ES Bendrasis duomenų apsaugos reglamentas ir socialiniai tinklai ; The eu general data protection regulation and social networks

Abstract

Nowadays, due to globalization and the emergence of new technologies, new challenges are emerging for the protection of personal data. The scale of the collection and exchange of personal data has increased significantly, because natural persons increasingly make personal information available on the internet. Due to the huge number of users, social networks are becoming one of the largest personal data controllers who collect, store, process or otherwise use personal data of users. Therefore, social network users have a legitimate expectation that their personal data will be processed with a high level of protection of personal data. In order to adapt to ongoing changes, it has led to the need for EU data protection reform, on 25th of May 2018 the General Data Protection Regulation became applicable. Given the requirements of General Data Protection Regulation, it is important to investigate wheter personal data protection in social networks is sufficient. Therefore, this work aims to examine how the General Data Protection Regulation applies to social networks. The first part introduces the legal regulation of social networks, analyzes the concept of social networks and reveals the data protection sources that regulate social networks. The second part is dedicated to reveal the application of the General Data Protection Regulation to social networks. Therefore, the analysis of personal data collection issues, the position of the controller in social networks and clarifies when non-EU companies are covered by the General Data Protection Regulation. In addition, it is discussed on which cases General Data Protection Regulation does not apply. The third section explores how social networks implement the requirements of the General Data Protection Regulation by analyzing the most popular social network privacy policies regarding lawful processing, implementation of data protection principles, the right to be forgotten, and the obligation to appoint a data protection officer.