edri.org informs that on 4 April 2012, the Council of Europe adopted two recommendations made by the Committee of Ministers related to the protection of human rights, particularly the freedom of expression, freedom of association, access to information and the right to private life in relation to search engines and online social networks.
You can find the full text of the Recommendations here:
In its recommendations, CoE calls on Member States to engage with search engines in order to provide more transparency regarding the way access to information is provided, especially the criteria used to select, rank or remove search results.
CoE also asks for the respect for users’ rights in relation to personal data processing (particularly regarding cookies, IP addresses and individual search histories). It urges states to encourage “search engine providers to clearly differentiate between search results and any form of commercial communication, advertisement or sponsored output, including ‘own content’ offers.”
The actions recommended include the minimization of the collection of personal data by search engine providers. “No user’s IP address should be stored when it is not necessary for the pursuit of a legitimate purpose and when the same results can be achieved by sampling or surveying, or by anonymising personal data. Innovative approaches promoting anonymous searches should also be encouraged.”
There are also provisions which resemble the new rights of the data subject introduced by the Data Protection Regulation proposal of the European Commission, the right to be forgotten and the right to data portability:
“( Member States should co-operate with the private sector and civil society with a view to upholding users’ right to freedom of expression, in particular by committing themselves, along with social networking providers, to carry out the following actions) − enable users to control their information. This implies that users must be informed about the following: the need to obtain the prior consent of other people before they publish their personal data, including audio and video content, in cases where they have widened access beyond self-selected contacts; how to completely delete their profiles and all data stored about and from them in a social networking service, and how to use a pseudonym. Users should always be able to withdraw consent to the processing of their personal data.
Before terminating their account, users should be able to easily and freely move the data they have uploaded to another service or device, in a usable format. Upon termination, all data from and about the users should be permanently eliminated from the storage media of the social networking service. When allowing third party applications to access users’ personal data, the services should provide sufficiently multi-layered access to allow users to specifically consent to access to different kinds of data; “