The document summarizes key topics in European data protection law as it relates to social network sites and users' privacy. It discusses how users are considered data controllers under the law. It also outlines some of the rights of data subjects, like the right to be informed and opt out of data sharing, but notes these protections can be toothless. The document raises issues like how privacy policies are typically take-it-or-leave agreements for users and questions around children's privacy as both data subjects and controllers. It concludes by identifying several areas that require further regulatory attention regarding privacy in social networks.