Little Brother Is Tagging You – Legal and Policy Implications of Amateur Data Controllers

Abstract

Much of the privacy problems on Social Network Sites (SNSs) are user-made. Yet, so far only few commentators have volunteered to discuss the legal consequences of all that privacy infringing behaviour. To what extent does the law place legal obligations on SNS users to respect data protection principles? Do amateur users qualify as ‘data controllers’ and can they as such be held fully liable for compliance with data protection law? Based on an analysis of the provisions of the European Data Protection Directive, the article will demonstrate that existing data protection law burdens amateur users with provisions that exceed the personal, technical and financial capacities of most SNS users, that do not fit the SNS context or that users are simply not able to comply with without assistance from the SNS provider. While it is unacceptable to burden amateurs with a number of obligations that exceed their capacities, it is also not feasible to place all the burdens on SNS providers, since many of the privacy problems of SNSs are in fact user-made. All this points to a concept of joint-responsibility of SNS users and providers. The article concludes with a number of concrete suggestions on how such a concept of joint responsibility could be given form.