• Embed Doc
  • Copy Link
  • Readcast
  • Collections
  • CommentGo Back
Download
 
 ARTICLE 29 DATA PROTECTION WORKING PARTY 
This Working Party was set up under Article 29 of Directive 95/46/EC. It is an independent European advisory body on dataprotection and privacy. Its tasks are described in Article 30 of Directive 95/46/EC and Article 15 of Directive 2002/58/EC.The secretariat is provided by Directorate D (Fundamental Rights and Citizenship) of the European Commission, DirectorateGeneral Justice, Freedom and Security, B-1049 Brussels, Belgium, Office No LX-46 01/02.Website:http://ec.europa.eu/justice_home/fsj/privacy/index_en.htm
 
01189/09/ENWP 163Opinion 5/2009 on online social networkingAdopted on 12 June 2009
 
-
2
-
Table of contents
Executive Summary...............................................................................................................31. Introduction................................................................................................................42. Definition of a "social network service (SNS)" and business model.........................43. Application of the Data Protection Directive.............................................................53.1 Who is the data controller?.....................................................................................53.2 Security and default privacy settings.....................................................................73.3 Information to be provided by SNS.......................................................................73.4 Sensitive Data.........................................................................................................8 3.5 Processing data of non-members............................................................................83.6 Third party access...................................................................................................8 3.7 Legal grounds for direct marketing........................................................................93.8 Retention of data..................................................................................................103.9 Rights of the users................................................................................................114. Children and minors.................................................................................................11 5. Summary of obligations/rights.................................................................................12
 
-
3
-
Executive Summary
This Opinion focuses on how the operation of social networking sites can meet therequirements of EU data protection legislation. It principally is intended to provide guidanceto SNS providers on the measures that need to be in place to ensure compliance with EU law.The Opinion notes that SNS providers and, in many cases, third party application providers,are data controllers with corresponding responsibilities towards SNS users. The Opinionoutlines how many users operate within a purely personal sphere, contacting people as part of the management of their personal, family or household affairs. In such cases, the Opiniondeems that the ‘household exemption’ applies and the regulations governing data controllersdo not apply. The Opinion also specifies circumstances whereby the activities of a user of anSNS are not covered by the ‘household exemption’. The dissemination and use of informationavailable on SNS for other secondary, unintended purposes is of key concern to the Article 29Working Party. Robust security and privacy-friendly default settings are advocatedthroughout the Opinion as the ideal starting point with regard to all services on offer. Accessto profile information emerges as a key area of concern. Topics such as the processing of sensitive data and images, advertising and direct marketing on SNS and data retention issuesare also addressed.Key recommendations focus on the obligations of SNS providers to conform with the DataProtection Directive and to uphold and strengthen the rights of users. Of paramountimportance, SNS providers should inform users of their identity from the outset and outlineall the different purposes for which they process personal data. Particular care should be takenby SNS providers with regard to the processing of the personal data of minors. The Opinionrecommends that users should only upload pictures or information about other individuals,with the individual’s consent and considers that SNS also have a duty to advise usersregarding the privacy rights of others.
of 00

Leave a Comment

You must be to leave a comment.
Submit
Characters: ...
You must be to leave a comment.
Submit
Characters: ...