|
|
|
Sites such as Facebook and Myspace must ensure users' data is kept safe
Social networking sites (SNS) are legally responsible for their users' privacy, even if their headquarters are based outside the EU, Europe's privacy watchdogs have said.
The article 29 working party, a committee of data protection regulators, has said sites such as Facebook and MySpace are 'data controllers'. They said just because content is produced and posted by users, this does not allow these sites to escape their legal obligations.
But individual users need to be aware they also have a duty of care. There are no obligations on them when posting purely personal information, but those who do so on behalf of a club, society or company are also considered data controllers.
“They provide the means for the processing of user data and provide all the 'basic' services related to user management (e.g. registration and deletion of accounts). SNS providers also determine the use that may be made of user data for advertising and marketing purposes – including advertising provided by third parties,” said the committee.
Under European data protection legislation a data controller has greater legal responsibilities than a data processor. A data controller is a person who determines the purposes for which, and the manner in which, personal information is to be processed.
This may be an individual or an organisation and the processing – including using, storing and deleting data - may be carried out jointly or in common with other persons.
However, data processors do have some responsibilities. A data processor is an organisation or person processing personal data on behalf of another. Processing includes reading, amending, storing and deleting.
They must be clear about their identity, offer privacy-friendly default settings to any service they offer. They must also provide users with privacy warnings and should give warnings to users about the potential privacy implications of their actions.
According to privacy law expert William Malcolm the committee’s opinion offers clarity for companies and users, but should not contain surprises for followers of data protection law.
"This finally puts to bed the argument that social networking sites might not be data controllers and therefore might not be subject to the Data Protection Directive and its local implementing legislation,” he said.
Article tags
Related articles
No-one wants to think about it, but you should consider what will happen to your digital data after you die. We look at how to make sure it all goes to your heirs
Internet service providers' claims that the law needs clarification and clauses are unfair were dismissed at the High Court; but BT and Talktalk consider fighting on
Privacy International expert takes bite out of proposals to use browser settings to ensure websites get explicit consent from users before installing cookies
Q.How do I store musician and other information about...
Q.Why can't my browser find the website address I typed...
Q.All updates have been downloaded, so why won't Windows...
Be a money saving expert
Return of the Mac computer
The benefits of owning a smartphone
Choose Gold, Silver or Bronze membership
Save up to 40% on the cover price of each issue
Get access to the subscriber club exclusive website
Our price won't be beaten by any shop or website
Grahics Interchange Format. A type of image file often used on the web, but now largely superseded by...
|
|
|
|
|
Nikon Coolpix S570 BlackPrice: £66.99 |
Computeractive Ultimate Guide - Storage, Sharing & BackupPrice: £5.99 |
Back Issue CD-Rom 13 (2010)Price: £9.99 |
Hallmark Card Studio DeluxePrice: £15.31 |
Marine AquariumPrice: £15.41 |
Excellent article
Well done for digesting the EU report
Posted by Jennifer Perry - E-Victims, 24 Jun 2009