 0.009), and post hoc testing using Sidak correction for multiple tests shows that the participants in our study holding multiple accounts within the same SNS tend to have accounts on more SNS, which they also tend to use for a wider breadth of activities, they tend to reveal more information about themselves, and finally, they are prone to incorporating offline audience-management practices (Table 4).Based on our findings, we can conclude that the existing SNS platforms are limited in their capacity to deal with the complex users' needs for two reasons: i) they have been designed for a limited scope, and thus are use-specific, and ii) they do not allow the use of multiple accounts, and thus users have to create accounts on multiple SNS to express multiple identities.
Consequently, the inherent weakness of dominant SNS is that they try to satisfy some of the needs of many users.SNS users, however, can have multiple identities, some of which might be associated with pseudonymous accounts.The importance of controlling privacy and the ability to choose distinct levels of exposure for different combinations of personal data, social contexts, and affordances of online platforms, is reflected in the strategies deployed by the participants of our study.As the findings of our survey show, the attempts to support this richness via the implementation of solutions such as "groups" or "lists" have been proved largely inadequate since the cognitive effort required can result in their misuse or non-use.

Processor architecture
Following the approach of Peffers et al. (2007), we enhance our conceptual design by proposing two processors that at based on the findings of our survey, which show that users tend to maintain accounts on various SNS, with overlapping groups of contacts.Thus, when users send the same message through their various accounts, their contacts might receive it several times on the various SNS.Our first proposed processor, thus, is an adaptive message filter (Fig. 4, left), which can detect such messages and ensure that the contacts of the user will receive the message only once.Similarly, when users send personal messages, the filter can route them via the SNS where the receiver will most likely respond, by conducting real-time network analytics based on the past communication stored in the storage layer.To illustrate its utility, let us take as example user A who is connected to user B on SNS1 and SNS2.When user A posts the same message on both SNS, user B will receive it through the client just once.
The second processor (Fig. 4, right) protects users from posting copyrightable content, and from the consequences that follow, enabling them to choose the rights they permit.The ease of posting content that all SNS provide, may inhibit its deliberative consideration and lead to publishing copyrightable content.The processor can identify problematic situations, and warn the users by observing the ToS in the storage layer the rights that need to be transferred.To illustrate its utility, let us take as example user A, who attempts to compliment a post with a picture that has copyrights protection.In such an attempt, the client will promptly warn the user that this picture should not be posted.The conceptual design can be strengthened with 3rd party processors, as it is built on open standards for this purpose (e.g.Boehmke, Hazen, Boone, & Robinson, 2020).

Architecture communication
For the communication of the proposed conceptual design with the current and future SNS, we use existing secure communication protocols, which can ensure its security and efficiency.Similarly to the use of multiple online identities on SNS, people use multiple email addresses to separate their communication based on their personal and professional identities; having personal email addresses for ease of use and longevity, as well as professional ones for their relevant professional communication.These identities and respective email addresses exist together only within the private context of users' devices.
There are two prominent communication protocols for sending and receiving emails.The most prominent communication guidelines enabling applications to send emails is the simple mail transfer protocol (SMTP), while for retrieving and storing emails the most prominent ones are the Internet message access protocol (IMAP), and the post office protocol 3 (POP3), with the former enabling users to synchronize emails across multiple devices.The use of SMTP and IMAP enables the incorporation of existing protocols to transmit and store information.Concurrently, the multi-purpose Internet mail extensions (MIME) allow the exchange of many data types as well as metadata related to addressing and provenance.A wide range of existing clients can understand MIME, enabling the experimentation with storing SNS data as MIME, and displaying them without format changes, enabling the support of multi-party encryption.
Such an approach can address format standardization and provide a flexible transport-independent asymmetric encryption for per-user and per-service privacy and authentication.Users' multiple identities are linked only on the user-side based on out-of-band information  indicating that they belong to a specific SNS user.When identities belong to several pods, they can be blurred and have a semantic meaning for the users who can resolve them.Such an approach enables SNS communication through key management with authentication support for messaging, allowing trusted clients to interpret incoming messages, which can become trusted via face-to-face interactions or out-of-band mechanisms.

Discussion
The proposed conceptual design redresses the asymmetric distribution of power between users and online platforms, by being open, and self-hosted on the user-side.It, thus, enables online platforms to provide agile and lightweight applications that are relevant to real-time individual contexts, and able to run on the user-side, which only return the outcomes of analysis (Fig. 1).Each application installed on the userside for an online platform, also generates data in the form of analyses results that can be stored and used as input by the applications of other online platforms, and thus, the consumption of data on the user-side leads to the production of new data about the user, which always remain stored on the user-side.
As shown by our survey participants, the limitations of online platforms have compelled users to develop complicated and cumbersome strategies to manage their identities and privacy.In the literature and popular media, the discussion about users' privacy is becoming increasingly relevant and heated, due to the consequences that follow when the stewardship of personal data is compromised, and there have been many attempts to provide solutions to this problem (Perera et al., 2017).To date, however, most of such proposed solutions are softwarebased and cloud-hosted, leading to another set of problems related to the security, performance, and interactivity of the data (Mortier et al., 2016).However, that said, such software-based and cloud-hosted solutions can run as processors in the proposed conceptual design we describe here, minimizing in this way the limitations they present for users' privacy.

Implications
Our work makes an artefactual contribution (Ågerfalk & Karlsson, 2020) towards resolving the privacy and provenance issues highlighted in the IM research agenda (Abbasi et al., 2016;de Camargo Fiorini et al., 2018;Ghasemaghaei, 2019Ghasemaghaei, , 2020)).The proposal that personal data reside with the user can provide greater control over who can access the data.Such a change in the paradigm of the instrumental ways that personal data are stored and used (Chang et al., 2014;Kitchin, 2014) can catalyse a change to "the entire social theory that goes with them" (Latour, 2009, p. 155).
The proposed conceptual design integrates message filtering, ensuring that SNS users receive each message once.Currently, it is not uncommon for SNS users to receive a specific message several times from another user since many users, out of convenience, interconnect their accounts on the various SNS and distribute the same material on them.Moreover, our conceptual design provides intelligent lists for sharing messages, enabling users to distribute certain material only to those that it is relevant to.Exercising control in this way can be extremely valuable, as, for instance, the family members of a user might not have an interest in receiving updates concerning a hobby, or it might be embarrassing-or worse-to share personal photos with colleagues.Our conceptual design enables an intelligent application, which takes into consideration the various SNS distribution channels as well as the multiple identities of users, enabling suggestions regarding the possible recipients of a message, taking into account the content of the message, the interests of the users, and the properties of the routes available to reach all the recipients, along with information regarding the contacts that should not receive it.
Implications can also be distilled from the results of our survey, since our findings demonstrate that it is necessary to revisit the way that we design SNS, to provide users with better ways to self-manage their multiple context-dependent online identities.This can provide users with greater utility, creativity, and flexibility in the use of their social networks along with control over such use.The self-management of multiple context-dependent online identities is still an issue to be pursued by both academia and the industry, and there is a profound need for better tools to be implemented either by the SNS or by thirdparties that will take up the challenge of implementing new tools tailored to the identified needs of SNS users, since the tools that are already available and provided by the existing SNS for the self-management of multiple context-dependent online identities are insufficient and often neglected by the users.
Our study, thus, contributes to the extant IM literature by motivating and implementing a conceptual design in response to the challenges related to the stewardship of personal data on online platforms in general, and in SNS more specifically, without compromising users' privacy (Agarwal & Dhar, 2014;Goes, 2014).Moreover, our work contributes to the IM discussions on privacy-focused SNS, by applying the proposed conceptual design to the context of SNS, to address issues related to privacy and identity (Krasnova et al., 2017), and to pave the path to a broader set of possible applications.Our conceptual design does not intend to provide a "better" alternative to existing systems in use, rather one that is privacy-focused, and can enable opportunities for online platforms with privacy by design (Bu, Wang, Jiang, & Liang, 2020), as well as give rise to theory building in line with the IM research agenda (Kar & Dwivedi, 2020).Our work, thus, does not attempt to close the discussions on the topic, rather open it to novel avenues of research and development.
The proposed conceptual design also bears practical implications for the management of online platforms.Specifically, organizations can be relieved of the burden of maintaining data, and the data will not be decoupled from information about their provenance and context of origin.As personal data reside with on the user-side, online platforms do not need costly infrastructures to retain them.Moreover, the proposed conceptual design can enable online platforms to provide applications relevant to real-time individual contexts, giving rise thus to novel business practices for personal data use and storage, and spark novel business models related to leveraging the user-side affordances.For instance, using the outcome of the analysis of an application as input for another application can give rise to new communities of 3rd party developers that will be able to provide context for the input of their applications, with users able to define the level of access that such applications would have to their data (Price et al., 2015).

Limitations and future research
Certain limitations need to be acknowledged, emerging mainly from a series of real-world difficulties that surround the implementation and use of our proposed conceptual design by both users and SNS organizations (e.g.Chen, Lu, & Tang, 2019;Lu, Li, Ioannou, & Tussyadiah, 2019).The main limitation of our work here is the lack of a prototype implementation and real-world evaluation (Snyder, 2003) of the proposed conceptual design and its application on SNS, as it would be prescribed by design science (Peffers et al., 2007).This phase would require the collaboration of existing SNS in implementing our conceptual design, along with the possible business models that could complement it, which was beyond the scope of our study.Our work, however, can provide the bedrock for future research on the topic, by enabling various prototyping endeavours of our framework as well as studies on the possibilities for its adoption by both the organizations behind popular SNS, as well as the users.On this note, our proposal is founded on the assumption that users will be willing to be responsible for the maintenance of their data.Such a view is optimistic, since users are known to resist changes in the way they do things (Ali, Zhou, Miller, & Ieromonachou, 2016;Chen et al., 2019;Lapointe & Rivard, 2005;Sykes, Venkatesh, & Johnson, 2014;Venkatesh, Morris, Davis, & Davis, 2003).Such a limitation, however, can spark new business opportunities, for instance, on providing users with personal data storage, and redundancy solutions.Furthermore, this can lead developers to create novel, secure, reliable, and cost-effective applications.Future research should investigate the possibilities for the adoption of such a conceptual design by users, and explore their willingness to take responsibility for their data to regain their privacy.
Another limitation emerges from potential resistance against the adoption of our conceptual design by the existing SNS, which tend to profit via targeted advertising generated through the collection and analysis of personal data.Our design could be perceived as an impediment, negating direct access to personal data, and consequently, to profiting.Our conceptual design, however, primarily addresses the growing public pressure and advocacy for personal data to be protected.While the aforementioned reason might inhibit the explicit implementation of our proposed conceptual design by the existing SNS, it can give rise to new business ventures and applications through APIs for implementation from 3rd parties.As the investigation of such opportunities would go beyond the scope of our paper, we would encourage future research endeavours to explore such business models based on our proposal.
One more limitation emerges from the application of the conceptual design on SNS.The message remains the focus of SNS use, be it text, images or videos.This means that data in various formats are transferred through the Internet from a sending user to a group of defined recipients.Each one of the existing SNS uses a different structure for this purpose, and in many cases provide a different level of richness of the message, with extensive A critical task for the proposed conceptual design, thus, is the creation of maps for the various SNS message structures.While this provides interoperability to our conceptual, it poses a limitation for its implementation.There is, however, underlying flexibility which is valuable: if the initially chosen mapping proves to be unsuitable in some way, it is a simple matter for those concerned to create another mapping, and even for multiple mappings to be operational in parallel.The flexibility engendered by avoiding "locking in" the system to a single ontology that attempts to describe all formats and uses of data, allows the system to be flexible and to respond to changes in context and demand, enabling it to be continually updated and extended to support new uses.We, thus, encourage future research endeavours to further extend the proposed conceptual design with the mapping of existing SNS message structures, and evaluate their usability.
Finally, here we used a design science approach to develop a more nuanced conceptual design that addresses specific user needs; future research, however, could incorporate a canonical action research perspective (Davison, Martinsons, & Ou, 2012;Davison, Martinsons, & Kock, 2004), or an action design research perspective (Sein, Henfridsson, Purao, Rossi, & Lindgren, 2011) to empirically investigate the topic within SNS organizations, and implement designs that could overcome the specific limitations we report in this study.

Conclusions
Our work focuses on the issues and challenges related to personal data and proposes a conceptual design that makes use of the principles of Distributed Computing and SoC, which can resolve the challenges of integrity, storage, and analysis that relate to users' privacy.Our conceptual design addresses the asymmetrical distribution of power between users and online platforms by shifting from a user-platform relationship to one in which access to personal data is controlled by the user.For organizations, the benefits of our conceptual design include being liberated from the burden of maintaining and updating large centralized data stores and having access to relevant high-granularity data from the entire distributed population of user-held data, which are not decoupled from their context of origin.We demonstrate the affordances of our conceptual design by illustrating its application on SNS, where we describe an architecture that addresses issues relating to the privacy, and identity of users and opens up SNS to richer applications while referring to the limitations that it might present.Drawing on insights about the behaviours and strategies deployed by SNS users, our conceptual design can enable greater utility, flexibility, and creativity in the use of online platforms, and provide users with greater control over their data.Being a science study that leads to a novel conceptual design, our work is important and timely for IM research and practice, and it gives rise to two main directions for future research that can provide opportunities for online platforms with privacy by design (Bu et al., 2020).Firstly, there is scope for evaluating our conceptual design and comparing it to the current models used by most online platforms that exploit personal data.Secondly, there is the prospect of applying our conceptual design in areas beyond SNS such as in banking, energy use, commerce, governance, and healthcare.These avenues for future research will enable theory building in line with the IM research agenda (Kar & Dwivedi, 2020).

Declaration of Competing Interest
The authors report no declarations of interest.

Fig. 2 .
Fig. 2. Data analytics in the proposed conceptual design.

Table 2
Spread of multiple account use across SNS and standardized chi2 residuals.

Table 3
Binary Logistic Regression Analysis of Use of Multiple SNS Accounts.

Table 4
Users of Multiple Accounts (UMA) and Users of Single Accounts (USA).

Table A1
Attitudinal measures and questions from the questionnaire.

Table B3
Results of the analysis of variance.