EU privacy regulators eye online social networks


Tagging photos on social networking websites may soon become an ordeal for aficionados of Facebook, MySpace and the like, as EU privacy regulators recommended imposing strict rules on users uploading pictures of other individuals on their personal pages.

An opinion issued by the group of European privacy watchdogs states that users of social networks “should only upload pictures or information about other individuals with the individual’s consent”. If applied, this provision would completely alter the way such websites work today.

Currently, social networking members share pictures and tag friends’ images without requiring their prior consent. Moreover, Facebook or MySpace users tend to communicate publicly, putting their and others’ private information on shared boards or ‘walls’.

These activities would become outlawed if the recommendation of national watchdogs were transformed into legislative measures. Regulators went further and recommended that social networks should clearly inform their users about the potential privacy risks of uploading private information. In addition, “the homepage should contain a link to a complaint facility covering data protection issues for both members and non-members,” reads the opinion.

The group also advised imposing limits on retaining the data of inactive users. “Abandoned accounts must be deleted,” said the council of EU regulators, known as the Article 29 Working Party.

All the recommendations were based on the principle that social networking websites must fall under the strict EU Data Protection Directive, “even when their headquarters are outside of the European Economic Area”.

The group’s opinions are not binding, but represent an important indication of future legislative action at national and EU level. Recently the group has focused on privacy issues related to search engines, triggering a wave of actions from lawmakers and the actors involved. Under pressure, the giants of the sector, such as Google, Microsoft and Yahoo!, agreed to reduce the retention period of data they collect about their users.

The group also drew attention to the processing of personal data on the Internet for commercial purposes. They recommended obtaining the prior consent by users before collecting data aimed at personalised advertisements. The European Commission quickly backed this line, threatening strong measures to regulate online tailored and behavioural ads (EURACTIV 01/04/09).

Platforms responsible for user-generated content? The Google case in Italy

Despite not being mentioned in the recommendation, ultimately at stake is the responsibility of social networks themselves for carrying images and information which could breach rules protecting privacy and security.

Authorities are still wondering whether platforms for user-generated content, such as social networks, video-sharing websites or blog platforms, should be made responsible for potential crimes committed by users.

Google, which owns YouTube, the world’s biggest video-sharing portal, is currently facing a landmark trial in Italy, where it stands accused of having violated Italian law for having shown images of bullying against a disabled boy in 2006. Italian judges think Google is responsible for failing to filter images in breach of Italian law. Hearings have been postponed until September after a meeting held on Tuesday (23 June). 

In the meanwhile, Google has asked the EU authorities to intervene on its behalf. The American company says the trial does not respect EU rules on e-commerce concerning intermediary liability. “Is a postman responsible for the content mail he delivers?,” Google asks. 

According to sources close to the dossier, the request comes with a letter sent to the European Commission by EDiMA, the European Digital Media Association, which brings together online giants such as Google, Microsoft, Yahoo!, Apple, eBay and Amazon.

The European Commission has shown an increased interest in protecting citizens and consumers' privacy in recent months. Social networking websites have been singled out as potentially dangerous for inexpert users.

report by the EU agency for the security of information networks, ENISA, had already warned in 2007 of the privacy and security risks related to improper use of social networking websites (EURACTIV 01/11/07).

Information Society Commissioner Viviane Reding endorsed this line, pushing the major actors in the sector to adopt a code of conduct aimed at protecting young users (EURACTIV 10/02/09). In a recent statement, she confirmed her stance and threatened further action to protect privacy.

Subscribe to our newsletters