Abstract
Personal data that identifies individual persons is given some level of protection in many jurisdictions and for various reasons. In Europe, general privacy rights, mainly under the 1950 Human Rights Convention has, for a long time, been the legal standard under which personal data was protected, at least partially. In the pursuit of helping create a single market and the role free movement of data has to that end, the 1995 Directive made an overhaul in both the legal and institutional infrastructure of data protection in Europe. At the center of the Directive rests a clear stipulation of principles that data controllers should enforce and rights that individual data subjects enjoy. Thus, personal data can be validly processed if there is a legitimate basis for it. The Directive recognizes consent of data subjects as one of them. It further defines consent in such a way that it be free specific and informed , and the form of indication should be unambiguous or explicit, based on the type of data. Within the limits of conceptual difficulties in defining these traits in a meaningfully measurable way, they are meant to ensure that data subjects have a good deal of control over their data. More, technological advances and proliferation of internet based services unforeseen by the Directive, including social networks, are testing the efficacy of consent as a basis for processing and its appropriateness is seriously questioned. Such concerns are sound as the services are vast in reach and consent of their users has been the main refuge for their extensive data related operations. It is within this context that the paper attempts to review some salient features of Facebook, a leading social network, and the degree of their compatibility with the consent requirements under the Directive.