ABSTRACT
This chapter provides an overview of the new EU data protection rules and an analysis of current issues with regard to the practices of social media providers that pose great risks to users and society as a whole. It introduces the EU data protection legislation relevant to social media, i.e. the General Data Protection Regulation (GDPR) and its key concepts to provide an overview of the current rules. It then sketches the data protection-specific risks of social media practices and considers the central concepts of responsibility, controllership, lawfulness, and targeting and profiling in depth. It also highlights several specific practices, such as dark patterns, sharing by default or lock-in effects, and their risks to individuals and society as a whole before concluding that even though data protection authorities are laying a focus on social media, the current issues could be further exacerbated, if existing alternatives are not adopted more widely.
