European Union Data Protection Law and the Friend Finder Service in Social Networks

Abstract

This paper addresses the legal implications of the Friend Finder, an online service, which is provided by Social Networking Site (SNS). In particular, this paper aims to examine what issues an entity engaged in operating an internet website that provides the registered users from the European Union (EU) territory the Friend Finder service must adhere to in light of the provisions of the EU data protection law. An Investigation procedure opened by the local data protection authority in Hamburg, Germany, against Facebook (one of the largest Social Networking Sites in the world), claimed, inter alia, that the Friend Finder feature, allowing the site to contact individual person which are not subscribed yet to the SNS violating Germany's data protection law, raises three important legal issues concerning data protection law: Firstly, whether the SNS provider is allowed to collect personal data such as electronic mail addresses from individuals using the SNS services, and from unregistered individuals (Friend), and what are the limitations under EU data protection law for using such data for commercial purposes. Second, whether national data protection authorities of EU Member States have jurisdiction over global Internet entities located outside of the EU that are processing personal data of individuals inside the EU. Third, whether it should be considered as illegal marketing practice for the SNS provider to use the “Friend Finder” service to send email messages to the Friend, inviting him or her to join the SNS. Part I provides the legal framework of data protection law in the European Union and introduces the main legal principles for processing the personal data of individuals inside the EU. In addition, part I provides a legal analysis for questions of jurisdiction and conflict of law. Part II provides a brief overview on the General Directive, and on the provisions of the e-privacy Directive. In addition, part II provides an overview on the implementation of the General Directive and the e-Privacy Directive in the German legal system. Part III analyses the EU data protection law provisions, which are applicable to the use of the Friend Finder service. The last part of this Master's Thesis concludes that SNS providers using the Friend Finder service in a social networking sites for commercial purposes, are held fully reliable for compliance with the EU data protection law provisions.A thesis submitted to the Bucerius/WHU Master of Law and Business Program in partial fulfillment of the requirements for the award of the Master of Law and Business (“MLB”) Degree.