June 24, 2009
Europe Issues New Privacy Rules for Social Networks
The European Union has issued guidelines for how social social networks protect the privacy of their members. European data collection is governed under the Article 29 Data Working Party. European privacy rules tend to be stricter than those in the United States. Google, Microsoft, and Yahoo, among others, had to adjust the retention period for their user search data as a consequence of the policy. At one point it became a race between the three search giants to see who could process and anonymize data the quickest within the least amount of time. The selling point is not just to comply with regulations but to promote strong privacy practices to their customers. Yahoo turned out to be the winner with a three month retention period, though that did not translate into an uptick in their search market share.
Social network information is different from search log data. Searches may or may not have names associated with them. They may ultimately be linked with an individual user as the AOL data breach from a few years back showed. Social networks encourage those with IDs and passwords to open up about themselves as a way of sharing and making friends, which is obviously the basis of the business. But it is still a business where all kinds of information can be gleaned about individuals with the express purpose of marketing to them. Facebook and the others have to pay the bills somehow, and that's the method. The problem is not one simply addressed in Europe by these guidelines. Facebook tried to institute an advertising program that monitored member shopping habits whether or not the member was logged into Facebook. Purchase information was sent to friends in some circumstances. That met with fierce resistance by the user base and Facebook rescinded the program. Then there was the change of service terms, later reversed, that seemed to imply that member data belonged to Facebook, even after an account was deleted. Others noted that various social networks kept pictures and other user information even after it was deleted by the member who posted it. Data is the lifeblood of these networks. It's the most important thing a person could provide to a social network in return for the services they provide.
The summary highlights of the European Union guidelines quoted from the report are:
Obligations of SNS
- SNS should inform users of their identity, and provide comprehensive and clear information about the purposes and different ways in which they intend to process personal data.
- SNS should offer privacy-friendly default settings.
- SNS should provide information and adequate warning to users about privacy risks when they upload data onto the SNS.
- Users should be advised by SNS that pictures or information about other individuals, should only be uploaded with the individual’s consent.
- At a minimum, the homepage of SNS should contain a link to a complaint facility, covering data protection issues, for both members and non-members.
- Marketing activity must comply with the rules laid down in the Data Protection and ePrivacy Directives.
- SNS must set maximum periods to retain data on inactive users. Abandoned accounts must be deleted.
- With regard to minors, SNS should take appropriate action to limit the risks.
The guidelines will apply to any social network available in Europe irrespective of where that network is headquartered. More on this from Mashable, the Social Media Guide, and the Wall Street Journal. [MG]
TrackBack URL for this entry:
Listed below are links to weblogs that reference Europe Issues New Privacy Rules for Social Networks:
Just like others, social networks must be regulated.
Posted by: Legal Aid | Jun 24, 2009 11:16:00 PM