Canadian Journal of Law and Technology


social network sites, social media, big data, data protection, Canada, EU, US, regulation of social networks, regulatory negotiation


Social Networking Sites like Facebook, Twitter and the like are a ubiquitous part of contemporary culture. Yet, as exemplified on numerous occasions, most recently in the Cambridge Analytica scandal that shook Facebook in 2018, these sites pose major concerns for personal data protection. Whereas self-regulation has characterized the general regulatory mindset since the early days of the Internet, it is no longer viable given the threat social media poses to user privacy. This article notes the deficiencies of self-regulatory models of privacy and contends jurisdictions like Canada should ensure they have strong data protection regulations to adequately protect the public. However, while underscoring the economic value of Big Data technologies, it posits regulation does not necessarily need to come at the cost of economic prosperity. By adopting a co-regulatory model based on regulatory negotiation, various stakeholders can come together and draft robust and flexible data protection regulations, including both tailored rules and oversight mechanisms. Beginning with a survey of the challenges and opportunities of Big Data and social networking sites (I), this article then canvasses the data protection framework of three jurisdictions, namely the United States, Canada, and the European Union (II). Finally, it shows the clear advantages of co-regulation as a regulatory paradigm and offers an outline for the regulation of social networking sites using regulatory negotiation (III).