EU to enforce a right to be forgotten on social networks

March 17, 2011 |

The EU is to force Facebook and other social networks to set high standards on default settings and give control over data back to the user.

EU justice commissioner Viviane Reding stated:

“I want to explicitly clarify that people shall have the right – and not only the possibility – to withdraw their consent to data processing,” Reding said. “The burden of proof should be on data controllers – those who process your personal data. They must prove that they need to keep the data, rather than individuals having to prove that collecting their data is not necessary.”

In the Guardian article Reding’s spokesman, Matthew Newman is quotated as saying:

“A year ago she issued Facebook a warning because the privacy settings changed for the worse and now she’s legislating to put flesh on those bones.”

Facebook profiles have been accessible by default since January last year. Users have to opt in to ensure that their photographs and other information can be viewed only by friends.

Newman said companies “can’t think they’re exempt just because they have their servers in California or do their data processing in Bangalore. If they’re targeting EU citizens, they will have to comply with the rules.”

Privacy settings are often so complex that a typical user does not know how to use them, Reding’s staff say. The new legislation will ensure privacy is inbuilt and not tacked on later as an added extra. The rules will also outlaw the surreptitious gathering of data without the user explicitly giving permission.

Newman said that the laws would make the EU the first jurisdiction to deliver a “right to be forgotten”.

“Maybe you’ve been at a party, up until four in the morning and you or someone you know posts photos of you,” he said. “Well, it’s a harmless bit of fun, but being unable to erase this can threaten your job or access to future employment.”

The rules would give consumers a specific right to withdraw their consent to sharing their data. “And after you have withdrawn your consent, there shouldn’t even be a ghost of your data left in some server somewhere. It’s your data and it should be gone for good,” he said.

Leave a Reply