The article reveals the concept and features of privacy by design approach. An analysis of the legislation of the European Union, which regulates the obligation to comply with mentioned concept, namely the provisions of the General Data Protection Regulation, was carried out. Within the framework of the concept of privacy by design, the concepts and pecularities of using user-held data model are studied, which aims to change the legal regulation and technical support of information security as well as the security of personal data in social networks.
 In order to achieve the goal of the research, the need to introduce the specified model of data protection was analyzed – namely practical problems of personal data protection within the peculiarities of the market of social network service providers. The need of the interpretation of personal data as an object of property right was outlined, as well as the interpretation of the purpose of the meta data itself as personal information about a person that can be used to recognize or track a person separately or in combination with other information, which is directly stated in the OMB Act No. A-130, however, is neither interpreted similarly in the Data Protection Regulation nor in the legislation of Ukraine. The main advantages of implementing a user-held data model are presented, namely the advantages for data owners, businesses, the state, and cloud service providers for providing and maintaining the model.
 Legislation in the field of personal data protection in the EU, in particular in the field of social networks, is more complex at the supranational and national level. It is provided with a separate regulatory and organizational mechanisms, which are different from the one that exists today in Ukraine. The mechanism for the protection of personal data in the European Union provides the creation of independent public authority that is responsible for the implementation and compliance with the requirements of the General Data Protection Regulation. The article highlights the need to create a single separate body in the field of personal data protection in Ukraine, which will be able to perform the function of monitoring and ensuring compliance with the requirements of the relevant legislation, in particular, compliance with privacy by design.