Abstract
The present paper examines the problem of applicable data protection law in a relationship between EU users and non-EU based Social Networking Site (SNS). The analysis will be conducted on the example of Facebook, which is one of the most popular SNS. The goal of the paper is to examine whether European users of Facebook can rely on their national data protection legislations in case of a privacy infringement by the SNS. The 95/46/EC Directive on Data Protection provides several options to protect EU residents in such relation. The paper will analyze whether Facebook’s participation in the Safe Harbor Program means that it is a subject to the regulation of the Data Protection Directive. Then, the paper will discuss if data processing activities of Facebook fall under the scope of the Data Protection Directive at all.
Part of the research leading to these results has received funding from the European Community’s Seventh Framework Program (FP7/2007-2013) under grant agreement n° 216483. The information in this document is provided "as is", and no guarantee or warranty is given that the information is fit for any particular purpose. The above referenced consortium members shall have no liability for damages of any kind including without limitation direct, special, indirect, or consequential damages that may result from the use of these materials subject to any liability which is mandatory due to applicable law.
Chapter PDF
References
Directive 95/46/EC of the European Parliament and of the Council of 24.10.1995, on the protection of individuals with regard to the processing of personal data and on the free movement of such data (Data Protection Directive) (OJ L 281, 23.11.1995)
Van Alsenoy, B., Ballet, J., Kuczerawy, A., Dumortier, J.: Social networks and web 2.0: are users also bound by data protection regulations? In: Identity in the Information Society (IDIS), Special issue on Social Web and Identity (2009), doi:10.1007/s12394-009-0017-3, http://www.springerlink.com/content/u11161037506t68n/ ,
Facebook Factsheet, http://www.facebook.com/press/info.php?factsheet
Wong, R., Savirimuthu, J.: All or nothing: this is the question?: The Application of Art. 3(2) Data Protection Directive 95/46/EC to the Internet
Facebook Privacy Policy, http://www.facebook.com/policy.php?ref=pf
Safe Harbor list of companies, http://web.ita.doc.gov/safeharbor/SHList.nsf/f6cff20f4d3b8a3185256966006f7cde/1c51b941879c2e87852572d700734dc1?OpenDocument&Highlight=2,Facebook
Safe Harbor, U.S. Department of Commerce, http://www.export.gov/safeharbor/index.asp
Helpful Hints Prior to Self-Certifying to the Safe Harbor, http://www.export.gov/safeharbor/eu/eg_main_018495.asp
Safe Harbor Principles and FAQ, http://www.export.gov/safeharbor/SH_Overview.asp , http://www.export.gov/safeharbor/SH_FAQ8.asp
Safe Harbor, U.S. Department of Commerce, http://www.export.gov/safeharbor/eg_main_018236.asp
Kuner, C.: European data protection law: corporate compliance and regulation, 2nd edn., New York (2007)
De Terwangne, C., Louveaux, S.: Data Protection and Online networks. Computer Law and Security Report 13(4), 234–246 (1997)
Opinion 4/2000 on the level of protection provided by the Safe Harbor Principles, WP 32 adopted on May 16 (2000), http://ec.europa.eu/justice_home/fsj/privacy/docs/wpdocs/2000/wp32en.pdf
Veronica, P.A.M.: International aspects of personal data protection Quo vadis EU? In: Veronica, P.A.M., Pablo, P. (eds.) Challenges of privacy and data protection law, Bruxelles, pp. 383–413 (2008)
Art. 29 Data Protection Working Party, Working document on determining the international application of EU data protection law to personal data processing on the Internet by non-EU based web sites, WP 56 (adopted on May 30, 2002)
Art. 29 Data Protection Working Party, Opinion 1/2008 on data protection issues related to search engines, WP 148 (adopted on April 4, 2008)
Art. 29 Data Protection Working Party, Opinion 5/2009 on online social networking, WP 163 (adopted on June 12, 2009)
Terstegge, J.: In: Bullesbach, A., Poullet, Y., Prins, C. (eds.) Concise European IT Law, Alphen aan den Rijn (2005)
Art. 12 of the Directive 97/7/EC of the European Parliament and of the Council of 20 May 1997 on the protection of consumers in respect of distance contracts (OJ L 144) (June 4, 1997)
Schwartz, J.: Giving Web a Memory Cost Its Users Privacy, September 4. New York Times (2001)
Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (e-Privacy Directive), (OJ L 201) (July 31, 2002)
Directive 2009/136/EC of the European Parliament and of the Council of 25 November 2009 amending Directive 2002/22/EC on universal service and users’ rights relating to electronic communications networks and services, Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector and Regulation (EC) No 2006/2004 on cooperation between national authorities responsible for the enforcement of consumer protection laws (OJ L 337) (December 18, 2009)
Mann, F.A.: The Doctrine of Jurisdiction in International Law, 1964, 111 Recueil des Cours 9, 145-146. In: Kuner, C. (ed.) European data protection law: corporate compliance and regulation, 2nd edn., New York (2007)
Google’s Response to the Article 29 Working Party Opinion on Search Engines, http://blogs.taz.de/ctrl/files/2008/09/google.pdf
Report of Findings into the Complaint Filed by the Canadian Internet Policy and Public Interest Clinic (CIPPIC) against Facebook Inc. Under the Personal Information Protection and Electronic Documents Act, http://www.priv.gc.ca/cf-dc/2009/2009_008_0716_e.cfm
Facebook Announces Privacy Improvements in Response to Recommendations by Canadian Privacy Commissioner, http://www.facebook.com/press/releases.php?p=118816
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 IFIP
About this paper
Cite this paper
Kuczerawy, A. (2010). Facebook and Its EU Users – Applicability of the EU Data Protection Law to US Based SNS. In: Bezzi, M., Duquenoy, P., Fischer-Hübner, S., Hansen, M., Zhang, G. (eds) Privacy and Identity Management for Life. Privacy and Identity 2009. IFIP Advances in Information and Communication Technology, vol 320. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-14282-6_6
Download citation
DOI: https://doi.org/10.1007/978-3-642-14282-6_6
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-14281-9
Online ISBN: 978-3-642-14282-6
eBook Packages: Computer ScienceComputer Science (R0)