Social networking and privacy Part II

3 April 2010

Social networking and privacy Part II

By Paul Bicknell

How will a social networking provider ('SNP') comply with the Data Protection Directive ('the Directive')?

The SNP should provide users with information detailing why they need certain information and how the SNP will process that information, we advise that this be contained in a privacy policy. A new user must agree to the privacy policy before signing up to the SNP's site.

Additionally, it is sensible for the SNP to consider the extent to which it is necessary for certain information to be obtained and processed. A typical example of 'necessary' information is the age of the user - this will allow the SNP to assess whether that user interface will have a mandatory privacy setting and any other limitation for example.

The use of the privacy policy will be a good instrument through which the SNP can obtain each user's consent. It is advisable that these policies be well drafted in terms of being simple and easy to understand. It is unlikely that all users will read a lengthy and detailed privacy policy, remember you want the user to actually read and consent to the privacy policy, so keep it simple.

It is also important for the SNP to periodically review the legal effect of the terms under the privacy policy and where amendments are required these should be completed and sent to each user for their approval and consent.

Paul Bicknell is a trainee solicitor who specialises in intellectual property law with an emphasis on commercial and consumer litigation. Paul can be contacted via paul.bicknell@lawit.co.uk <mailto:paul.bicknell@lawit.co.uk>.