Privacy&sns

Gran Vía de les Corts Catalanes, 702 Pral. 1ª Barcelona 08010 || t. 34 93.265.58.42 f.34 93.265.52.90 || [email protected] www.alliantabogados.com

PRIVACY IN SOCIAL NETWORK SITES

55th UIA Miami Congress - November 3rd, 2011Comission on Right’s of the digital person

Marc Gallardo



SUMMARY

1. INTRODUCTION2. CONCEPT & TYPES & MAIN THREATS3. EU LEGAL FRAMEWORK4. REVIEW OF SOME PRINCIPLES5. LAW APPLICABLE6. CONCLUSION


“CHANGE OF PARADIGM”

SOCIAL NETWORK SITES (SNS)

EU: Information Society Services

Web 2.0 service.

SNS Subcategories:

Generalist or leisure SNS

Proffesional SNS



SNS OPERATE IN 3 PHASES:(common threats)

1. Registration:- opacity of private policies- complicated legal or technical jargon- collecting too much data- no information about secondary uses- privacy policies pre-set by default are the less protective for users- no age verification systems

2. Usage:- invisible data processing (cookies, ip...)- user acting as a data controller- weakness of sns security measures- Rights on access, rectification & refusal- New secondary uses

3. Deletion:- data not eliminated & “hotel california effect” in a on line environment such as SNS

ROLES INVOLVED IN SNS

SNS Providers

Application Providers

Users of SNS

Others


Data Controller

Data Subject

EU LEGAL FRAMEWORK(data protection perspective)

ECFR (Art. 8): DP as a “Fundamental Right”.

General Data Protection Directive (95/46/EC)

e-Privacy Directive (2002/58/EC as ammended by Directive 2009/136/EC “Cookie Directive”)

Data Retention Directive (2006/24/EC)

Electronic Commerce Directive (2000/31/EC)

National laws implementing the said Directives.


EU GENERAL BASIC RULESFOR SNS PROVIDERS

Register personal data files before DP Authorities

Inform users, inter alia, on their identity and purposes for which they process personal data

Process data according with data quality principles

Process data under a legal ground (e.g. consent)

Adopt technical and organisational mesures to ensure security and confidentiality of the information

Guarantee exercise of users’ rights of access, rectification, cancellation and object.


REVISING DATA PROTECTION PRINCIPLES: CONSENT REQUIREMENTS

Freely Given

Specific

Informed

Unambiguous

Express

¿Other legal grounds?


WP187: Opinion 15/2011, 13.07.2011 on the definition of consent

WP163: Opinion 5/2009, 12.06.2009 on online social networking

REVISING DATA PROTECTION PRINCIPLES: CONSENT REQUIREMENTS

Storage of cookies or similar devices and subsequent use of any information will have to comply with art. 5(3) of e-Privacy Directive

Need for users’ informed prior consent

Consent by means of browser settings do not meet the requirements of art. 5(3) specially because major browsers allow all cookies as a default setting

Prior “opt-in” consent is more in line with art. 5(3)


REVISING DATA PROTECTIONPRINCIPLES: ¿USER OF AN SNS AS DATA CONTROLLER?

When a SNS user publishes data concerning third parties without their consent (video, picture, etc.)

Not acting in the course of a purely personal activity (household exemption)

The ECJ Lindquist standard as a possible criterion

Decisions of Spanish Data Protection Agency (AEPD) on unlawful treatment of data in SNS.


REVISING DATA PROTECTION PRINCIPLES: MINORS OF AGE

Particularly vulnerable group.

In Spain some specific rules apply to the treatment of data affecting minors of age (art. 13 RD 1720/2007)

Recommendations issued by AEPD (since 2010)

International and EU iniciatives (Montevideo Memorandum, Safer Internet Program and Self- Regulation fostered by EU Commission)


APPLICABLE LAW

Facebook (California)

Google+ (California)

Linkedin (California)

Twitter (California)

My Space (New York)


Art. 4 Directive 95/46(relevant connection)

Establishment+

Activities

(or)

Instruments or Means

CONCLUSION

SNS poses serious risks for Privacy

Full compliance to current EU legislation is required (EU based SNS & not EU based SNS under certain circumstances)

Law revision + Self-Regulation Systems

Responsible and safe use


THANK YOU


www.alliantabogados.com

Technology

Privacy&sns