Facebook and Its EU Users – Applicability of the EU Data Protection Law to US Based SNS

  • Aleksandra Kuczerawy
Conference paper
Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT, volume 320)

Abstract

The present paper examines the problem of applicable data protection law in a relationship between EU users and non-EU based Social Networking Site (SNS). The analysis will be conducted on the example of Facebook, which is one of the most popular SNS. The goal of the paper is to examine whether European users of Facebook can rely on their national data protection legislations in case of a privacy infringement by the SNS. The 95/46/EC Directive on Data Protection provides several options to protect EU residents in such relation. The paper will analyze whether Facebook’s participation in the Safe Harbor Program means that it is a subject to the regulation of the Data Protection Directive. Then, the paper will discuss if data processing activities of Facebook fall under the scope of the Data Protection Directive at all.

Keywords

Social Networking Sites data protection applicable law cookies transfer of data to third countries 

References

  1. 1.
    Directive 95/46/EC of the European Parliament and of the Council of 24.10.1995, on the protection of individuals with regard to the processing of personal data and on the free movement of such data (Data Protection Directive) (OJ L 281, 23.11.1995)Google Scholar
  2. 2.
    Van Alsenoy, B., Ballet, J., Kuczerawy, A., Dumortier, J.: Social networks and web 2.0: are users also bound by data protection regulations? In: Identity in the Information Society (IDIS), Special issue on Social Web and Identity (2009), doi:10.1007/s12394-009-0017-3, http://www.springerlink.com/content/u11161037506t68n/,
  3. 3.
  4. 4.
    Wong, R., Savirimuthu, J.: All or nothing: this is the question?: The Application of Art. 3(2) Data Protection Directive 95/46/EC to the InternetGoogle Scholar
  5. 5.
  6. 6.
  7. 7.
    Safe Harbor, U.S. Department of Commerce, http://www.export.gov/safeharbor/index.asp
  8. 8.
    Helpful Hints Prior to Self-Certifying to the Safe Harbor, http://www.export.gov/safeharbor/eu/eg_main_018495.asp
  9. 9.
  10. 10.
    Safe Harbor, U.S. Department of Commerce, http://www.export.gov/safeharbor/eg_main_018236.asp
  11. 11.
    Kuner, C.: European data protection law: corporate compliance and regulation, 2nd edn., New York (2007)Google Scholar
  12. 12.
    De Terwangne, C., Louveaux, S.: Data Protection and Online networks. Computer Law and Security Report 13(4), 234–246 (1997)CrossRefGoogle Scholar
  13. 13.
    Opinion 4/2000 on the level of protection provided by the Safe Harbor Principles, WP 32 adopted on May 16 (2000), http://ec.europa.eu/justice_home/fsj/privacy/docs/wpdocs/2000/wp32en.pdf
  14. 14.
    Veronica, P.A.M.: International aspects of personal data protection Quo vadis EU? In: Veronica, P.A.M., Pablo, P. (eds.) Challenges of privacy and data protection law, Bruxelles, pp. 383–413 (2008)Google Scholar
  15. 15.
    Art. 29 Data Protection Working Party, Working document on determining the international application of EU data protection law to personal data processing on the Internet by non-EU based web sites, WP 56 (adopted on May 30, 2002)Google Scholar
  16. 16.
    Art. 29 Data Protection Working Party, Opinion 1/2008 on data protection issues related to search engines, WP 148 (adopted on April 4, 2008) Google Scholar
  17. 17.
    Art. 29 Data Protection Working Party, Opinion 5/2009 on online social networking, WP 163 (adopted on June 12, 2009)Google Scholar
  18. 18.
    Terstegge, J.: In: Bullesbach, A., Poullet, Y., Prins, C. (eds.) Concise European IT Law, Alphen aan den Rijn (2005)Google Scholar
  19. 19.
    Art. 12 of the Directive 97/7/EC of the European Parliament and of the Council of 20 May 1997 on the protection of consumers in respect of distance contracts (OJ L 144) (June 4, 1997) Google Scholar
  20. 20.
    Schwartz, J.: Giving Web a Memory Cost Its Users Privacy, September 4. New York Times (2001)Google Scholar
  21. 21.
    Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (e-Privacy Directive), (OJ L 201) (July 31, 2002) Google Scholar
  22. 22.
    Directive 2009/136/EC of the European Parliament and of the Council of 25 November 2009 amending Directive 2002/22/EC on universal service and users’ rights relating to electronic communications networks and services, Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector and Regulation (EC) No 2006/2004 on cooperation between national authorities responsible for the enforcement of consumer protection laws (OJ L 337) (December 18, 2009) Google Scholar
  23. 23.
    Mann, F.A.: The Doctrine of Jurisdiction in International Law, 1964, 111 Recueil des Cours 9, 145-146. In: Kuner, C. (ed.) European data protection law: corporate compliance and regulation, 2nd edn., New York (2007)Google Scholar
  24. 24.
    Google’s Response to the Article 29 Working Party Opinion on Search Engines, http://blogs.taz.de/ctrl/files/2008/09/google.pdf
  25. 25.
    Report of Findings into the Complaint Filed by the Canadian Internet Policy and Public Interest Clinic (CIPPIC) against Facebook Inc. Under the Personal Information Protection and Electronic Documents Act, http://www.priv.gc.ca/cf-dc/2009/2009_008_0716_e.cfm
  26. 26.
    Facebook Announces Privacy Improvements in Response to Recommendations by Canadian Privacy Commissioner, http://www.facebook.com/press/releases.php?p=118816

Copyright information

© IFIP 2010

Authors and Affiliations

  • Aleksandra Kuczerawy
    • 1
  1. 1.Interdisciplinary Centre for Law & ICT (ICRI)K.U.LeuvenLeuvenBelgium

Personalised recommendations