Opinion 05/2009 on Social Networking,01189/09/EN, WP 163
Opinion’s Executive Summary
“This Opinion focuses on how the operation of social networking sites can meet the requirements of EU data protection legislation. It principally is intended to provide guidance to SNS providers on the measures that need to be in place to ensure compliance with EU law.
The Opinion notes that SNS providers and, in many cases, third party application providers, are data controllers with corresponding responsibilities towards SNS users. The Opinion outlines how many users operate within a purely personal sphere, contacting people as part of the management of their personal, family or household affairs. In such cases, the Opinion deems that the ‘household exemption’ applies and the regulations governing data controllers do not apply. The Opinion also specifies circumstances whereby the activities of a user of an SNS are not covered by the ‘household exemption’. The dissemination and use of information available on SNS for other secondary, unintended purposes is of key concern to the Article 29 Working Party. Robust security and privacy-friendly default settings are advocated throughout the Opinion as the ideal starting point with regard to all services on offer. Access to profile information emerges as a key area of concern. Topics such as the processing of sensitive data and images, advertising and direct marketing on SNS and data retention issues are also addressed.
Key recommendations focus on the obligations of SNS providers to conform with the Data Protection Directive and to uphold and strengthen the rights of users. Of paramount importance, SNS providers should inform users of their identity from the outset and outline all the different purposes for which they process personal data. Particular care should be taken by SNS providers with regard to the processing of the personal data of minors. The Opinion recommends that users should only upload pictures or information about other individuals, with the individual’s consent and considers that SNS also have a duty to advise users regarding the privacy rights of others.”
Website of the Article 29 Data Protection Working Party: http://ec.europa…
The full opinion is available at http://ec.europa...