Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Privacy, Social Network Sites and the law


Published on

Dr. Natali Helberger, assistent professor at the Amsterdam Institute of Information Law (IVIR), presents the legal aspect surrounding privacy in Social Network Sites. An overview of European laws regulating SNS with respect to privacy. Presentation at the Conference on Privacy in Social Network Sites,

Published in: Technology, News & Politics
  • Be the first to comment

Privacy, Social Network Sites and the law

  1. 1. Privacy, SNSs and the law Dr. Natali Helberger, Institute for Information Law, University of Amsterdam “ Privacy in Social Network Sites”, Delft, 24 October 2008
  2. 2. Content <ul><li>Overview European Data Protection Law </li></ul><ul><li>Users as data controllers </li></ul><ul><li>The rights of data subjects – theory and practice </li></ul><ul><li>Minors and European data protection law </li></ul><ul><li>Conclusions and thoughts for further discussion </li></ul>
  3. 3. Overview of European data protection law <ul><li>European Data Protection Directive 95/47/EC </li></ul><ul><ul><li>Automated processing of personal data </li></ul></ul><ul><li>Directive on Privacy and Electronic Communications (ePrivacy D.) 2002/58/EC </li></ul><ul><ul><li>Data protection in publicly available electronic communications networks </li></ul></ul><ul><ul><li>Additional obligations concerning data security, communications secrecy, cookies, spam </li></ul></ul>
  4. 4. What European DPL is about: <ul><li>Informational privacy: fair and legitimate data processing </li></ul><ul><li>Communications privacy (ePrivacy Directive) </li></ul><ul><li>Harmonising national rules: Internal Market </li></ul><ul><li>The relationship between data subject and data controller </li></ul>
  5. 5. Users as data controllers <ul><li>Data controller is anyone who “determines the purposes and means of the processing of personal data” (Art. 2d Data Protection Directive) </li></ul>
  6. 6. The rights of data subjects: privacy policies prevail <ul><li>Anything goes … </li></ul><ul><li>… as long as it is in the privacy policies and the user has consented. </li></ul><ul><li>What does “operation of the website” mean in a web 2.0 context? </li></ul><ul><li>Take it or leave it. </li></ul>
  7. 7. Personal data as the new currency in the SNS market <ul><li>The theory: </li></ul><ul><ul><li>Right to be informed when data shared </li></ul></ul><ul><ul><li>Right to opt out against direct marketing </li></ul></ul><ul><ul><li>Obligation to secure personal data </li></ul></ul><ul><ul><li>Right to take legal action and claim damages </li></ul></ul><ul><li>The practice: many of the provisions are toothless tigers. </li></ul>
  8. 8. The right to be forgotten <ul><li>Users can demand “… as appropriate the rectification, erasure or blocking of data the processing of which does not comply with the provisions of this Directive, in particular because of the incomplete or inaccurate nature of the data” (Art. 12 (b) of het Data Protection Directive) </li></ul>
  9. 9. The rights of minors <ul><li>Minors as data subjects </li></ul><ul><ul><li>No special provisions for children in DPD </li></ul></ul><ul><ul><li>Problems: notion of “consent”, informing children, storage time </li></ul></ul><ul><li>Minors as data controllers </li></ul>
  10. 10. Fields for future regulatory attention <ul><li>The role of amateur data controllers </li></ul><ul><ul><li>The right not to be overregulated </li></ul></ul><ul><ul><li>The right to demand co-operation </li></ul></ul><ul><li>Privacy policies </li></ul><ul><ul><li>The right to be better informed </li></ul></ul><ul><ul><li>The right to be forgotten </li></ul></ul><ul><ul><li>The right to have privacy policies monitored </li></ul></ul><ul><ul><li>The right to negotiate privacy policies </li></ul></ul><ul><li>Processing of personal data to/by third parties </li></ul><ul><ul><li>Duties of care for data controllers </li></ul></ul><ul><li>Behavioural advertising </li></ul><ul><ul><li>The right to opt-in for behavioural advertising </li></ul></ul><ul><li>The rights of minors </li></ul>
  11. 11. But before you get started … <ul><li>Privacy as an individual or public interest? </li></ul><ul><li>Personal autonomy vs. public regulation </li></ul><ul><li>The role of technology </li></ul><ul><li>The sense and non-sense of self-regulation </li></ul><ul><li>Will the problems persist? </li></ul>
  12. 12. Thank you for your attention <ul><li>Dr. Natali Helberger </li></ul><ul><li>Institute for Information Law, </li></ul><ul><li>University of Amsterdam </li></ul><ul><li> </li></ul><ul><li> </li></ul>