Social networking sites might be regulated in EU

By EDRi · June 4, 2008

(Dieser Artikel ist auch in deutscher Sprache verfügbar)

On 27 May 2008, the European Network and Information Security Agency (ENISA)
called for new legislation that would regulate social networking sites.
ENISA, which was created in 2004 to oversee online security measures in the
27 EU countries, issued a preliminary report of its General Report in which
it pointed out that social networking sites such as Facebook and MySpace
need more regulation to protect their users against
security risks. “Social networking sites are very useful social tools but we
must make recommendations for how to better protect people from the risks
these sites create,” said Andreas Pirotti, executive director of ENISA and
author of the report. He suggested the EU legislation should be expanded in
order to “cover the taking of photos of people and posting them on the

In Pirotti’s opinion, network security is under a permanent threat from
spammers or criminals. “Internet security is extremely important,
considering how much business takes place online now. We don’t want
infrastructures to be disrupted, we don’t want a digital 9/11 to happen,” he
said. He also considers crucial to “raise awareness about how social
networking sites work. Few people realize that they can be offered up as
friends to people they don’t know. Also, many people don’t realize that it’s
almost impossible to erase material once it has appeared on the internet”.

Some of the threats related to social networking identified by ENISA are
related to face recognition, digital dossiers, reputation damage, social
engineering attacks on enterprises, phishing attacks, ID theft and others.
The report of the organisation includes 19 recommendations to social
networks on ways to improve their security practices.

Among other things, ENISA calls for a regulatory review of social networking
frameworks, an increased transparency of data handling practices, more
education for users on security, and the discouragement or even banning of
social networking in schools.

A study conducted by enterprise IT management company CA and the National
Cyber Security Alliance in 2006 found out that the majority of users of
social networking sites were not very aware of the security issues involved.
83 percent of them admitted having downloaded unknown files from unknown
users and 74 percent said that they were easily providing the personal data
online. Also, a Symantec report issued in 2007 showed that social
networking sites offer easy pickings for phishers. The security practices of
the respective sites make it easier to invade and to spread attacks to more

Top EU security agency calls for policing of social network (27.05.2008)

EU may regulate social networking sites over security issues (27.08.2008)

ENISA General Report 2007 – adopted, non designed version