EU data privacy directive loophole affects social networking sites

Facebook users may not be able to use new European law to insist that everything they have posted on the social-networking site is deleted.

The loophole in the 'right to be forgotten clause' under the draft General Data Protection Regulations applies to posts that people do not intend for public consumption, such as between Facebook friends. It could, however, cause problems for the operators of social-networking sites.

This so-called ‘household' exemption would only apply "very narrowly" and make it difficult to define what posts fall within this definition, according to Kathryn Wynn, an expert in data protection at law firm, Pinsent Masons.

"In an online social-network environment the exemption, applied strictly, would apply very narrowly. It would only relate to a proportionately small number of personal exchanges between users on social networking sites.

"The high functionality of Facebook and the way users' network of activity can lead to personalisation would mean it would be hard to know when user exchanges fall within the ‘household' exemption," Wynn said.

The new rules announced by the European Commission in January this year are designed to protect people's privacy and will apply to companies based inside and outside the EU if they market and offer their services to EU citizens.

As part of the new directive, the ‘right to be forgotten' clause gives people the right to force organisations to delete personal data stored about them "without delay".

However, along with the ‘household' exemption, organisations can oppose a request to delete information providing they can show it this would affect fundamental principles of freedom of expression or it is in the public interest to retain the data.