According to FT,
"regulators say tighter rules are needed to protect personal data given to these third-party developers. In particular, they believe developers should be subject to tough European Union privacy and data protection rules, even when the companies concerned are located far from Europe.
At the same time, they argue that many corporate marketers who have turned to new forms of social media as a way to reach consumers should also be subjected to stiffer regulations."
Which is pretty much what Ian Brown and I suggested only two years ago :) (Incidentally that piece is finally seeing the published light of say shortly in Andrea Matwyshwn's great edited collection, Harbouring Data (Stanford U Press).
I'm not finding this opinion on the usual Art 29 page: if anyone has it in advance, I would very much like to see it.
Along with various recent reports suggesting that privacy defaults on social networking sites need tighter attention, for everyone not just children, it does seem the privacy and security risks of SNSs are finally getting the serious attention they deserve. (Is it just a coincidence btw that this happens as the Iranian situation shows more clearly than ever the power wielded by social networks these days??)