Are social networks such as FacebookFacebook and MySpaceMySpace doing enough to protect their users’ privacy? In the European Union, they might need to do more. A panel of European regulators has laid out operating guidelines for social networks, which will ensure their compliance with strict – albeit sometimes vague – online privacy laws in the European Union.

These laws mostly stem from the European Union Directive on Data Protection of 1995, which, among other regulations, prohibits collection of personal information without consumers’ permission, forbids employers to read workers’ private e-mail, and doesn’t allow companies to share personal information on users without their permission.

However, according to data-privacy lawyer Jan Dhont at Lorenz in Brussels, these regulations aren’t always very clear. For example, the companies that collect personal information must use it for “legitimate purposes,” which can be interpreted in many different ways.