Social networking websites appeared with the Web 2.0 boom. They are becoming more and more popular nowadays and are attracting huge numbers of users on a daily basis which is increasing constantly. Users publish various types of personal information online that can be used for construction of person’s profile when linked with the activities of the user and his communications with other users, in particularly in regard to that person interests and preferences. These personal data can be used for commercial purposes by advertisers offering targeted advertisements based on the data. There are many concerns about users’ privacy on social networking websites. Most of the users are not even aware of the fact how much they reveal about themselves and how these data can be used by the network providers or advertisers. This thesis will examine the questions who can be data controller in the context of social networking sites and whether the European data protection laws are binding for social networking sites not established within EU. Also, the Thesis will analyze the privacy concerns and the other legal issues raised by the ubiquitous use of social networking sites. The proposed reforms in the European data protection legislation will be tackled in brief as well.