GDPR and Social Networks

GDPR and Social Networks

The American company Meta was fined 390 million EUR (over 9.3 billion CZK) for violating GDPR rules on its social networks Facebook and Instagram.

What is GDPR actually about? And what are the rules when it comes to social networks specifically?

What does GDPR mean?

We have been encountering the abbreviation GDPR for several years now. But what lies behind these mysterious four letters? This English acronym literally stands for "General Data Protection Regulation" or the General Data Protection Regulation.

It is a legally binding regulation of the European Union that came into practice on May 25, 2018. Its aim is to increase the protection of personal data of all European Union citizens.

It legally binds all organizations and companies operating in the EU that process or store the personal data of residents of individual member states.

GDPR and social networks

In the example of the American giant Meta mentioned above, it can be seen that, especially in the field of social networks, there is sometimes inconsistent compliance with the rules related to GDPR. The protection of personal data on social networks includes the following two main areas.

Targeted advertising

The core of the aforementioned dispute has become the so-called targeted advertising, with which users of social networks regularly encounter.

While representatives of Facebook and Instagram defend themselves by claiming that users consented to the processing of so-called behavioral data when approving the general terms and conditions, the European Data Protection Board (EDPB) decided that such a procedure is insufficient and users must be informed more specifically about targeted advertising.

Among other things, GDPR on social networks also includes clear consent from users to targeted advertising.

Minimum age for creating a profile

The second frequently discussed area related to GDPR protection on social networks is the required minimum age for creating a profile.

The General Data Protection Regulation GDPR already mentioned sets the minimum age for creating a profile at 13 years old.

Other platforms, including Google, require parental or legal guardian consent for children under 16 years old to create a profile or email. However, there is no age restriction for the largest domestic email provider, Seznam.cz.

Spokeswoman Aneta Kapuciánová said in May 2018 for Czech Radio Radiožurnál: "Our email service is not primarily targeted at children, and therefore there is no obligation or need to verify the age of users."

Sharing is complicated

Did you know that you can easily share photos from your vacation on social networks?

However, when it comes to sharing photos from an official company party, you should have the consent of the company management that taking photos at the event is allowed and that all participants are informed about it.