These principles could be summarised as follows:
1. Operators of social networks have to inform their users fully with regard to the processing of their personal data and with regards their possibilities to influence the process.
2. Use of personal data for marketing is only admissible, to the extent that the data subjects have provided valid consents
3. Storage of usage data beyond the end of a session is only admissible if such data are required for invoicing purposes vis-à-vis the user.
4. There is no legal foundation for storing data about the usage of social networks in case such data should one day be needed for criminal prosecution purposes unless provided by law
5. Users should be allowed to use the service either anonymously or under a pseudonym
6. Operators are obliged to implement adequate security measures
7. Designing the standard settings in a way as to protect the users'''''''' privacy as efficiently as possible.
8. Possibility for the users to easily delete their profile themselves
GDK"s decision also points out different risks associated to the use of social networks, inter alia: virtual undeletable personal data once entered, misleading suggestion of friendship that may lead to incautious disclosing of personal data, close monitoring of users by operators, possible use of the information by HR specialist in the future and that a too generous provision of data within the social networks might spur identity theft.
Source: World Data Protection Report