Feeds

German privacy watchdogs agree social networking ground rules

Keep users informed about data use

The essential guide to IT transformation

Social networking sites are not permitted to store information about people's use of the sites beyond the duration of a particular session, according to a panel of Germany's data protection officials.

Companies behind social networks such as MySpace and Facebook must also tell users what happens to any data that is collected and tell them how they can influence the use of that data.

The principles were laid down by the German Düsseldorfer Kreis (GDK), a panel of all the German data protection authorities. They laid down eight principles of operation for social networking sites to keep them in line with data protection law, according to the Data Protection Review operated by the data protection agency of Madrid.

The principles covered what data can be collected under which circumstances, and what it can then be used for.

One principle said that the sites could only store personal information that was not a part of the user's actual social networking profile beyond the end of a session if it needed it for billing purposes. Since most social networks are free that is unlikely to be a common situation.

The principles also said that any information that is gathered can only be used for marketing if the user has provided consent for that to happen.

The rules also made it clear to social network operators that they could not use laws derived from the Data Retention Directive to justify keeping information. The GDK said that there is no legal foundation for storing data unless there is a specific law that says so.

The application of the Directive to online services has previously been the subject of debate between privacy regulators and Google. The search giant had claimed that it had to keep logs of search queries because it was required to by the Directive.

The Directive tells countries to pass laws ordering telecoms companies to keep records of user activity for between six and 24 months in case the information is useful in criminal prosecutions.

Privacy regulators said that the Directive only applied to telecoms service providers and not to companies which provide content online.

Google conceded in September of this year that its keeping of data was not mandated by the Directive, as it had previously argued.

The GDK's principles also include instructions to social networking operators to adequately protect private information with technical security measures and to set the standard privacy settings so that they protect users' privacy as efficiently as possible.

The GDK also said that social networking companies must let users delete their profile.

The GDK is an informal grouping of the regulators who monitor data protection in the private sector in Germany.

Copyright © 2008, OUT-LAW.com

OUT-LAW.COM is part of international law firm Pinsent Masons.

5 things you didn’t know about cloud backup

More from The Register

next story
Hello, police, El Reg here. Are we a bunch of terrorists now?
Do Brits risk arrest for watching beheading video nasty? We asked the fuzz
Snowden on NSA's MonsterMind TERROR: It may trigger cyberwar
Plus: Syria's internet going down? That was a US cock-up
UK government accused of hiding TRUTH about Universal Credit fiasco
'Reset rating keeps secrets on one-dole-to-rule-them-all plan', say MPs
Caught red-handed: UK cops, PCSOs, specials behaving badly… on social media
No Mr Fuzz, don't ask a crime victim to be your pal on Facebook
e-Borders fiasco: Brits stung for £224m after US IT giant sues UK govt
Defeat to Raytheon branded 'catastrophic result'
Yes, but what are your plans if a DRAGON attacks?
Local UK gov outs most ridiculous FoI requests...
Felony charges? Harsh! Alleged Anon hackers plead guilty to misdemeanours
US judge questions harsh sentence sought by prosecutors
This'll end well: US govt says car-to-car jibber-jabber will SAVE lives
Department of Transportation starts cogs turning for another wireless comms standard
UK fuzz want PINCODES on ALL mobile phones
Met Police calls for mandatory passwords on all new mobes
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
7 Elements of Radically Simple OS Migration
Avoid the typical headaches of OS migration during your next project by learning about 7 elements of radically simple OS migration.
BYOD's dark side: Data protection
An endpoint data protection solution that adds value to the user and the organization so it can protect itself from data loss as well as leverage corporate data.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?