The influential Article 29 Working Party, an independent European advisory body on data protection and privacy to the EC, has argued that social networks like Facebook, Twitter and MySpace need more regulation to ensure that personal data of their respective users is not put at risk. Even though the majority of sites that the report mentions are based in the United States, the group states their large presence in Europe means that they should be subject to European Union privacy and data protection legislation.
This isn’t exactly news, since the FT wrote about the report last week when it was still unpublished. It is now, and I’ve embedded it below.
In it, the advisory group mainly addresses issues with the fact that social networking services as well as third-party developers have access to personal data of users, including minors. It basically deems SNS providers to be ‘data controllers’ (rather than merely ‘data processors’), bringing along corresponding responsibilities and legal obligations with regards to these users. Topics like the processing of sensitive data and images, advertising and direct marketing on social networks and data retention issues are also addressed.
Essentially, the group says users of social networking sites have no legal obligations as data controllers as long as the use is purely personal (the so-called ‘household exemption’), but that they carry the same responsibility as the operators of the social networks in case they act on behalf of a company, association or in pursuit of commercial, political or charitable goals. Also worth noting: the opinion states sites like Facebook, MySpace and Twitter should clearly inform users of their identity, and provide comprehensive information about the purposes and different ways in which they intend to process personal data. They should also offer privacy-friendly settings by default and provide easy and visible access to a complaints process on their home page.
We’re awaiting comment from Facebook, MySpace and Twitter representatives and will update accordingly.
Update: Hemanshu Nigam, Chief Security Officer of News Corporation and MySpace, sends us this statement:
“MySpace considers the privacy of its users a top priority. As an industry leader in safety, security and privacy, we proactively worked with the European Union and the Article 29 Working Party to provide input into their recommendations based on the privacy best practices that we already deploy for our users. We look forward to continuing to engage in an open dialogue with the European Union on these issues.”
Update 2: statement from Facebook:
Facebook has been engaged in discussions with European data protection officials for nearly four years now, showing how Facebook’s industry-leading privacy practices meet concerns such as those expressed in the Article 29 working party opinion. We are continuing our dialog with these officials as we innovate to provide useful and engaging services to people across the globe.
As an aside, the Article 29 Working Party is the same group that recently called for Google to set a time limit for how long it retains pictures of people in its Street View application. In the past, they’ve also called for Google to reduce the time it retains users’ cookies – Google ultimately volunteered to anonymize information held after 18 months following earlier EC concerns.
ARTICLE 29 DATA PROTECTION WORKING PARTY – Opinion 5/2009 on online social networking
If this is regulated in Europe, then most of the social networking sites may face a setback as the European market is getting used to sites like Facebook faster. Those companies should prepare for themselves for the condition what if this is going to happen.
Looks like good news for services like Yauba and Tor.
If the users don’t want there data on these networks perhaps they shouldn’t use them them? You can set your profile to private on many of these sites. And only some require that you give away your name (facebook).
Dumb comment. If personal data retention is regulated (it is) then why are social networks different? This is obviously a serious subject for debate.
Somebody needs to step up and start the regulation process and whether its appropriate or not at this time I applaud the efforts!
I aactuaally want my data to be available to all, via google, etc… and free access to my profile by everybody, FB user or not; but I believe that my data, emails, etc… constitute my own wealth therefore belong to me and nobody has the right, EULA notwithstanding, to modify, destroy or suppress access to them, moreover all social network systems should provide for the download of thir users’ entire e-mail and page archives as a matter of course, even more so when for whatever reason terminating their accounts.
Faacebook haas hassled me maany times, threatening me with account closure when I contacted people who are aalready my friends in real life, accusing me of spamming for posting links on other people walls, and who knows anymore what else, leaving me with the anxiety of seeing destryed a social network I have invested thousands of hours into building, a process which made them money.
If a social network makes money, and this is the implicit reason why you get to use it for free, in reality you are working for its profits unpaid, and there is of course a convenience for you to let it carry your messages, I believe that aa balanced relationship is more in order, whereby a given share of advertising income is credited to the user who by way of the network use is creating, by providing said user with an aaccessible electronic currency account accessible through any bank.
More details available on request; I understand that FB forbids the use of its network to intelligent agents, programs that, like outlook but more efficiently could be UIs to all the social networks one subscribes to, while storing locaally the messages and othertraffic handled by them.
It can be concerning when one cannot rely on a mainstream social network such as facebook, twitter, or MySpace to clarify the security of profile information.
Sanford did not pay a dime on any judgments, stashed no less then 50% of his dough overseas and TRUST ME, this guys gonna run. He will buy a new identity in another continent and be laughing his ass off soon. It has to happen. His new suit has jail written all over it.
If the lawyers did not at least file a risk of flight application, they’re idiots or paid off. LOL.
Robin, I enjoyed the photo of the EU building in Brussels more than the privacy discussion. Where are those cypherpunks when you need them to spice things up?