In this paper, user expectations with regard to privacy and consent when using social media are compared with the EU legal framework for personal data protection. This analysis is based on a set of criteria for informed consent distilled from an analytical bibliography. User expectations regarding these criteria are derived from survey results. For each of the criteria for informed consent it is assessed whether there exists legal provisions in the existing EU personal data protection law and in the proposed legal framework in this area. A gap analysis between user expectations regarding each criterion and the availability or absence of related legal provisions shows that many but not all aspects of consent are addressed in both the current and the proposed legislation. Furthermore, the EU personal data protection legislation only provides a very general scope regarding consent and does not contain many details on what adequate consent procedures should look like. There is, at some points, a disconnect between the abstract legal provisions and the concrete practical implementations in the architecture and privacy statements of social media. Suggestions for solving these disconnects are made by suggesting changes at a practical level, by adjusting the legal framework, or both. Finally, the limits of the current models for personal data protection and consent are discussed.
|Journal||SCRIPTed: A Journal of Law, Technology and Society|
|Publication status||Published - 2013|