Data Protection in Social Networks

Posted on December 12, 2011 by Christina Hultsch

 In a statement published on December 8, 2011, the Association of German Data Protection Agencies known as the “Duesseldorfer Kreis,” (“DK”) issued an opinion summarizing the minimum compliance criteria for operators of social networks in Germany:

  • Transparent privacy policy and informed consent are essential for protecting the right to data privacy
  • Opt-out solutions are insufficient, all privacy settings must be on the basis of opt-in selections
  • Users must have simple access to their stored personal data
  • Facial recognition features require express, confirmed consent
  • No tracking profiles without the informed consent of the user
  • Obligation to delete data after the termination of the membership
  • Social plug-ins on the websites of German operators are not compliant with data protection laws unless they are covered by informed consent and provide the opportunity for the user to prevent the data transfer
  • Social networks must protect user data through implementation of suitable privacy controls; operators must be able to demonstrate that such measures were taken
  • Minors require particular protection and information regarding the processing of personal data must be easily comprehensible to them
  • Social networks located outside the EEA must nominate an agent in Germany who serves as the contact person for the DPAs

The opinion, however, is not limited to this rather generic list of minimum requirements. Instead, it takes the opportunity to address two of the most pressing issues which have dominated the discussion of social networks and their commitment to data privacy over the past several months.

Continue Reading...
Tags: , , , ,
  • Email This
  • Print
  • Share Link