SlideShare uma empresa Scribd logo

Paper.uia.3112011

Alliant Abogados
Alliant Abogados

1. Social network sites (SNS) have grown exponentially in recent years with hundreds of millions of users on platforms like Facebook, Twitter, and LinkedIn. 2. SNS operate by commercially exploiting users' personal data in exchange for free services, raising privacy concerns especially for minors. 3. European data protection law provides the regulatory framework for SNS, requiring informed consent, security measures, and respect for users' rights to access and delete their data.

Tecnologia
1 de 10
Baixar para ler offline
Gran Vía de les Corts Catalanes, 702 Pral. 1ª Barcelona 08010 || t. 34 93.265.58.42 f.34 93.265.52.90 || info@alliantabogados.com www.alliantabogados.com Marc Gallardo * marc.gallardo@alliantabogados.com It’s an undeniable fact that Social Network Sites (SNSs) are a part of our lives and it looks as though they are here to stay. ey have grown exponentially. Facebook, alone, has more than 800 million registered users. Besides this internationally known platform, there are many others quickly gaining followers thanks to the spiral effect inherent to these networks: Twitter (200 million users), LinkedIn (120 million users), Tuenti (headquartered in Madrid and 10 million users) and more recently Google+ (which in its short lifetime, has already accumulated 40 million users) are all well- known success stories. us, it is very difficult nowadays to escape from the force of attraction that these social communication platforms exercise on us and our more or less immediate environment, both personally and professionally. Without going into details, there is undoubtedly something about SNSs because ever more suppliers and users are investing more of their time and resources in them. Nonetheless, this article is focused on various legal constraints arising from its set-up and use by all the players involved, starting with another undeniable fact: the main business of these SNS consists of commercially exploiting a large quantity and quality of personal data we provide their owners in exchange for using their platform for free. Based on this, it is commonplace to refer to the risks of using these networks for people’s personal lives and, particularly, for minors who form the fasted-growing group on the networks and use them the most. Within the context of this new social network and Web 2.0 phenomenon, the legal issues raised are very diverse. is article focuses on identifying some of them exclusively from a privacy perspective and by using European personal data protection law as a reference in addition to the recommendations issued by some authorities, with an emphasis on the Spanish situation and the first resolutions passed by the Spanish Data Protection Agency (AEPD, as it is known by the Spanish acronym) sanctioning Web 2.0 conducts. SUMMARY: 1. INTRODUCTION.- 2. LEGAL FRAMEWORK.- 3. REVISING DATA PROTECTION PRINCIPLES IN THE SCOPE OF SNSs: 3.1. Requirements of consent provided by SNS users; 3.2. Users can be data controllers; 3.3. Minors.- 4. LAW APPLICABLE TO SNSs.- 5. CONCLUSION. ___________________________________________________________________________ * Partner, Alliant Abogados Asociados S.L.P. and Head of the New Technologies and Data Protection Area. University of Barcelona (IL3) Professor of post-graduate courses on very different subjects in the fields of trade and technology law. Alliant Abogados is on Twitter, Facebook and Google+. If you’d like more information, you can visit our legal firm's website www.alliantabogados.com and the LinkedIn profile: http:// www.linkedin.com/in/marcgallardo is article is disseminated under a BY-NC-ND Creative Commons license. You can download the electronic version of this document and keynote presentation in our legal firm's website. PRIVACY AND ONLINE SOCIAL NETWORKS
2 Gran Vía de les Corts Catalanes, 702 Pral. 1ª Barcelona 08010 || t. 34 93.265.58.42 f.34 93.265.52.90 || info@alliantabogados.com www.alliantabogados.com 1. INTRODUCTION. Before reviewing the main challenges SNS pose to people’s private lives, I shall briefly explain what they are and how they work. Broadly speaking, SNSs can be defined as Information Society Services1 that offer users an Internet communication platform to generate a profile with their personal data, facilitating the creation of networks based on common criteria and permitting users to connect and interact with each other. eir growth model is primarily based on a viral process whereby an initial number of users offer others the possibility of joining by sending e-mail invitations. SNSs are just one more manifestation of what is known as the Web 2.02, where users are no longer mere spectators as they create and deposit information on the Internet. us, in this new framework the Internet has evolved towards, users are not just passive subjects who turn to the net exclusively to obtain some type of service or information, but rather they become active subjects who contribute information (their own or a third party’s) and interact with other users. ere are many online social networks of all types, although they can be grouped into two major categories: generalist or leisure and professional3. e main objective of generalist or leisure networks is to facilitate and strengthen personal relations among the individuals joining them. In general, these networks offer a large variety of applications and/or functionalities allowing users to do without external communication tools by making a platform available that integrates all of the necessary applications on a single screen. It is fitting to establish sub-categories considering the purpose or theme of these networks: a) Information and content exchange platforms such as Youtube and Google Video which offer free, easy to use tools for exchanging and publishing digital content (videos, photographs, etc.) in order to later link to them in one’s profile on the network used; b) Profile-based networks such as Facebook, Google+, MySpace and Tuenti, the most representative and most-used of the social networks which offer more and more new possibilities for communicating and interacting with other users; and c) Microblogging or nanoblogging networks such as Twitter which allow you to send text messages (limited to 140 characters) to other users in the same network in order to inform them of activities, thoughts and opinions (your own or others’) you wish to share for some reason (social integration, professional promotion, fun, etc.). Professional social networks are configured as support tools for establishing professional contacts with other users (for example, LinkedIn). ey are created and designed for the purpose 1 at is to say, any service normally provided for remuneration, at a distance, by electronic means and at the individual request of a recipient of services (Directive 98/34/CE). 2 e term Web 2.0 is associated with web applications that facilitate participatory information sharing, interoperability, user-centered design and collaboration on the World Wide Web. A Web 2.0 site allows users to interact and collaborate with each other in a social media dialogue as creators (prosumers) of user-generated content in a virtual community, in contrast to websites where users (consumers) are limited to the passive viewing of content that was created for them. Examples of Web 2.0 include social networking sites, blogs, wikis, video sharing sites, hosted services, web applications, mashups and folksonomies (http://en.wikipedia.org/wiki/Web_2.0). 3 is classification was obtained from the Study on Personal Data Privacy and the Security of the Information on Online Social Networks, published by the Spanish National Communication Technologies Institute (INTECO) in collaboration with the AEPD; pp. 45 et seq.
3 Gran Vía de les Corts Catalanes, 702 Pral. 1ª Barcelona 08010 || t. 34 93.265.58.42 f.34 93.265.52.90 || info@alliantabogados.com www.alliantabogados.com of making contacts and maintaining professional relations with different people that may be of interest to the user. Notwithstanding, there is an ever-growing trend to use networks initially configured for leisure and the exchange of personal information such as Facebook and Twitter for professional reasons meaning both SNS categories can easily be confused at the sole decision of the users, who, make the final decision at all times as to how to configure their space on the social network and for what purposes. Another common aspect of SNSs lies in that, irrespective of their design or aim, in all reality they are databases that feed off of information of all kinds provided by users. ese databases are exposed to very sophisticated, continuous data mining techniques with an aim to make money off or profit from the platform as much as possible, offering targeted and specific advertising of products and services based on the information gathered in relation to user interests. erefore, users utilize the social network for free, but not without “associated costs” as the price they (we) pay, many times unknowingly, is the commercial exploitation of their "profile" by the platform owners who generate most of their revenue with the advertising spread through the spaces network users create and those they access. In general, SNSs operate in three phases: registration, usage and deletion from the social network. And in each one of these phases a series of conducts can often be identified, performed by the different parties intervening in each one of these processes (typically the SNS provider and the service user), that can constitute serious personal data protection threats for members and non-members of any of the social networks. At the time of registration, the SNS privacy policy may not be sufficiently clear and transparent to users or it may not accurately inform them of each and every one of the purposes for which their data will be used and they are not given the option to opt out of certain data processing. Likewise, the privacy options pre-set by default on the social network may be the most permissive for data publication even allowing for indexing by search engines. And when it comes to minors, there is a danger that the SNS provider does not implement effective measures to verify the age of their users and determine whether, in certain cases, parental or guardian consent is required to process their data4. When using the service, the SNS provider may engage in invisible data processing (for example, through the IP address or the installation of a cookie on the user’s personal computer) without having duly informed the affected party or, consequently, obtained the necessary consent to do so. As far as SNS users, they may be responsible for the processing of the third party data they publish or spread through the social network without the third party's consent. It also can be difficult for users as well as people not affiliated with the SNSs whose data is processed in such virtual environments to exercise their rights of access and rectification. Finally, when trying to delete an account, users can find that their data is not eliminated, or at least not completely, which raises great doubts about their right to have the SNS provider cancel their data. 4 Pursuant to Spanish law, parental authorization is required in order to process data on minors under 14 years of age.
4 Gran Vía de les Corts Catalanes, 702 Pral. 1ª Barcelona 08010 || t. 34 93.265.58.42 f.34 93.265.52.90 || info@alliantabogados.com www.alliantabogados.com 2. LEGAL FRAMEWORK. In Europe, the SNS regulatory framework concerning personal data protection is basically represented by two Directives: General Directive 95/46/EC5 and e-Privacy Directive 2002/58/ EC6 (as per the final version provided by Directive 2009/136). Each one of the 27 EU Member States has incorporated the principles and aims of both Directives into their respective laws7. In the case of Spain, this has been done through Organic Law 15/1999, of 13 December, concerning Personal Data Protection (LOPD, as it is known by its Spanish acronym), Royal Decree 1720/2007, of 21 December, which enforces the LOPD, and Law 34/2002, of 12 June, on Information Society Services and Electronic Commerce (LSSI, as it is known by its Spanish acronym8). Specifically, the General Directive applies to SNS providers as they are considered the data controllers9. In effect, they are the ones that provide the resources that make it possible to process user data as well as all of the "basic" services linked to user management such as account registration and deletion. ey are also the ones who decide how user data may be used for advertising purposes including third-party advertising which, let’s not forget, constitutes the most important source of revenue for an SNS10. As individuals obliged to comply with the provisions of the General Directive, SNS providers must respect a series of basic principles according to the internal Member State rules to which they are subject and which, in practice, translates into the following obligations: • To register personal data files they are responsible for with the National Data Protection Control Authority (the AEPD, in Spain). • To inform users, when they provide their data, of the identity of the SNS provider, the existence of a file and any data processing, the purpose or use of the data obtained, the possible assignment of the data to third parties, and their rights to access, rectify, oppose and cancel their data. • To process the data in accordance with the data quality principle. What’s worth emphasizing here is that the data must be a) processed fairly and lawfully; b) processed in a manner that is compatible with the purposes for which they are collected and; c) 5 Directive 95/46/EC of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data. 6 Directive 2002/58/EC of the European Parliament and of the Council, concerning the processing of personal data and the protection of privacy in the electronic communications sector, as ammended by Directive 2009/136/CE. 7 For the specific regulations in each MS implementing these Directives, go to http://ec.europa.eu/justice/policies/ privacy/lawreport/index_en.htm 8 is Law implements Directive 2000/31/EC of the Parliament and of the Council, on certain legal aspects of information society services, in particular electronic commerce, in the internal market (Directive on electronic commerce). 9 In summary, understood as the natural or legal person that determines the purpose and the essential means of the processing of data. 10 Some social networks combine advertising revenue with revenue obtained through the sale of Premium services to users. is is the case of the professional network LinkedIn.
5 Gran Vía de les Corts Catalanes, 702 Pral. 1ª Barcelona 08010 || t. 34 93.265.58.42 f.34 93.265.52.90 || info@alliantabogados.com www.alliantabogados.com adequate, relevant and not excessive in relation to the purposes for which they are collected and for which they are further processed. • To obtain informed and unambiguous consent from users to process their data or have other legitimate grounds for processing it (for example, a formal law), which would hardly be the case of SNSs which means consent is the fundamental basis for any processing. • To adopt the necessary security measures in order to guarantee the security and confidentiality of the data stored in their information system, including notification of security breaches according to e-Privacy Directive (thus, this notification only applies to providers of publicly available electronic communications services). • To guarantee the exercise of users' rights of access, rectification, cancellation and refusal. Even though they were devised and formulated in the mid 90's, in my opinion these principles continue to be valid for regulating data processing in a technologically evolved environment with respect to the Web 1.0 where users were mere spectators of the websites they visited. But some review is necessary to enhance data protection rights. As a good example, the e- Privacy Directive adds other specific obligations of great significance in an SNS environment given that it regulates specific cases for the use of cookies and other similar mechanisms that make it possible to track clicks or how a person browses through a specific website or on an SNS. Article 5(3) of the former e-Privacy Directive which said (emphasis added): “the use of electronic communications networks to store information or to gain access to information stored in the terminal equipment of a subscriber or user is only allowed on condition that the subscriber or user concerned is provided with clear and comprehensive information in accordance with Directive 95/46/ EC, inter alia, about the purposes of the processing, and is offered the right to refuse such processing by the data controller”. is should be compared with the new wording of Article 5(3) of the e- Privacy Directive as amended by Directive 2009/136/EC, which states that “(…) the storing of information or the gaining of access to information already stored, in the terminal equipment of a subscriber or user is only allowed on condition that the subscriber or user concerned has given his or her consent(…)” I follows from this change in the wording of Article 5(3), that the Members States should have incorporated into their laws no later than May 201111 , requires users' prior and informed consent to legally store information or gain access to information stored on their terminal equipment. Under the scope of the former article 5.3, no consent requirement was established meaning that the obligation of the data controller, an SNS for example, was limited to providing clear and comprehensive information to the user about the purposes of the processing and offering the right to refuse said processing. But the need of consent, now, is different from the right to object. is means consent based on the lack of individuals’ action, for example, browser settings, which would accept by default the targeting of the user through the use of cookies, should not meet Article 5(3) requirements. In my opinion, this regulatory modification requires a greater level of exigency from SNS 11 is is not the case of Spain which is not expected to comply with these obligations until the beginning of next year.
6 Gran Vía de les Corts Catalanes, 702 Pral. 1ª Barcelona 08010 || t. 34 93.265.58.42 f.34 93.265.52.90 || info@alliantabogados.com www.alliantabogados.com owners that should translate to the need to obtain explicit consent (and therefore an “opt-in”) from the users, giving them the opportunity to make a decision and to express it, for instance by ticking a box in view of the purpose of the data processing. Insofar as the SMS provider integrates other functionalities in the platform (for example, a chat and e-mail or sms/mms service) susceptible to generating electronic communications within it, Directive 2006/24 concerning data conservation will also apply12. Other parties responsible for data processing in an SNS include application suppliers whenever they develop applications that work on the SNS and that users decide to use, providing some personal data for this purpose to said supplier which then becomes a data controller. e SNS provider should clearly inform users of the data they will provide to the supplier of the application they wish to use so they may grant their informed consent. 3. REVISING DATA PROTECTION PRINCIPLES IN THE SCOPE OF SNSs. Even though current EU data protection regulations can be considered valid for delimiting the responsibilities of SNS providers doing business in the EU, there are situations specifically created within these virtual spaces which, in my opinion, require that the “classical” principles as set out in Directive 95/46 be revised so as to more effectively protect personal data subjects. is reassessment arises not only because of the technological advances but also because of the social changes the Web 2.0 has brought with it, which, in the case of SNSs, is reflected in the ease with which social network users can voluntarily and conscientiously reveal their privacy and that of their acquaintances. Somehow a sort of conceptual tension is produced between privacy and SNSs that could create doubts about whether or not privacy actually exists in this new environment where it is characteristic of users to disseminate information. 3.1. Requirements of consent provided by SNS users. As a general rule, consent to data processing must be freely given, unambiguous, specific and informed13. However, on most SNSs, consent could be mistakenly given from the start, especially among the youngest of users due to the very design of the network and the use of concepts such as “friends”, “community” and “my space14” which create a false notion of privacy. In order to prevent these confusions in users, SNS providers should supply clear and precise information on the scope of the possible publication of data on their platform15. At other times, the consent does not fulfill the necessary criteria to be considered informed. 12 Directive 2006/24/CE of the European Parliament and of the Council of 15 March 2006, on the retention of data generated or processed in connection with the provision of publicy available electronic communications services or public communications networks and amending Directive 2002/58/CE. 13 An accurate analysis on the definition of consent is in Opinion 15/2011 and also Opinion 5/2009 on online social networking http://ec.europa.eu/justice/policies/privacy/workinggroup/wpdocs/2011_en.htm 14 e name of the social network My Space could lead per se to error on the real effects of publishing information on the platform, generating a sort of “illusion” regarding an assumed private and intimate environment which it is not. 15 ink about, for example, minors who have a reasonable expectation for privacy when sharing their information on an SNS.
7 Gran Vía de les Corts Catalanes, 702 Pral. 1ª Barcelona 08010 || t. 34 93.265.58.42 f.34 93.265.52.90 || info@alliantabogados.com www.alliantabogados.com Supplying this information corresponds to the SNS providers and oftentimes they do so by means of clauses you access via links such as "disclaimer" or "privacy policy" but this information is not always written in simple and clear language which is a necessary requisite for social networks essentially aimed at minors. Moreover, the way it is granted may be classified as weak when all you have to do when registering is click on a button that says “Send Form”, “I Agree” or something of the like when it would be more appropriate to set up a procedure where users have to actively participate in such manner that they may declare their will in one way or another through the SNS and with a warning of the consequences of their non-declaration. In short, SNS providers should offer a privacy policy that is not too extensive, that is easily accessible, with simple language that includes express information concerning the level of privacy applied by default on the network and the options and steps to modify it at the user's choice. Another of the most common problems that arise in SNSs lies in users publishing personal information with a certain purpose - sharing the information with their "friends" or "acquaintances"- but then the information may later be used for uncertain purposes (for example, analyzing SNS user preferences obtained from their browsing or the publication of data in said medium and offering them custom advertising). erefore, SNS owners must be required to inform users of the purpose for which they will process personal data and specifically indicate the end purpose of the information provided. Again, SNS privacy policies need to comply with the aforementioned information requirements so users have a real power to control their data and grant informed consent in accordance with the essential content of their fundamental data protection rights. It can also be questioned whether tacit consent is an adequate way to grant consent on an SNS. It is known that if the data processed are not specially protected or sensitive, current regulations do not oppose tacit consent formulas for valid data processing. However, the problem of admitting this type of consent on an SNS is there may be situations where a subject has seemingly granted consent to appear in a video or photograph when in all reality they are unaware how a net user is processing the image. For this reason, it does not seem adequate to admit tacit consent and it would be advisable that it be explicit, thus requiring a future modification of the regulations. Last but not least, consent should be revocable at any time by SNS users. is attribute is confronted with not just a few practical problems given that information published on the Internet is very difficult, if not impossible, to control a posteriori, which does not make it easy to effectively cancel personal data after consent is revoked by the data owner. is difficulty could be overcome, in part, by applying a privacy policy that permits users to delete their data from the SNS servers when they have deactivated their profile or even when they have deleted certain content from their profile. Likewise, it would be recommendable for SNS providers to have a “complaint center” so any affected party could request the cancellation of their image or other personal information published by a SNS user without the consent of the claimant16. 3.2. Users can become data controllers. Generally, users are considered to be interested parties with regards to the processing of their data by SNSs and, therefore, they are fundamentally subjects of rights whereas the SNS owners (and, where applicable, application suppliers) are the data controllers. But this equation is 16 National Data Protection Authorities can help facilitate the exercise of data subjects’ rights of cancellation and refusal: For example, the AEPD protects the right to oppose the indexing of personal data in search engines.
8 Gran Vía de les Corts Catalanes, 702 Pral. 1ª Barcelona 08010 || t. 34 93.265.58.42 f.34 93.265.52.90 || info@alliantabogados.com www.alliantabogados.com not always constant. At times, a user may also be considered a data controller of third party data they disseminate on the social network when said processing is not covered by the household exemption provided for in Directive 95/46 and which each Member State has incorporated into their respective internal laws. is exemption, which was established in article 3.2 of the General Directive, implies that the data protection regulation does not apply to the processing of personal data by someone in the course of a purely personal or household activity. e subsequent question that must be posed then is: In which cases could an SNS user be considered the data controller of a third party’s data? One possible criterion could be that which was established by the European Court of Justice (ECJ) in the Lindqvist case17 to determine the application of data protection regulations to the publication of information on the Internet via a website. In this case, the ECJ declared that the conduct consisting of referring to various people and identifying them by their name or other means on a website constitutes data processing subject to Directive 95/4618 . It also stated that the household exemption did not apply because this exemption is only related to activities which are carried out in the course of private or family life of individuals, which is clearly not the case with the processing of personal data consisting in publication on the Internet so that those data are accessible to an indefinite number of people. Under the Lindqvist standard, the private life exception would only apply when users configure their social network space so that it is only visible to a group of expressly authorized friends. is matter was specifically analyzed by the Article 29 Working Party in its Opinion 5/2009 on online social networks19. According to this advisory body, the household exemption would not apply in various circumstances: a) when an individual acts on behalf of a group, association or company; b) when an individual acquires contact data from third parties when there is no direct relationship between them; and, c) when an individual "knowingly" maintains its profile public. If the household exemption does not apply, a user will assume full responsibilities as a data controller and, if they do not have consent or other legal grounds to lawfully process data, they could be sanctioned with a fine or at least warned if this type of sanction is provided for in the internal law. ere is still no court sentence in Spain sanctioning a social network user for having processed third party personal data without being covered by the household exemption. is is likely because SNS providers implement internal claims management systems that make it 17 Judgment of the ECJ of 6 November 2003 (C-101/01). 18 Although the Web 2.0 did not exist when this sentence was passed, the criteria can be perfectly extended to the new social network environment insofar as the characteristic behavior is publishing a text, photo or any other material on the Internet. e only difference is that now it is much easier to publish information on the Internet (just as on a social network) without needing to have the prior technical knowledge required to do so through a website. 19 http://ec.europa.eu/justice/policies/privacy/news/docs/pr_25_06_09_en.pdf
9 Gran Vía de les Corts Catalanes, 702 Pral. 1ª Barcelona 08010 || t. 34 93.265.58.42 f.34 93.265.52.90 || info@alliantabogados.com www.alliantabogados.com possible to solve these types of problems. However, the AEPD has sanctioned people who have published photographs or videos without the consent of the affected parties on other Internet platforms that do not constitute social networks in a strict sense. e first AEPD resolution sanctioning a social network user for identity theft was also recently revealed20. 3.3. Minors. SNS providers should pay special attention to how the personal data of minors are processed. Although there are other legal instruments used to protect minors (civil and criminal laws protecting the honor and image of individuals, among others), they are particularly vulnerable in the scope of SNSs and therefore it needs to be considered whether the legal guarantees currently applicable are sufficient or not in guaranteeing their data is adequately protected. Pursuant to Spanish law (Royal Decree 1720/2007), a data controller has three responsibilities here: a) at the information on how their data is processed is expressed in language that can be easily understood by them; b) at data is not collected that enables obtaining information on the other members of the family group without the consent of the data subjects; and c) at procedures are articulated guaranteeing effective age verification and the authenticity of the consent granted by the parents or legal representatives if they are under 14. e Spanish Data Protection Agency has demonstrated special concern for this group and has issued recommendations for mothers and fathers and also SNS providers. anks to these actions by the AEPD, Tuenti and Facebook revised the minimum age necessary to be a user of said social networks in Spain, setting it at 14 years old. And in the case of Tuenti, it seems that an age verification procedure has been implemented that amply exceeds the standard system of asking users to declare they are over 14 by marking a box on the registration form. According to Tuenti, this procedure has led to the elimination of thousand of profiles due to a lack of proof of the minimum age requirement. e European Commission has fostered and implemented a self-regulation system based on 7 principles with a view to improve minor privacy and protection issues on SNSs without having to, at least for the time being, pass legislation on this matter21. ere are other initiatives aimed at creating international protection standards related to the safe use of the Internet and SNSs by children. In this regard, the Montevideo Memorandum and the Safer Internet program approved in 2009 by the European Parliament stand out22. 20 PS 137/2011, Resolution of 27 July 2011. 21 http://ec.europa.eu/information_society/activities/social_networking/eu_action/selfreg/index_en.htm 22 Memorándum sobre la protección de datos personales y la vida privada en las redes sociales en Internet, en particular de niños, niñas y adolescentes http://memorandumdemontevideo.ifai.org.mx . Safer Internet Program: http://ec.europa.eu/information_society/ activities/sip/index_en.htm
10 Gran Vía de les Corts Catalanes, 702 Pral. 1ª Barcelona 08010 || t. 34 93.265.58.42 f.34 93.265.52.90 || info@alliantabogados.com www.alliantabogados.com 4.- LAW APPLICABLE TO SNSs. Section 2 mentioned the fact that the SNSs operating in the EU are subject to a legal framework comprised of two Directives (General and e-Privacy) and, possibly, a third on data retention if the SNS provider offers electronic communication services. Determining the law applicable to SNS personal data processing matters means applying article 4 of Directive 95/46 which opts for the criteria of establishment without the location of the data processing, the nationality, legal address or residence of the subject whose data is processed being relevant. us, the law of the Member State where the SNS owner is located shall apply. If it has various establishments and processes personal data through the activities of each one of them, it shall be governed by the law of the country where each establishment lies. In all, we must not lose sight of the fact that the most important SNSs by volume of users are established outside the EU and, specifically, in the United States, and any conflict is submitted to the laws of the State where their principal place of business is located. us is the case of, for example, Facebook (Delaware), LinkedIn (California), Twitter and My Space (New York) which together account for more than 1 billion users!. In principle, these companies escape from the application of European data protection laws and as a result, from national control authorities except in situations where they use instruments or means situated in EU territory. is is the case, for example, when they use mechanisms such as cookies to actively collect data from user computers situated in a Member State for the purpose of future processing, unless such means are only used for purposes of transit (article 4.1.c of Directive 95/46). 5.- CONCLUSION One of the greatest dangers of the SNSs is generated in the private life of users and not only theirs but also other people who may or may not be affiliated with these platforms and whose personal data, for whatever reasons, appear published on an SNS. It is essential that SNS owners comply with currently existing data protection regulations but we must also be aware that the technological changes and, as a consequence, social changes they bring with them demand a revision of the principles and guarantees currently applicable. e Law is not always the most ideal instrument for preventing violations in this area. is has been well understood by different international bodies (including EU institutions) upon promoting global self-regulations systems as well as awareness programs in order to achieve the responsible and safe use of the tools offered by the Web 2.0. Without a doubt, each one of us must be called upon to use social networks responsibly and conscientiously. Perhaps this is an important part of the solution to the problem. In short, the questions posed vary whereas the answers are not definitive. In matters of privacy, “today is tomorrow” and therefore, considering that SNSs are here to stay as mentioned at the beginning of this article, there is nothing more to do besides continuing to deepen the debate on how to better protect our data in environments such as social networks which, by nature, afford so little privacy.

Recomendados

Social Networking Websites and Image Privacy
Social Networking Websites and Image PrivacySocial Networking Websites and Image Privacy
Social Networking Websites and Image PrivacyIOSR Journals
 
Social Media Speaks Out - July 2014
Social Media Speaks Out - July 2014Social Media Speaks Out - July 2014
Social Media Speaks Out - July 2014Stephen Andriole
 
Making Connections Between Citizens
Making Connections Between CitizensMaking Connections Between Citizens
Making Connections Between Citizensi4box Anon
 
A Call to Action: Protecting the Right to Consumer Privacy Online
A Call to Action: Protecting the Right to Consumer Privacy OnlineA Call to Action: Protecting the Right to Consumer Privacy Online
A Call to Action: Protecting the Right to Consumer Privacy OnlineBrenden Brown
 
Privacy Perspectives, Requirements and Design trade-offs of Encounter- based ...
Privacy Perspectives, Requirements and Design trade-offs of Encounter- based ...Privacy Perspectives, Requirements and Design trade-offs of Encounter- based ...
Privacy Perspectives, Requirements and Design trade-offs of Encounter- based ...AM Publications
 
Salahuddin social media tools
Salahuddin social media toolsSalahuddin social media tools
Salahuddin social media toolssuklimon
 
Web 2.0 for Foundations, Higher Ed, and Non-profits - TODCon 2008
Web 2.0 for Foundations, Higher Ed, and Non-profits - TODCon 2008Web 2.0 for Foundations, Higher Ed, and Non-profits - TODCon 2008
Web 2.0 for Foundations, Higher Ed, and Non-profits - TODCon 2008Denise Jacobs
 
Twitter
TwitterTwitter
TwitterShubham Singh
 

Recomendados

Social Networking Websites and Image Privacy
Social Networking Websites and Image PrivacySocial Networking Websites and Image Privacy
Social Networking Websites and Image PrivacyIOSR Journals
 
Social Media Speaks Out - July 2014
Social Media Speaks Out - July 2014Social Media Speaks Out - July 2014
Social Media Speaks Out - July 2014Stephen Andriole
 
Making Connections Between Citizens
Making Connections Between CitizensMaking Connections Between Citizens
Making Connections Between Citizensi4box Anon
 
A Call to Action: Protecting the Right to Consumer Privacy Online
A Call to Action: Protecting the Right to Consumer Privacy OnlineA Call to Action: Protecting the Right to Consumer Privacy Online
A Call to Action: Protecting the Right to Consumer Privacy OnlineBrenden Brown
 
Privacy Perspectives, Requirements and Design trade-offs of Encounter- based ...
Privacy Perspectives, Requirements and Design trade-offs of Encounter- based ...Privacy Perspectives, Requirements and Design trade-offs of Encounter- based ...
Privacy Perspectives, Requirements and Design trade-offs of Encounter- based ...AM Publications
 
Salahuddin social media tools
Salahuddin social media toolsSalahuddin social media tools
Salahuddin social media toolssuklimon
 
Web 2.0 for Foundations, Higher Ed, and Non-profits - TODCon 2008
Web 2.0 for Foundations, Higher Ed, and Non-profits - TODCon 2008Web 2.0 for Foundations, Higher Ed, and Non-profits - TODCon 2008
Web 2.0 for Foundations, Higher Ed, and Non-profits - TODCon 2008Denise Jacobs
 
Twitter
TwitterTwitter
TwitterShubham Singh
 
The Implementation of Social Media for Educational Objectives
The Implementation of Social Media for Educational ObjectivesThe Implementation of Social Media for Educational Objectives
The Implementation of Social Media for Educational Objectivestheijes
 
Measuring privacy in online social
Measuring privacy in online socialMeasuring privacy in online social
Measuring privacy in online socialijsptm
 
Financial services social media
Financial services social mediaFinancial services social media
Financial services social mediaCatherineSherwood: Real Communications
 
2011 0094
2011 00942011 0094
2011 0094peluglu
 
E Marketing Week03
E Marketing Week03E Marketing Week03
E Marketing Week03Stephen Dann
 
Social media marketing campaigns chp 1
Social media marketing campaigns chp 1Social media marketing campaigns chp 1
Social media marketing campaigns chp 1Carie Statz
 
Scei technical whitepaper-19.06.2012
Scei technical whitepaper-19.06.2012Scei technical whitepaper-19.06.2012
Scei technical whitepaper-19.06.2012STIinnsbruck
 
Authentication and Verification of Social Networking Accounts Using Blockchai...
Authentication and Verification of Social Networking Accounts Using Blockchai...Authentication and Verification of Social Networking Accounts Using Blockchai...
Authentication and Verification of Social Networking Accounts Using Blockchai...AIRCC Publishing Corporation
 
Journalistic pure-players in France between innovation & struggle to survive
Journalistic pure-players in France between innovation & struggle to surviveJournalistic pure-players in France between innovation & struggle to survive
Journalistic pure-players in France between innovation & struggle to survivesmyrnaios
 
Privacy on SNS
Privacy on SNSPrivacy on SNS
Privacy on SNSmarcgallardo
 
Privacy on SNS II
Privacy on SNS IIPrivacy on SNS II
Privacy on SNS IImarcgallardo
 
Kastriot Blakaj
Kastriot BlakajKastriot Blakaj
Kastriot BlakajUBT - Higher Education Institution
 
Social marketing
Social marketingSocial marketing
Social marketingRavin Gandhi
 
E-COMMERCE BUSINESS MODELS IN THE CONTEXT OF WEB 3.0 PARADIGM
E-COMMERCE BUSINESS MODELS IN THE CONTEXT OF WEB 3.0 PARADIGME-COMMERCE BUSINESS MODELS IN THE CONTEXT OF WEB 3.0 PARADIGM
E-COMMERCE BUSINESS MODELS IN THE CONTEXT OF WEB 3.0 PARADIGMijait
 
unit1-181110135541.pptx
unit1-181110135541.pptxunit1-181110135541.pptx
unit1-181110135541.pptxadrianjaydelara
 
etech.pptx
etech.pptxetech.pptx
etech.pptxLiezlLumapac
 
Lesson 1 2 Edited
Lesson 1 2 EditedLesson 1 2 Edited
Lesson 1 2 EditedJuvywen
 
Empowerment Tech Lesson 1 What is ICT.pptx
Empowerment Tech Lesson 1 What is ICT.pptxEmpowerment Tech Lesson 1 What is ICT.pptx
Empowerment Tech Lesson 1 What is ICT.pptxNicoleBitgue
 
LESSON 1, 2 & 3-ETECH 1S
LESSON 1, 2 & 3-ETECH 1SLESSON 1, 2 & 3-ETECH 1S
LESSON 1, 2 & 3-ETECH 1SJuvywen
 
Lesson 1 & 2 ICT_Software.pptx
Lesson 1 & 2 ICT_Software.pptxLesson 1 & 2 ICT_Software.pptx
Lesson 1 & 2 ICT_Software.pptxdanielloberiz1
 
253 By Dr. Patricia Franks and Robert Smallwood .docx
253 By Dr. Patricia Franks and Robert Smallwood .docx253 By Dr. Patricia Franks and Robert Smallwood .docx
253 By Dr. Patricia Franks and Robert Smallwood .docxlorainedeserre
 
Social Network Service
Social Network ServiceSocial Network Service
Social Network ServiceMary Stevenson
 

Mais conteúdo relacionado

Mais procurados

The Implementation of Social Media for Educational Objectives
The Implementation of Social Media for Educational ObjectivesThe Implementation of Social Media for Educational Objectives
The Implementation of Social Media for Educational Objectivestheijes
 
Measuring privacy in online social
Measuring privacy in online socialMeasuring privacy in online social
Measuring privacy in online socialijsptm
 
2011 0094
2011 00942011 0094
2011 0094peluglu
 
E Marketing Week03
E Marketing Week03E Marketing Week03
E Marketing Week03Stephen Dann
 
Social media marketing campaigns chp 1
Social media marketing campaigns chp 1Social media marketing campaigns chp 1
Social media marketing campaigns chp 1Carie Statz
 
Scei technical whitepaper-19.06.2012
Scei technical whitepaper-19.06.2012Scei technical whitepaper-19.06.2012
Scei technical whitepaper-19.06.2012STIinnsbruck
 
Authentication and Verification of Social Networking Accounts Using Blockchai...
Authentication and Verification of Social Networking Accounts Using Blockchai...Authentication and Verification of Social Networking Accounts Using Blockchai...
Authentication and Verification of Social Networking Accounts Using Blockchai...AIRCC Publishing Corporation
 
Journalistic pure-players in France between innovation & struggle to survive
Journalistic pure-players in France between innovation & struggle to surviveJournalistic pure-players in France between innovation & struggle to survive
Journalistic pure-players in France between innovation & struggle to survivesmyrnaios
 

Mais procurados (9)

The Implementation of Social Media for Educational Objectives
The Implementation of Social Media for Educational ObjectivesThe Implementation of Social Media for Educational Objectives
The Implementation of Social Media for Educational Objectives
 
Measuring privacy in online social
Measuring privacy in online socialMeasuring privacy in online social
Measuring privacy in online social
 
Financial services social media
Financial services social mediaFinancial services social media
Financial services social media
 
2011 0094
2011 00942011 0094
2011 0094
 
E Marketing Week03
E Marketing Week03E Marketing Week03
E Marketing Week03
 
Social media marketing campaigns chp 1
Social media marketing campaigns chp 1Social media marketing campaigns chp 1
Social media marketing campaigns chp 1
 
Scei technical whitepaper-19.06.2012
Scei technical whitepaper-19.06.2012Scei technical whitepaper-19.06.2012
Scei technical whitepaper-19.06.2012
 
Authentication and Verification of Social Networking Accounts Using Blockchai...
Authentication and Verification of Social Networking Accounts Using Blockchai...Authentication and Verification of Social Networking Accounts Using Blockchai...
Authentication and Verification of Social Networking Accounts Using Blockchai...
 
Journalistic pure-players in France between innovation & struggle to survive
Journalistic pure-players in France between innovation & struggle to surviveJournalistic pure-players in France between innovation & struggle to survive
Journalistic pure-players in France between innovation & struggle to survive
 

Semelhante a Paper.uia.3112011

E-COMMERCE BUSINESS MODELS IN THE CONTEXT OF WEB 3.0 PARADIGM
E-COMMERCE BUSINESS MODELS IN THE CONTEXT OF WEB 3.0 PARADIGME-COMMERCE BUSINESS MODELS IN THE CONTEXT OF WEB 3.0 PARADIGM
E-COMMERCE BUSINESS MODELS IN THE CONTEXT OF WEB 3.0 PARADIGMijait
 
Lesson 1 2 Edited
Lesson 1 2 EditedLesson 1 2 Edited
Lesson 1 2 EditedJuvywen
 
Empowerment Tech Lesson 1 What is ICT.pptx
Empowerment Tech Lesson 1 What is ICT.pptxEmpowerment Tech Lesson 1 What is ICT.pptx
Empowerment Tech Lesson 1 What is ICT.pptxNicoleBitgue
 
LESSON 1, 2 & 3-ETECH 1S
LESSON 1, 2 & 3-ETECH 1SLESSON 1, 2 & 3-ETECH 1S
LESSON 1, 2 & 3-ETECH 1SJuvywen
 
Lesson 1 & 2 ICT_Software.pptx
Lesson 1 & 2 ICT_Software.pptxLesson 1 & 2 ICT_Software.pptx
Lesson 1 & 2 ICT_Software.pptxdanielloberiz1
 
253 By Dr. Patricia Franks and Robert Smallwood .docx
253 By Dr. Patricia Franks and Robert Smallwood .docx253 By Dr. Patricia Franks and Robert Smallwood .docx
253 By Dr. Patricia Franks and Robert Smallwood .docxlorainedeserre
 
Social Network Service
Social Network ServiceSocial Network Service
Social Network ServiceMary Stevenson
 
Empowerment_Q1_Module1.pdf
Empowerment_Q1_Module1.pdfEmpowerment_Q1_Module1.pdf
Empowerment_Q1_Module1.pdfMichael Montarde
 
The Synereo Whitepaper
The Synereo WhitepaperThe Synereo Whitepaper
The Synereo WhitepaperJoseph Denman
 
Social networks in spain
Social networks in spainSocial networks in spain
Social networks in spainMiriam Ortega
 
Social Networks In Spain
Social Networks In SpainSocial Networks In Spain
Social Networks In SpainMiriam Ortega
 
Channel model data2012
Channel model data2012Channel model data2012
Channel model data2012STIinnsbruck
 
Final presentation
Final presentationFinal presentation
Final presentationfloridaforte
 
Security in social network araceli&arlethe
Security in social network araceli&arletheSecurity in social network araceli&arlethe
Security in social network araceli&arlethetecnologico de tuxtepec
 

Semelhante a Paper.uia.3112011 (20)

Privacy on SNS
Privacy on SNSPrivacy on SNS
Privacy on SNS
 
Privacy on SNS II
Privacy on SNS IIPrivacy on SNS II
Privacy on SNS II
 
Kastriot Blakaj
Kastriot BlakajKastriot Blakaj
Kastriot Blakaj
 
Social marketing
Social marketingSocial marketing
Social marketing
 
E-COMMERCE BUSINESS MODELS IN THE CONTEXT OF WEB 3.0 PARADIGM
E-COMMERCE BUSINESS MODELS IN THE CONTEXT OF WEB 3.0 PARADIGME-COMMERCE BUSINESS MODELS IN THE CONTEXT OF WEB 3.0 PARADIGM
E-COMMERCE BUSINESS MODELS IN THE CONTEXT OF WEB 3.0 PARADIGM
 
unit1-181110135541.pptx
unit1-181110135541.pptxunit1-181110135541.pptx
unit1-181110135541.pptx
 
etech.pptx
etech.pptxetech.pptx
etech.pptx
 
Lesson 1 2 Edited
Lesson 1 2 EditedLesson 1 2 Edited
Lesson 1 2 Edited
 
Empowerment Tech Lesson 1 What is ICT.pptx
Empowerment Tech Lesson 1 What is ICT.pptxEmpowerment Tech Lesson 1 What is ICT.pptx
Empowerment Tech Lesson 1 What is ICT.pptx
 
LESSON 1, 2 & 3-ETECH 1S
LESSON 1, 2 & 3-ETECH 1SLESSON 1, 2 & 3-ETECH 1S
LESSON 1, 2 & 3-ETECH 1S
 
Lesson 1 & 2 ICT_Software.pptx
Lesson 1 & 2 ICT_Software.pptxLesson 1 & 2 ICT_Software.pptx
Lesson 1 & 2 ICT_Software.pptx
 
253 By Dr. Patricia Franks and Robert Smallwood .docx
253 By Dr. Patricia Franks and Robert Smallwood .docx253 By Dr. Patricia Franks and Robert Smallwood .docx
253 By Dr. Patricia Franks and Robert Smallwood .docx
 
Social Network Service
Social Network ServiceSocial Network Service
Social Network Service
 
Empowerment_Q1_Module1.pdf
Empowerment_Q1_Module1.pdfEmpowerment_Q1_Module1.pdf
Empowerment_Q1_Module1.pdf
 
The Synereo Whitepaper
The Synereo WhitepaperThe Synereo Whitepaper
The Synereo Whitepaper
 
Social networks in spain
Social networks in spainSocial networks in spain
Social networks in spain
 
Social Networks In Spain
Social Networks In SpainSocial Networks In Spain
Social Networks In Spain
 
Channel model data2012
Channel model data2012Channel model data2012
Channel model data2012
 
Final presentation
Final presentationFinal presentation
Final presentation
 
Security in social network araceli&arlethe
Security in social network araceli&arletheSecurity in social network araceli&arlethe
Security in social network araceli&arlethe
 

Último

2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 

Último (20)

2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 

Paper.uia.3112011

  • 1. Gran Vía de les Corts Catalanes, 702 Pral. 1ª Barcelona 08010 || t. 34 93.265.58.42 f.34 93.265.52.90 || info@alliantabogados.com www.alliantabogados.com Marc Gallardo * marc.gallardo@alliantabogados.com It’s an undeniable fact that Social Network Sites (SNSs) are a part of our lives and it looks as though they are here to stay. ey have grown exponentially. Facebook, alone, has more than 800 million registered users. Besides this internationally known platform, there are many others quickly gaining followers thanks to the spiral effect inherent to these networks: Twitter (200 million users), LinkedIn (120 million users), Tuenti (headquartered in Madrid and 10 million users) and more recently Google+ (which in its short lifetime, has already accumulated 40 million users) are all well- known success stories. us, it is very difficult nowadays to escape from the force of attraction that these social communication platforms exercise on us and our more or less immediate environment, both personally and professionally. Without going into details, there is undoubtedly something about SNSs because ever more suppliers and users are investing more of their time and resources in them. Nonetheless, this article is focused on various legal constraints arising from its set-up and use by all the players involved, starting with another undeniable fact: the main business of these SNS consists of commercially exploiting a large quantity and quality of personal data we provide their owners in exchange for using their platform for free. Based on this, it is commonplace to refer to the risks of using these networks for people’s personal lives and, particularly, for minors who form the fasted-growing group on the networks and use them the most. Within the context of this new social network and Web 2.0 phenomenon, the legal issues raised are very diverse. is article focuses on identifying some of them exclusively from a privacy perspective and by using European personal data protection law as a reference in addition to the recommendations issued by some authorities, with an emphasis on the Spanish situation and the first resolutions passed by the Spanish Data Protection Agency (AEPD, as it is known by the Spanish acronym) sanctioning Web 2.0 conducts. SUMMARY: 1. INTRODUCTION.- 2. LEGAL FRAMEWORK.- 3. REVISING DATA PROTECTION PRINCIPLES IN THE SCOPE OF SNSs: 3.1. Requirements of consent provided by SNS users; 3.2. Users can be data controllers; 3.3. Minors.- 4. LAW APPLICABLE TO SNSs.- 5. CONCLUSION. ___________________________________________________________________________ * Partner, Alliant Abogados Asociados S.L.P. and Head of the New Technologies and Data Protection Area. University of Barcelona (IL3) Professor of post-graduate courses on very different subjects in the fields of trade and technology law. Alliant Abogados is on Twitter, Facebook and Google+. If you’d like more information, you can visit our legal firm's website www.alliantabogados.com and the LinkedIn profile: http:// www.linkedin.com/in/marcgallardo is article is disseminated under a BY-NC-ND Creative Commons license. You can download the electronic version of this document and keynote presentation in our legal firm's website. PRIVACY AND ONLINE SOCIAL NETWORKS
  • 2. 2 Gran Vía de les Corts Catalanes, 702 Pral. 1ª Barcelona 08010 || t. 34 93.265.58.42 f.34 93.265.52.90 || info@alliantabogados.com www.alliantabogados.com 1. INTRODUCTION. Before reviewing the main challenges SNS pose to people’s private lives, I shall briefly explain what they are and how they work. Broadly speaking, SNSs can be defined as Information Society Services1 that offer users an Internet communication platform to generate a profile with their personal data, facilitating the creation of networks based on common criteria and permitting users to connect and interact with each other. eir growth model is primarily based on a viral process whereby an initial number of users offer others the possibility of joining by sending e-mail invitations. SNSs are just one more manifestation of what is known as the Web 2.02, where users are no longer mere spectators as they create and deposit information on the Internet. us, in this new framework the Internet has evolved towards, users are not just passive subjects who turn to the net exclusively to obtain some type of service or information, but rather they become active subjects who contribute information (their own or a third party’s) and interact with other users. ere are many online social networks of all types, although they can be grouped into two major categories: generalist or leisure and professional3. e main objective of generalist or leisure networks is to facilitate and strengthen personal relations among the individuals joining them. In general, these networks offer a large variety of applications and/or functionalities allowing users to do without external communication tools by making a platform available that integrates all of the necessary applications on a single screen. It is fitting to establish sub-categories considering the purpose or theme of these networks: a) Information and content exchange platforms such as Youtube and Google Video which offer free, easy to use tools for exchanging and publishing digital content (videos, photographs, etc.) in order to later link to them in one’s profile on the network used; b) Profile-based networks such as Facebook, Google+, MySpace and Tuenti, the most representative and most-used of the social networks which offer more and more new possibilities for communicating and interacting with other users; and c) Microblogging or nanoblogging networks such as Twitter which allow you to send text messages (limited to 140 characters) to other users in the same network in order to inform them of activities, thoughts and opinions (your own or others’) you wish to share for some reason (social integration, professional promotion, fun, etc.). Professional social networks are configured as support tools for establishing professional contacts with other users (for example, LinkedIn). ey are created and designed for the purpose 1 at is to say, any service normally provided for remuneration, at a distance, by electronic means and at the individual request of a recipient of services (Directive 98/34/CE). 2 e term Web 2.0 is associated with web applications that facilitate participatory information sharing, interoperability, user-centered design and collaboration on the World Wide Web. A Web 2.0 site allows users to interact and collaborate with each other in a social media dialogue as creators (prosumers) of user-generated content in a virtual community, in contrast to websites where users (consumers) are limited to the passive viewing of content that was created for them. Examples of Web 2.0 include social networking sites, blogs, wikis, video sharing sites, hosted services, web applications, mashups and folksonomies (http://en.wikipedia.org/wiki/Web_2.0). 3 is classification was obtained from the Study on Personal Data Privacy and the Security of the Information on Online Social Networks, published by the Spanish National Communication Technologies Institute (INTECO) in collaboration with the AEPD; pp. 45 et seq.
  • 3. 3 Gran Vía de les Corts Catalanes, 702 Pral. 1ª Barcelona 08010 || t. 34 93.265.58.42 f.34 93.265.52.90 || info@alliantabogados.com www.alliantabogados.com of making contacts and maintaining professional relations with different people that may be of interest to the user. Notwithstanding, there is an ever-growing trend to use networks initially configured for leisure and the exchange of personal information such as Facebook and Twitter for professional reasons meaning both SNS categories can easily be confused at the sole decision of the users, who, make the final decision at all times as to how to configure their space on the social network and for what purposes. Another common aspect of SNSs lies in that, irrespective of their design or aim, in all reality they are databases that feed off of information of all kinds provided by users. ese databases are exposed to very sophisticated, continuous data mining techniques with an aim to make money off or profit from the platform as much as possible, offering targeted and specific advertising of products and services based on the information gathered in relation to user interests. erefore, users utilize the social network for free, but not without “associated costs” as the price they (we) pay, many times unknowingly, is the commercial exploitation of their "profile" by the platform owners who generate most of their revenue with the advertising spread through the spaces network users create and those they access. In general, SNSs operate in three phases: registration, usage and deletion from the social network. And in each one of these phases a series of conducts can often be identified, performed by the different parties intervening in each one of these processes (typically the SNS provider and the service user), that can constitute serious personal data protection threats for members and non-members of any of the social networks. At the time of registration, the SNS privacy policy may not be sufficiently clear and transparent to users or it may not accurately inform them of each and every one of the purposes for which their data will be used and they are not given the option to opt out of certain data processing. Likewise, the privacy options pre-set by default on the social network may be the most permissive for data publication even allowing for indexing by search engines. And when it comes to minors, there is a danger that the SNS provider does not implement effective measures to verify the age of their users and determine whether, in certain cases, parental or guardian consent is required to process their data4. When using the service, the SNS provider may engage in invisible data processing (for example, through the IP address or the installation of a cookie on the user’s personal computer) without having duly informed the affected party or, consequently, obtained the necessary consent to do so. As far as SNS users, they may be responsible for the processing of the third party data they publish or spread through the social network without the third party's consent. It also can be difficult for users as well as people not affiliated with the SNSs whose data is processed in such virtual environments to exercise their rights of access and rectification. Finally, when trying to delete an account, users can find that their data is not eliminated, or at least not completely, which raises great doubts about their right to have the SNS provider cancel their data. 4 Pursuant to Spanish law, parental authorization is required in order to process data on minors under 14 years of age.
  • 4. 4 Gran Vía de les Corts Catalanes, 702 Pral. 1ª Barcelona 08010 || t. 34 93.265.58.42 f.34 93.265.52.90 || info@alliantabogados.com www.alliantabogados.com 2. LEGAL FRAMEWORK. In Europe, the SNS regulatory framework concerning personal data protection is basically represented by two Directives: General Directive 95/46/EC5 and e-Privacy Directive 2002/58/ EC6 (as per the final version provided by Directive 2009/136). Each one of the 27 EU Member States has incorporated the principles and aims of both Directives into their respective laws7. In the case of Spain, this has been done through Organic Law 15/1999, of 13 December, concerning Personal Data Protection (LOPD, as it is known by its Spanish acronym), Royal Decree 1720/2007, of 21 December, which enforces the LOPD, and Law 34/2002, of 12 June, on Information Society Services and Electronic Commerce (LSSI, as it is known by its Spanish acronym8). Specifically, the General Directive applies to SNS providers as they are considered the data controllers9. In effect, they are the ones that provide the resources that make it possible to process user data as well as all of the "basic" services linked to user management such as account registration and deletion. ey are also the ones who decide how user data may be used for advertising purposes including third-party advertising which, let’s not forget, constitutes the most important source of revenue for an SNS10. As individuals obliged to comply with the provisions of the General Directive, SNS providers must respect a series of basic principles according to the internal Member State rules to which they are subject and which, in practice, translates into the following obligations: • To register personal data files they are responsible for with the National Data Protection Control Authority (the AEPD, in Spain). • To inform users, when they provide their data, of the identity of the SNS provider, the existence of a file and any data processing, the purpose or use of the data obtained, the possible assignment of the data to third parties, and their rights to access, rectify, oppose and cancel their data. • To process the data in accordance with the data quality principle. What’s worth emphasizing here is that the data must be a) processed fairly and lawfully; b) processed in a manner that is compatible with the purposes for which they are collected and; c) 5 Directive 95/46/EC of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data. 6 Directive 2002/58/EC of the European Parliament and of the Council, concerning the processing of personal data and the protection of privacy in the electronic communications sector, as ammended by Directive 2009/136/CE. 7 For the specific regulations in each MS implementing these Directives, go to http://ec.europa.eu/justice/policies/ privacy/lawreport/index_en.htm 8 is Law implements Directive 2000/31/EC of the Parliament and of the Council, on certain legal aspects of information society services, in particular electronic commerce, in the internal market (Directive on electronic commerce). 9 In summary, understood as the natural or legal person that determines the purpose and the essential means of the processing of data. 10 Some social networks combine advertising revenue with revenue obtained through the sale of Premium services to users. is is the case of the professional network LinkedIn.
  • 5. 5 Gran Vía de les Corts Catalanes, 702 Pral. 1ª Barcelona 08010 || t. 34 93.265.58.42 f.34 93.265.52.90 || info@alliantabogados.com www.alliantabogados.com adequate, relevant and not excessive in relation to the purposes for which they are collected and for which they are further processed. • To obtain informed and unambiguous consent from users to process their data or have other legitimate grounds for processing it (for example, a formal law), which would hardly be the case of SNSs which means consent is the fundamental basis for any processing. • To adopt the necessary security measures in order to guarantee the security and confidentiality of the data stored in their information system, including notification of security breaches according to e-Privacy Directive (thus, this notification only applies to providers of publicly available electronic communications services). • To guarantee the exercise of users' rights of access, rectification, cancellation and refusal. Even though they were devised and formulated in the mid 90's, in my opinion these principles continue to be valid for regulating data processing in a technologically evolved environment with respect to the Web 1.0 where users were mere spectators of the websites they visited. But some review is necessary to enhance data protection rights. As a good example, the e- Privacy Directive adds other specific obligations of great significance in an SNS environment given that it regulates specific cases for the use of cookies and other similar mechanisms that make it possible to track clicks or how a person browses through a specific website or on an SNS. Article 5(3) of the former e-Privacy Directive which said (emphasis added): “the use of electronic communications networks to store information or to gain access to information stored in the terminal equipment of a subscriber or user is only allowed on condition that the subscriber or user concerned is provided with clear and comprehensive information in accordance with Directive 95/46/ EC, inter alia, about the purposes of the processing, and is offered the right to refuse such processing by the data controller”. is should be compared with the new wording of Article 5(3) of the e- Privacy Directive as amended by Directive 2009/136/EC, which states that “(…) the storing of information or the gaining of access to information already stored, in the terminal equipment of a subscriber or user is only allowed on condition that the subscriber or user concerned has given his or her consent(…)” I follows from this change in the wording of Article 5(3), that the Members States should have incorporated into their laws no later than May 201111 , requires users' prior and informed consent to legally store information or gain access to information stored on their terminal equipment. Under the scope of the former article 5.3, no consent requirement was established meaning that the obligation of the data controller, an SNS for example, was limited to providing clear and comprehensive information to the user about the purposes of the processing and offering the right to refuse said processing. But the need of consent, now, is different from the right to object. is means consent based on the lack of individuals’ action, for example, browser settings, which would accept by default the targeting of the user through the use of cookies, should not meet Article 5(3) requirements. In my opinion, this regulatory modification requires a greater level of exigency from SNS 11 is is not the case of Spain which is not expected to comply with these obligations until the beginning of next year.
  • 6. 6 Gran Vía de les Corts Catalanes, 702 Pral. 1ª Barcelona 08010 || t. 34 93.265.58.42 f.34 93.265.52.90 || info@alliantabogados.com www.alliantabogados.com owners that should translate to the need to obtain explicit consent (and therefore an “opt-in”) from the users, giving them the opportunity to make a decision and to express it, for instance by ticking a box in view of the purpose of the data processing. Insofar as the SMS provider integrates other functionalities in the platform (for example, a chat and e-mail or sms/mms service) susceptible to generating electronic communications within it, Directive 2006/24 concerning data conservation will also apply12. Other parties responsible for data processing in an SNS include application suppliers whenever they develop applications that work on the SNS and that users decide to use, providing some personal data for this purpose to said supplier which then becomes a data controller. e SNS provider should clearly inform users of the data they will provide to the supplier of the application they wish to use so they may grant their informed consent. 3. REVISING DATA PROTECTION PRINCIPLES IN THE SCOPE OF SNSs. Even though current EU data protection regulations can be considered valid for delimiting the responsibilities of SNS providers doing business in the EU, there are situations specifically created within these virtual spaces which, in my opinion, require that the “classical” principles as set out in Directive 95/46 be revised so as to more effectively protect personal data subjects. is reassessment arises not only because of the technological advances but also because of the social changes the Web 2.0 has brought with it, which, in the case of SNSs, is reflected in the ease with which social network users can voluntarily and conscientiously reveal their privacy and that of their acquaintances. Somehow a sort of conceptual tension is produced between privacy and SNSs that could create doubts about whether or not privacy actually exists in this new environment where it is characteristic of users to disseminate information. 3.1. Requirements of consent provided by SNS users. As a general rule, consent to data processing must be freely given, unambiguous, specific and informed13. However, on most SNSs, consent could be mistakenly given from the start, especially among the youngest of users due to the very design of the network and the use of concepts such as “friends”, “community” and “my space14” which create a false notion of privacy. In order to prevent these confusions in users, SNS providers should supply clear and precise information on the scope of the possible publication of data on their platform15. At other times, the consent does not fulfill the necessary criteria to be considered informed. 12 Directive 2006/24/CE of the European Parliament and of the Council of 15 March 2006, on the retention of data generated or processed in connection with the provision of publicy available electronic communications services or public communications networks and amending Directive 2002/58/CE. 13 An accurate analysis on the definition of consent is in Opinion 15/2011 and also Opinion 5/2009 on online social networking http://ec.europa.eu/justice/policies/privacy/workinggroup/wpdocs/2011_en.htm 14 e name of the social network My Space could lead per se to error on the real effects of publishing information on the platform, generating a sort of “illusion” regarding an assumed private and intimate environment which it is not. 15 ink about, for example, minors who have a reasonable expectation for privacy when sharing their information on an SNS.
  • 7. 7 Gran Vía de les Corts Catalanes, 702 Pral. 1ª Barcelona 08010 || t. 34 93.265.58.42 f.34 93.265.52.90 || info@alliantabogados.com www.alliantabogados.com Supplying this information corresponds to the SNS providers and oftentimes they do so by means of clauses you access via links such as "disclaimer" or "privacy policy" but this information is not always written in simple and clear language which is a necessary requisite for social networks essentially aimed at minors. Moreover, the way it is granted may be classified as weak when all you have to do when registering is click on a button that says “Send Form”, “I Agree” or something of the like when it would be more appropriate to set up a procedure where users have to actively participate in such manner that they may declare their will in one way or another through the SNS and with a warning of the consequences of their non-declaration. In short, SNS providers should offer a privacy policy that is not too extensive, that is easily accessible, with simple language that includes express information concerning the level of privacy applied by default on the network and the options and steps to modify it at the user's choice. Another of the most common problems that arise in SNSs lies in users publishing personal information with a certain purpose - sharing the information with their "friends" or "acquaintances"- but then the information may later be used for uncertain purposes (for example, analyzing SNS user preferences obtained from their browsing or the publication of data in said medium and offering them custom advertising). erefore, SNS owners must be required to inform users of the purpose for which they will process personal data and specifically indicate the end purpose of the information provided. Again, SNS privacy policies need to comply with the aforementioned information requirements so users have a real power to control their data and grant informed consent in accordance with the essential content of their fundamental data protection rights. It can also be questioned whether tacit consent is an adequate way to grant consent on an SNS. It is known that if the data processed are not specially protected or sensitive, current regulations do not oppose tacit consent formulas for valid data processing. However, the problem of admitting this type of consent on an SNS is there may be situations where a subject has seemingly granted consent to appear in a video or photograph when in all reality they are unaware how a net user is processing the image. For this reason, it does not seem adequate to admit tacit consent and it would be advisable that it be explicit, thus requiring a future modification of the regulations. Last but not least, consent should be revocable at any time by SNS users. is attribute is confronted with not just a few practical problems given that information published on the Internet is very difficult, if not impossible, to control a posteriori, which does not make it easy to effectively cancel personal data after consent is revoked by the data owner. is difficulty could be overcome, in part, by applying a privacy policy that permits users to delete their data from the SNS servers when they have deactivated their profile or even when they have deleted certain content from their profile. Likewise, it would be recommendable for SNS providers to have a “complaint center” so any affected party could request the cancellation of their image or other personal information published by a SNS user without the consent of the claimant16. 3.2. Users can become data controllers. Generally, users are considered to be interested parties with regards to the processing of their data by SNSs and, therefore, they are fundamentally subjects of rights whereas the SNS owners (and, where applicable, application suppliers) are the data controllers. But this equation is 16 National Data Protection Authorities can help facilitate the exercise of data subjects’ rights of cancellation and refusal: For example, the AEPD protects the right to oppose the indexing of personal data in search engines.
  • 8. 8 Gran Vía de les Corts Catalanes, 702 Pral. 1ª Barcelona 08010 || t. 34 93.265.58.42 f.34 93.265.52.90 || info@alliantabogados.com www.alliantabogados.com not always constant. At times, a user may also be considered a data controller of third party data they disseminate on the social network when said processing is not covered by the household exemption provided for in Directive 95/46 and which each Member State has incorporated into their respective internal laws. is exemption, which was established in article 3.2 of the General Directive, implies that the data protection regulation does not apply to the processing of personal data by someone in the course of a purely personal or household activity. e subsequent question that must be posed then is: In which cases could an SNS user be considered the data controller of a third party’s data? One possible criterion could be that which was established by the European Court of Justice (ECJ) in the Lindqvist case17 to determine the application of data protection regulations to the publication of information on the Internet via a website. In this case, the ECJ declared that the conduct consisting of referring to various people and identifying them by their name or other means on a website constitutes data processing subject to Directive 95/4618 . It also stated that the household exemption did not apply because this exemption is only related to activities which are carried out in the course of private or family life of individuals, which is clearly not the case with the processing of personal data consisting in publication on the Internet so that those data are accessible to an indefinite number of people. Under the Lindqvist standard, the private life exception would only apply when users configure their social network space so that it is only visible to a group of expressly authorized friends. is matter was specifically analyzed by the Article 29 Working Party in its Opinion 5/2009 on online social networks19. According to this advisory body, the household exemption would not apply in various circumstances: a) when an individual acts on behalf of a group, association or company; b) when an individual acquires contact data from third parties when there is no direct relationship between them; and, c) when an individual "knowingly" maintains its profile public. If the household exemption does not apply, a user will assume full responsibilities as a data controller and, if they do not have consent or other legal grounds to lawfully process data, they could be sanctioned with a fine or at least warned if this type of sanction is provided for in the internal law. ere is still no court sentence in Spain sanctioning a social network user for having processed third party personal data without being covered by the household exemption. is is likely because SNS providers implement internal claims management systems that make it 17 Judgment of the ECJ of 6 November 2003 (C-101/01). 18 Although the Web 2.0 did not exist when this sentence was passed, the criteria can be perfectly extended to the new social network environment insofar as the characteristic behavior is publishing a text, photo or any other material on the Internet. e only difference is that now it is much easier to publish information on the Internet (just as on a social network) without needing to have the prior technical knowledge required to do so through a website. 19 http://ec.europa.eu/justice/policies/privacy/news/docs/pr_25_06_09_en.pdf
  • 9. 9 Gran Vía de les Corts Catalanes, 702 Pral. 1ª Barcelona 08010 || t. 34 93.265.58.42 f.34 93.265.52.90 || info@alliantabogados.com www.alliantabogados.com possible to solve these types of problems. However, the AEPD has sanctioned people who have published photographs or videos without the consent of the affected parties on other Internet platforms that do not constitute social networks in a strict sense. e first AEPD resolution sanctioning a social network user for identity theft was also recently revealed20. 3.3. Minors. SNS providers should pay special attention to how the personal data of minors are processed. Although there are other legal instruments used to protect minors (civil and criminal laws protecting the honor and image of individuals, among others), they are particularly vulnerable in the scope of SNSs and therefore it needs to be considered whether the legal guarantees currently applicable are sufficient or not in guaranteeing their data is adequately protected. Pursuant to Spanish law (Royal Decree 1720/2007), a data controller has three responsibilities here: a) at the information on how their data is processed is expressed in language that can be easily understood by them; b) at data is not collected that enables obtaining information on the other members of the family group without the consent of the data subjects; and c) at procedures are articulated guaranteeing effective age verification and the authenticity of the consent granted by the parents or legal representatives if they are under 14. e Spanish Data Protection Agency has demonstrated special concern for this group and has issued recommendations for mothers and fathers and also SNS providers. anks to these actions by the AEPD, Tuenti and Facebook revised the minimum age necessary to be a user of said social networks in Spain, setting it at 14 years old. And in the case of Tuenti, it seems that an age verification procedure has been implemented that amply exceeds the standard system of asking users to declare they are over 14 by marking a box on the registration form. According to Tuenti, this procedure has led to the elimination of thousand of profiles due to a lack of proof of the minimum age requirement. e European Commission has fostered and implemented a self-regulation system based on 7 principles with a view to improve minor privacy and protection issues on SNSs without having to, at least for the time being, pass legislation on this matter21. ere are other initiatives aimed at creating international protection standards related to the safe use of the Internet and SNSs by children. In this regard, the Montevideo Memorandum and the Safer Internet program approved in 2009 by the European Parliament stand out22. 20 PS 137/2011, Resolution of 27 July 2011. 21 http://ec.europa.eu/information_society/activities/social_networking/eu_action/selfreg/index_en.htm 22 Memorándum sobre la protección de datos personales y la vida privada en las redes sociales en Internet, en particular de niños, niñas y adolescentes http://memorandumdemontevideo.ifai.org.mx . Safer Internet Program: http://ec.europa.eu/information_society/ activities/sip/index_en.htm
  • 10. 10 Gran Vía de les Corts Catalanes, 702 Pral. 1ª Barcelona 08010 || t. 34 93.265.58.42 f.34 93.265.52.90 || info@alliantabogados.com www.alliantabogados.com 4.- LAW APPLICABLE TO SNSs. Section 2 mentioned the fact that the SNSs operating in the EU are subject to a legal framework comprised of two Directives (General and e-Privacy) and, possibly, a third on data retention if the SNS provider offers electronic communication services. Determining the law applicable to SNS personal data processing matters means applying article 4 of Directive 95/46 which opts for the criteria of establishment without the location of the data processing, the nationality, legal address or residence of the subject whose data is processed being relevant. us, the law of the Member State where the SNS owner is located shall apply. If it has various establishments and processes personal data through the activities of each one of them, it shall be governed by the law of the country where each establishment lies. In all, we must not lose sight of the fact that the most important SNSs by volume of users are established outside the EU and, specifically, in the United States, and any conflict is submitted to the laws of the State where their principal place of business is located. us is the case of, for example, Facebook (Delaware), LinkedIn (California), Twitter and My Space (New York) which together account for more than 1 billion users!. In principle, these companies escape from the application of European data protection laws and as a result, from national control authorities except in situations where they use instruments or means situated in EU territory. is is the case, for example, when they use mechanisms such as cookies to actively collect data from user computers situated in a Member State for the purpose of future processing, unless such means are only used for purposes of transit (article 4.1.c of Directive 95/46). 5.- CONCLUSION One of the greatest dangers of the SNSs is generated in the private life of users and not only theirs but also other people who may or may not be affiliated with these platforms and whose personal data, for whatever reasons, appear published on an SNS. It is essential that SNS owners comply with currently existing data protection regulations but we must also be aware that the technological changes and, as a consequence, social changes they bring with them demand a revision of the principles and guarantees currently applicable. e Law is not always the most ideal instrument for preventing violations in this area. is has been well understood by different international bodies (including EU institutions) upon promoting global self-regulations systems as well as awareness programs in order to achieve the responsible and safe use of the tools offered by the Web 2.0. Without a doubt, each one of us must be called upon to use social networks responsibly and conscientiously. Perhaps this is an important part of the solution to the problem. In short, the questions posed vary whereas the answers are not definitive. In matters of privacy, “today is tomorrow” and therefore, considering that SNSs are here to stay as mentioned at the beginning of this article, there is nothing more to do besides continuing to deepen the debate on how to better protect our data in environments such as social networks which, by nature, afford so little privacy.