At the 32nd International Conference on Data Protection and Privacy Commissioners held in Jerusalem in October 2010, the Israeli Privacy Commissioners estimated that 1.2 zettabytes (1.2 billion terabytes) of information would be shared over social networks during that year – an equivalent to approximately 125 million years of broadcasting on a daily basis.

Thinking about such an enormous amount of information shared over social networks, one might assume that users of social networks are not concerned about their privacy. However, research reports do not confirm this.

In fact, the 2010 report on Reputation Management and Social Media by Pew Research Center revealed that the younger adults aged between 18 and 29 are more likely to limit the amount of personal data they post online by taking steps to customise privacy settings. But how can one explain the discrepancy between privacy concerns and the need to post online?

The likelihood for the discrepancy between privacy and SNS is due to the fact that people do not perceive SNS as a public space – they think it is their own private space. SNS blur the boundaries of what is private and what is public. But the problems faced by people that are not in control of their personal data are real.

It is not unheard of that employers deny jobs and promotions or fire employees on the basis of information gathered from such sites. SNS threaten on an almost existential level the ability of persons to control the face that they intend to present to the world. Moreover, recent cases from around Europe confirm that there is not a reasonable expectation of privacy when posting over SNS.

In a recent court case, Author of a Blog v. Times Newspaper Limited (4th June 2009), the High Court of England and Wales refused the request of a blogger to issue an injunction against the newspaper to stop it from publishing his identity on grounds that blogging is essentially a public activity. The decision was taken, notwithstanding that the blogger (a police officer commenting on his job) posted anonymously and that the identity discovered by the journalist of the newspaper relied on linking the information posted in the blog with other information which was publicly available.

In France, two cases decided by the Court of Appeal in Reims (9th June 2010) and the Labour Court of Boulogne Billancourt (19th November 2010) established that comments posted by employees on Facebook were not made in a private space. As a result, one employee was dismissed on grounds of gross misconduct and another escaped being sanctioned for lack of reference to a specific name.

The interconnectivity created by SNS is unprecedented so much so that European regulators have expressed concern over the lacuna in data protection legislation based on the 1995 European Union Directive on the Protection of Individuals with regard to the Processing of Personal Data and the Free Movement of such Data. In response, the European Union commission kick-started the process for revision of the Directive and the right to be forgotten and is expected to be included as part of the amendments to the Directive. SNS providers will therefore be expected to provide technical solutions to allow the erasure of data after a period of time determined by the user – an important step towards re-instating users with control over personal data shared on SNS.