Discussion Papers

No. 462: The competitive impact of single sign-on and login services and their relevance for data-based business models and data protection

Authors: Lukas Wiewiorra, Andrea Liebe, Serpil Taş

(full version only available in German)

Summary

Creating a user account is a basic requirement for many digital services in order to be able to use them to their full extent. Users therefore face the challenge of managing the login data of all the digital services they use.

Single Sign-On (SSO) services aim at reducing the number login data for different digital services and simplifying the registration process for new services. On the other hand, users can use technical measures to manage the different login data more conveniently and to store them centrally (e.g. password manager).

The analysis of the demand side shows that the majority of consumers use up to 12 online services per week, regardless of age and gender. The demand for third-party SSO solutions is very low, currently around 2%. SSO services are most frequently used by digital platform providers (social logins). In particular, users who value a simplified registration process and convenient use will benefit from these offers. Login via Facebook is used by almost 60% of social login users (about 7% of the surveyed users of online services and websites) to log in to online services or websites. As a rule, the respondents use 1.2 social login services.

However, doubts about the security of these systems are an important reason for many consumers not to access online services or websites via Facebook, Google or other (social) networks.

Service providers that implement these login procedures on their websites benefit from users logging into their services with a social login. On the other hand, the providers of SSO services also benefit from the information generated by the use of connected services and websites. In particular, advertising-financed platforms that offer social logins aim to enrich the user profiles of their customers with information that cannot be directly collected or monitored via their own platform.

However, it is not clear which data is permanently stored by the providers of social logins. While certain data has to be transferred as part of the technical provision of the functionality, this data can also be permanently stored and used by the provider after the service has been delivered. Furthermore, data that is not necessary for the provision of the SSO service could also be permanently stored. As in the case of the Like-Button (Facebook), it has to be assumed that the providers of social logins do not only benefit from the direct use of the functionality, but already implicitly from the popularity of the functionality.

Discussion Paper is available for download.

To top  |  Print