Posted Tuesday 23rd June 2009 11:26 GMT
If I have to provide my date of birth (or other personal info) to a web site then I expect them to keep that personal data confidential. If I then use their service to advertise to the whole world 'Hey, I was born on...' then that is MY responsibility, not theirs.
Posted Tuesday 23rd June 2009 12:07 GMT
What does this mean for us humble non-lawyery people? Does it mean the next time I go to a site unrelated to facebook and see an advert on that site which has my facebook details as part of their adverts, its unfair processing (I didn't give permission for my facebook details to be used as part of an advert on a 3rd party site.... I think).
What change would this mandate for SN sites? Does wikipedia count as a social networking site? Do forums count as a social networking site? Is using my facebook details as an advert against the DPA?
I'm always interested in these legal articles on The Reg, they are very well written and presented, I just wish I understood the implications.
Posted Wednesday 24th June 2009 07:26 GMT
Do Facebook and MySpace have enough of a physical presence in Europe for the EU to make this stick. It is one thing to declare that: "...social networking companies count as data controllers under EU law 'even when their headquarters are outside of the [European Economic Area]'", but if there isn't a (non-headquarters) physical operation within the EU, I am not sure whether there is any reason for Facebook and MySpace to pay attention to what the Article 29 Working Party says. There are some on this site who are quick to admonish Americans that US law is sovereign only within the United States. This is an opportunity for me to point out that this particular street runs 2 ways, with EU mandates only being enforceable within the EU.
Posted Wednesday 24th June 2009 07:36 GMT
Are the covered? Are the various Yahoo! Groups covered by this?
Posted Wednesday 24th June 2009 09:16 GMT
... it's all about where EU data is held.
You are an EU citizen, and your name, email address, date of birth is held on a server. I believe it's actually illegal for a company to store your details on a server outside of the EU without express permission.
Ah yes - the storer of the information must obtain express permission from the resident country of each of their users - England, Scotland, Wales, France, Spain, Holland, Brussels, Poland, etc, etc, etc... not sure how many countries there are at the moment, and I wouldn't predict a reply within seven days.
I've heard of requests taking months.
Posted Wednesday 24th June 2009 23:19 GMT
I think you are missing my point, if Facebook and MySpace have all of their servers and offices outside the EU, they can tell the Article 29 Working Party "ODFO" and the EU can do ... What?... about it. It is not illegal in the US, so far as I know (IANAL), to store customer details on a server here regardless of where the customers come from- no permission needed, so if all the offices and servers are in the US that is all that matters. That is the two way street I was talking about, if it is unreasonable for Americans to expect, say, 1st Amendment rights to speech to apply outside the US, it is similarly naive for Europeans to expect EU data laws to apply extraterritorially.
Sign up, sign up for The Register's weekly IT security newsletter - click here
Back to the article
