SlideShare a Scribd company logo

European Data Protection and Social Networking

David Erdos
David Erdos

These slides explore significant issues arising under data protection for both users and platforms as a result of the publication of third party personal data on such sites. Although the GDPR’s new wording of the household exemption could potentially exclude non-intrusive processing (e.g. sharing innocuous pictures taken in public), the Court of Justice of the EU (CJEU) is increasingly insistent that users acquire responsibilities when the publish such data to an indeterminate number. In principle, most EU Data Protection Authorities (DPAs) accept this although others including the UK and Irish have been very resistant. Many users could therefore have weighty data protection obligations here, although if contributing to a collective public debate they may be covered by the journalistic/special expression derogation and in any case there is a need for a balance with freedom of expression. CJEU ʻjoint controllerʼ case law also points to social networking sites have their own duties here, a proposition which has been backed by Working Party, the UK DPA and the UK courts. Whilst the e-Commerce ʻhostʼ shield should significantly limit ex ante responsibility here, this must be tempered by the ʻduty of careʼ which is inherent in being a ʻcontrollerʼ under data protection. In sum, data protection in principle remains central to the regulation of ʻonline harmsʼ here although ensuring effective and well-balanced regulation in practice remains a formidable challenge. See further: “Intermediary Publishers and European data protection: Delimiting the ambit of responsibility for third-party rights through a synthetic interpretation of the EU acquis”, International Journal of Law and Information Technology (Vol. 26(3), pp. 189-225) (2018) - https://academic.oup.com/ijlit/article/26/3/189/5033541 “Beyond ʻHaving a Domesticʼ? Regulatory Interpretation of European Data Protection Law and Individual Publication”, Computer Law and Security Review (Vol. 33 (3), pp. 275-297) (2017) - Pre-print https://www.repository.cam.ac.uk/handle/1810/263883

Law
1 of 26
Dr David Erdos University of Cambridge
Outline  Social Networking Sites (SNS) and SNS Content  Potential DP concerns arising from SNS Content  Potential DP responsibilities of SNS Users  Potential DP responsibilities of SNS Providers  Conclusions
Background: Social Networking Sites  According to the A29 WP, SNS are:  Private message and a homepage almost always provided.  The centrality of the network per se may also differ.  Given this, it might be better to think about SNS within a broader category of “online forums” (ICO, 2013).  The rise of ubiquitous and profitable SNS is a reality of Web 2.0.  Nevertheless, platforms for social communication go back to the early days of online technology (even before the Web). “online communication platforms which enable individuals to join or create networks of like-minded users.” (p. 4)
SNS and ʻContentʼ Personal Information  SNS results in the processing of vast amounts of personal information.  Very broadly, information use may be divided into:  ʻBackgroundʼ information used to manage essential site services, personalize content, target adverts and sell as a commodity.  ʻContentʼ information including of third parties (3Ps) published by SNS users and/or providers on the site  Clearly there is an overlap between these two classes & to an extent we may need to look at SNS roles as a whole  However, we focus only on “content information”.
SNS ʻContentʼ Personal Info. and DP  Use of personal information as SNS content has resulted in a wide range of concerns potentially related to DP.  Many concerns focus on 3P dissemination including:  Invasion of privacy,  Unwarranted denigration (incl. linked to discrimination),  Spreading of inaccuracies,  Loss of information control  Dissemination of information which is excessive, irrelevant etc. (or which becomes so over time)  We will look at the potential responsibilities of two key actors here: (a) SNS Users and (b) SNS Providers.
SNS Users as Controllers? Introduction  SNS User activity generally falls within general material scope of data protection (DP).  However, is the household exemption engaged?  SNS Users are generally natural persons.  Processing is ʻon behalf ofʼ if not strictly ʻbyʼ them.  What SNS activity is “purely personal or household”?  Generally agreed can’t cover professional/commercial activity.  Many Data Protection Authorities would confine to small-scale dissemination, perhaps limited to friends and family or consent.  However, other DPAs concerned about such an interpretation.
Common WP29 Position: Opinion 5/2009 “In most cases, users are considered to be data subjects” “[I]f a user takes an informed decision to extend access beyond self- selected “friends” data controller responsibilities come into force.” “A high number of contacts could be an indication that the household exemption does not apply and therefore that the user would be considered a data controller.” “The application of the household exemption is also constrained by the need to guarantee the rights of third parties, particularly with regard to sensitive data.”
ICO Position: SNS & Online Forum Guide (c. 2013) “42. The ICO will not consider complaints made against individuals who have posted personal data whilst acting in a personal capacity, no matter how unfair, derogatory or distressing the posts may be. This is because where an individual is posting for the purposes of their personal, family[,] household or recreational purposes the section 36 exemption will apply. 43. The ICO will consider complaints about posts made by businesses, organisations, or individuals acting for non-domestic purposes in the normal way, using a proportionate approach.”
Irish DPA Position in Facebook Audit (2011) “Under Irish law where an individual uses Facebook for purely social and personal purposes to interact with friends etc they are considered to be doing so in a private capacity with no consequent individual data controller responsibility. This so-called domestic exemption means for instance that there are no fair processing obligations that arise for an individual user when posting information about other individuals on their Facebook page. The Article 29 Working Party Opinion 5/2009 on online social networking also recognised this distinction.” (p. 24)
CJEU: Core ruling in C-101/01 Lindqvist  Articulated categorical rule that indeterminate publication is outside the household exception.  CJEU also suggested should apply narrow concept of “private and family life” to exception as a whole. The household exception must “be interpreted as relating only to activities which are carried out in the course of private or family life of individuals, which is clearly not the case with the processing of personal data consisting in publication on the internet so that those data are made accessible to an indefinite number of people.” (at [47])
CJEU: Related ruling in C-212/13 Rynes Facts: About householders’ CCTV overlooking public area outside house. Disclosure only to police. Did the exemption apply? Ruling: No Reasoning: “the exception provided for … must be narrowly construed.” (at [29]) “the processing of personal data comes within the exception … only where it is carried out in the purely personal or household setting of the person processing the data.” (at [31])
ICO: Response to Rynes (outside CCTV)  Guidance on drones altered but no change otherwise.  But practical, philosophical etc. obstacles to full acceptance by ICO of thrust of CJEU case law here remain formidable. “Clearly this is a significant judgment. We’ve previously considered the domestic exemption to be quite broad, but the judgment suggests a more narrower interpretation, which could have an effect beyond surveillance cameras. There’s work for us to do now. We are talking to the Ministry of Justice about the effects on our UK law. We’ll be studying the judgment in detail before deciding what steps we need to take … Once we’ve done that, we’ll provide another update.”
CJEU: Further ruling in C-345/17 Buivids  Fact that recording public officials performing public duties did not change this (at [44]).  Stressed again that exceptions must be “interpreted strictly” (at [41]) [S]ince Mr Buivids published the video in question on a video website [YouTube] on which users can send, watch and share videos, without restricting access to that video, thereby permitting access to personal data to an indefinite number of people, the processing of personal data at issue … does not come within the context of purely personal or household activities. (at [43]).
Household Exemption under GDPR Article 2(2): “This Regulation does not apply to the processing of personal data: …. (c) by a natural persona in the course of a purely personal or household activity” Recital 18: “This Regulation does not apply to the processing of personal data by a natural person in the course of a purely personal or household activity and thus with no connection to a professional or commercial activity. Personal or household activities could include correspondence and the holding of addresses, or social networking and online activity undertaken within the context of such activities. However, this Regulation applies to controllers or processors which provide the means for processing personal data for such personal or household activities.”
SNS Users DP Responsibilities  SNS users publishing 3P personal data could have duty to:  Register with the ICO  Provide notice to individuals (at least re direct collection)  Gain consent re: many forms of ʻsensitiveʼ data  Answer subject access requests  Take steps to ensure accuracy, non-excessiveness etc.  But as regards some/all of this, it could be argued that:  If non-intrusive may fall within GDPR household exemption  May fall within special purposes (cf. art. 85(2) GDPR), or may  Require other explicit rights balancing (cf. art. 85(1)).
Lindqvist & Buivids on Rights Balance C-101/01 Lindqvist (2003): “Mrs Lindqvist’s freedom of expression in her work preparing people for Communion and her freedom to carry out activities contributing to religious life have to be weighed against the protection of the private life of the individuals about whom Mrs Lindqvist has placed data her internet site” (at [86]) C-345/17 Buivids (2019) “ʻ[J]ournalistic activitiesʼ are those which have as their purpose the disclosure to the public of information, opinions or ideas” (at [53]) “[I]f [that] should transpire … it is for the referring court to determine whether the exemptions or derogations provided for … are necessary in order to reconcile the right to privacy with the rules governing freedom of expression, and whether those exemptions and derogations are applied only in so far as is strictly necessary.” (at [68]).
SNS Providers as Controllers: Introduction  Clearly  re: ʻbackgroundʼ personal information.  Bit more complex re: ʻcontentʼ personal information:  Are SNS Providers only processors of personal information?  If they exercise control, is this only partial?  If so, does this limit their duties as data controllers? “controller” = anyone who “alone or jointly with others determines the purposes and means of the processing of personal data”
Irish DPA: Position in Facebook Audit (2011) “Complaint 18 – Obligations as Processor from “Europe-v-Facebook” contended that Facebook’s operation as a processor is at variance with both Irish Data Protection legislation and Directive 95/46/EC. The complaint states that Facebook and its users can only process data legally if Facebook clearly defines, in relation to each piece of data held, who is the data controller and who is the data processor. This issue is deal with in the introduction to this Report by reference to what is termed the household or domestic exemption and the responsibilities of a business for instance when using the site.” (pp. 38-39)
Common WP 29 Position in Opinion 5/2009 “SNS providers are data controllers … They provide the means for the processing of user data and provide all the “basic” services related to user management (e.g. registration and deletion of accounts).” (p. 5) Should establish clearly visible complaints handling office for DP & privacy issues/complaints for members & non-members. (p. 11) Recommends as regards the upload of information that: • Provide adequate warnings about privacy risks and fact may impinge of privacy and DP rights. • “SNS user should be advised by SNS that if they wish to upload pictures or information about others individuals, this should be done with the individual’s consent.” (p. 7)
ICO Position: SNS & Online Forum Guide (c. 2013) “26. The first issue a person or organisation that runs a social networking site or other online forum needs to consider is the extent to which they are a data controller. … … 31. … If the site only allows posts subject to terms and conditions which cover acceptable content, and if it can remove posts which breach its policies on such matters, then it will still, to some extent, be determining the purposes and manner in personal data is processed. It will therefore be a data controller.”
ICO Position Continued:  Focus on policies and ex post control can be seen as reflecting (i) idea of a granular “controller” and/or (ii) need for a balance with other fundamental rights. “40. We would expect a person or organisation running a social networking site or online forum to have policies in place that are sufficient to deal with: • Complaints from people who believe that their personal data may have been processed unfairly or unlawfully because they have been the subject of derogatory, threatening or abusive online postings by third parties; • Disputes between individuals about the factual accuracy of posts”
e-Commerce Directive (ECD) Host Shield  Definition (art. 14): Storing information at request of recipient and where recipient not acting under their authority or control.  General liability shield (art. 14(1)): Exemption if:  No actual knowledge of illegality (or re: damages, awareness of facts or circumstances from which illegality apparent).  Upon obtaining knowledge/awareness, act expeditiously to remove/disable access.  Injunction possibility remains (art. 14(3): May be administrative &/or court injunction – terminating or preventative.  General monitoring prohibition (art. 15): No general obligation to monitor for illegality (but may be specified monitoring)
ECD: Special Aspects Relevant to DP?  Duty of care possibility (recital 48): “This Directive does not affect the possibility for Member States of requiring service providers, who host information provided by recipients of their service, to applying duties of care, which can reasonably be expected from them and which are specified by national law, in order to detect and prevent certain types of illegal activity.”  Data protection clause (art. 1(5)):  Excludes “questions relating to information society services covered by” EU data protection framework.  GDPR text maintains with this but adds that it is “without prejudice” to Directive 2000/31 and intermediary shields (GPDR, art. 2 (4)).
CG v Facebook Ireland (2016) (NICA) Facts: Various postings related to a convicted sex offender (CG) including information on his home address. Held: Facebook liable but only for failure to promptly take down material specifically flagged up to it. Reasoning: Facebook was a controller of this data. But also a “host” within ECD 2000/31 (art. 14), data protection clause (art. 1(5)(b) not true exemption and “no general obligation to monitor” (art. 15) interpreted broadly.
AY v Facebook Ireland (2016) (NIHC) Facts: Repeated publication of naked photos of plaintiff when aged 14 including on “shame page”. Held: Facebook might be liable to filter via PhotoDNA. Reasoning: Even if ECD host shield applied “the trial judge might conclude, having regard to existing technology, that blocking could be achieved without impermissible monitoring”. (But blocking “shame page” would require general monitoring). N.B.: ICO looked likely to intervene; Facebook then settled.
Conclusions  SNS Content can raise significant DP/privacy concerns, whilst also engaging freedom of expression.  SNS Users – Some may benefit from domestic exemption but many are full controllers & outside special expression.  Implies wide-ranging DP responsibilities but some DPAs including ICO unwilling to accept this.  SNS Providers also exert some control over SNS Content.  Many DPAs increasing hold that this results in at least ex post DP responsibilities.  Courts seem to be moving in similar direction but see e- Commerce Directive as limiting scope of duties here.

Recommended

Data Protection and Journalism: The Changing Landscape
Data Protection and Journalism: The Changing LandscapeData Protection and Journalism: The Changing Landscape
Data Protection and Journalism: The Changing Landscape
David Erdos
 
The UK and EU Personal Data Regime After Brexit: Another Switzerland?
The UK and EU Personal Data Regime After Brexit: Another Switzerland?The UK and EU Personal Data Regime After Brexit: Another Switzerland?
The UK and EU Personal Data Regime After Brexit: Another Switzerland?
David Erdos
 
The GDPR, Brexit, the UK and adequacy
The GDPR, Brexit, the UK and adequacyThe GDPR, Brexit, the UK and adequacy
The GDPR, Brexit, the UK and adequacy
Lilian Edwards
 
Disclosure, Exposure and the "Right to be Forgotten" After Google Spain
Disclosure, Exposure and the "Right to be Forgotten" After Google SpainDisclosure, Exposure and the "Right to be Forgotten" After Google Spain
Disclosure, Exposure and the "Right to be Forgotten" After Google Spain
David Erdos
 
Data Protection and "Intermediary" Responsibility: An Historical Perspective
Data Protection and "Intermediary" Responsibility: An Historical PerspectiveData Protection and "Intermediary" Responsibility: An Historical Perspective
Data Protection and "Intermediary" Responsibility: An Historical Perspective
David Erdos
 
Brexit Data Protection Update: The EU, US and UK Perspective
Brexit Data Protection Update: The EU, US and UK PerspectiveBrexit Data Protection Update: The EU, US and UK Perspective
Brexit Data Protection Update: The EU, US and UK Perspective
TrustArc
 
UK GDPR: What New Direction?
UK GDPR: What New Direction?UK GDPR: What New Direction?
UK GDPR: What New Direction?
David Erdos
 
GDPR: A Threat or Opportunity? www.normanbroadbent.
GDPR: A Threat or Opportunity? www.normanbroadbent.GDPR: A Threat or Opportunity? www.normanbroadbent.
GDPR: A Threat or Opportunity? www.normanbroadbent.
Steven Salter
 

Recommended

Data Protection and Journalism: The Changing Landscape
Data Protection and Journalism: The Changing LandscapeData Protection and Journalism: The Changing Landscape
Data Protection and Journalism: The Changing Landscape
David Erdos
 
The UK and EU Personal Data Regime After Brexit: Another Switzerland?
The UK and EU Personal Data Regime After Brexit: Another Switzerland?The UK and EU Personal Data Regime After Brexit: Another Switzerland?
The UK and EU Personal Data Regime After Brexit: Another Switzerland?
David Erdos
 
The GDPR, Brexit, the UK and adequacy
The GDPR, Brexit, the UK and adequacyThe GDPR, Brexit, the UK and adequacy
The GDPR, Brexit, the UK and adequacy
Lilian Edwards
 
Disclosure, Exposure and the "Right to be Forgotten" After Google Spain
Disclosure, Exposure and the "Right to be Forgotten" After Google SpainDisclosure, Exposure and the "Right to be Forgotten" After Google Spain
Disclosure, Exposure and the "Right to be Forgotten" After Google Spain
David Erdos
 
Data Protection and "Intermediary" Responsibility: An Historical Perspective
Data Protection and "Intermediary" Responsibility: An Historical PerspectiveData Protection and "Intermediary" Responsibility: An Historical Perspective
Data Protection and "Intermediary" Responsibility: An Historical Perspective
David Erdos
 
Brexit Data Protection Update: The EU, US and UK Perspective
Brexit Data Protection Update: The EU, US and UK PerspectiveBrexit Data Protection Update: The EU, US and UK Perspective
Brexit Data Protection Update: The EU, US and UK Perspective
TrustArc
 
UK GDPR: What New Direction?
UK GDPR: What New Direction?UK GDPR: What New Direction?
UK GDPR: What New Direction?
David Erdos
 
GDPR: A Threat or Opportunity? www.normanbroadbent.
GDPR: A Threat or Opportunity? www.normanbroadbent.GDPR: A Threat or Opportunity? www.normanbroadbent.
GDPR: A Threat or Opportunity? www.normanbroadbent.
Steven Salter
 
Comparing EU and Council of Europe Data Protection Standards in the Context o...
Comparing EU and Council of Europe Data Protection Standards in the Context o...Comparing EU and Council of Europe Data Protection Standards in the Context o...
Comparing EU and Council of Europe Data Protection Standards in the Context o...
David Erdos
 
GDPR, DPAs and the Journalistic Media: Walking the Regulatory Tightrope
GDPR, DPAs and the Journalistic Media: Walking the Regulatory TightropeGDPR, DPAs and the Journalistic Media: Walking the Regulatory Tightrope
GDPR, DPAs and the Journalistic Media: Walking the Regulatory Tightrope
David Erdos
 
Data Protection and Academic Research: The New GDPR Framework
Data Protection and Academic Research: The New GDPR FrameworkData Protection and Academic Research: The New GDPR Framework
Data Protection and Academic Research: The New GDPR Framework
David Erdos
 
DPA and GDPR
DPA and GDPRDPA and GDPR
DPA and GDPR
SabahtHussein
 
Data Protection Reform: What Businesses Need to know About GDPR and its Impac...
Data Protection Reform: What Businesses Need to know About GDPR and its Impac...Data Protection Reform: What Businesses Need to know About GDPR and its Impac...
Data Protection Reform: What Businesses Need to know About GDPR and its Impac...
MediaPost
 
Replacement standard contractual clauses
Replacement standard contractual clausesReplacement standard contractual clauses
Replacement standard contractual clauses
Brian Miller, Solicitor
 
Reconciling Humanities and Social Science Research With Data Protection
Reconciling Humanities and Social Science Research With Data ProtectionReconciling Humanities and Social Science Research With Data Protection
Reconciling Humanities and Social Science Research With Data Protection
David Erdos
 
General Data Protection Regulation: what do you need to do to get prepared? -...
General Data Protection Regulation: what do you need to do to get prepared? -...General Data Protection Regulation: what do you need to do to get prepared? -...
General Data Protection Regulation: what do you need to do to get prepared? -...
IISPEastMids
 
Members evening - data protection
Members evening - data protectionMembers evening - data protection
Members evening - data protection
MRS
 
Data Privacy Trends in 2021: Compliance with New Regulations
Data Privacy Trends in 2021: Compliance with New RegulationsData Privacy Trends in 2021: Compliance with New Regulations
Data Privacy Trends in 2021: Compliance with New Regulations
PECB
 
GDPR: data needs to be in safe hands
GDPR: data needs to be in safe hands GDPR: data needs to be in safe hands
GDPR: data needs to be in safe hands
legalandgeneral
 
European Data Protection, the Right to be Forgotten and Search Engines
European Data Protection, the Right to be Forgotten and Search EnginesEuropean Data Protection, the Right to be Forgotten and Search Engines
European Data Protection, the Right to be Forgotten and Search Engines
David Erdos
 
Be careful what you wish for: the great Data Protection law reform - Lilian E...
Be careful what you wish for: the great Data Protection law reform - Lilian E...Be careful what you wish for: the great Data Protection law reform - Lilian E...
Be careful what you wish for: the great Data Protection law reform - Lilian E...
IISPEastMids
 
Privacy Practice Fundamentals: Understanding Compliance Regimes and Requirements
Privacy Practice Fundamentals: Understanding Compliance Regimes and RequirementsPrivacy Practice Fundamentals: Understanding Compliance Regimes and Requirements
Privacy Practice Fundamentals: Understanding Compliance Regimes and Requirements
Anitafin
 
GDPR: the legal aspects. By Matthias of theJurists Europe.
GDPR: the legal aspects. By Matthias of theJurists Europe.GDPR: the legal aspects. By Matthias of theJurists Europe.
GDPR: the legal aspects. By Matthias of theJurists Europe.
Matthias Dobbelaere-Welvaert
 
Companies, digital transformation and information privacy: the next steps
Companies, digital transformation and information privacy: the next stepsCompanies, digital transformation and information privacy: the next steps
Companies, digital transformation and information privacy: the next steps
The Economist Media Businesses
 
Do You Have a Roadmap for EU GDPR Compliance?
Do You Have a Roadmap for EU GDPR Compliance?Do You Have a Roadmap for EU GDPR Compliance?
Do You Have a Roadmap for EU GDPR Compliance?
Ulf Mattsson
 
Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...
Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...
Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...John Nas
 
"The EU General Data Protection Regulation: GDPR" - TRA Annual Meeting 2018
"The EU General Data Protection Regulation: GDPR" - TRA Annual Meeting 2018"The EU General Data Protection Regulation: GDPR" - TRA Annual Meeting 2018
"The EU General Data Protection Regulation: GDPR" - TRA Annual Meeting 2018
TRA - Tax Representative Alliance
 
Your Big Data Opportunity
Your Big Data OpportunityYour Big Data Opportunity
Your Big Data Opportunity
iCrossing
 
Draft data protection regn 2012
Draft data protection regn 2012Draft data protection regn 2012
Draft data protection regn 2012
lilianedwards
 
[REPORT PREVIEW] GDPR Beyond May 25, 2018
[REPORT PREVIEW] GDPR Beyond May 25, 2018[REPORT PREVIEW] GDPR Beyond May 25, 2018
[REPORT PREVIEW] GDPR Beyond May 25, 2018
Altimeter, a Prophet Company
 

More Related Content

What's hot

Comparing EU and Council of Europe Data Protection Standards in the Context o...
Comparing EU and Council of Europe Data Protection Standards in the Context o...Comparing EU and Council of Europe Data Protection Standards in the Context o...
Comparing EU and Council of Europe Data Protection Standards in the Context o...
David Erdos
 
GDPR, DPAs and the Journalistic Media: Walking the Regulatory Tightrope
GDPR, DPAs and the Journalistic Media: Walking the Regulatory TightropeGDPR, DPAs and the Journalistic Media: Walking the Regulatory Tightrope
GDPR, DPAs and the Journalistic Media: Walking the Regulatory Tightrope
David Erdos
 
Data Protection and Academic Research: The New GDPR Framework
Data Protection and Academic Research: The New GDPR FrameworkData Protection and Academic Research: The New GDPR Framework
Data Protection and Academic Research: The New GDPR Framework
David Erdos
 
DPA and GDPR
DPA and GDPRDPA and GDPR
DPA and GDPR
SabahtHussein
 
Data Protection Reform: What Businesses Need to know About GDPR and its Impac...
Data Protection Reform: What Businesses Need to know About GDPR and its Impac...Data Protection Reform: What Businesses Need to know About GDPR and its Impac...
Data Protection Reform: What Businesses Need to know About GDPR and its Impac...
MediaPost
 
Replacement standard contractual clauses
Replacement standard contractual clausesReplacement standard contractual clauses
Replacement standard contractual clauses
Brian Miller, Solicitor
 
Reconciling Humanities and Social Science Research With Data Protection
Reconciling Humanities and Social Science Research With Data ProtectionReconciling Humanities and Social Science Research With Data Protection
Reconciling Humanities and Social Science Research With Data Protection
David Erdos
 
General Data Protection Regulation: what do you need to do to get prepared? -...
General Data Protection Regulation: what do you need to do to get prepared? -...General Data Protection Regulation: what do you need to do to get prepared? -...
General Data Protection Regulation: what do you need to do to get prepared? -...
IISPEastMids
 
Members evening - data protection
Members evening - data protectionMembers evening - data protection
Members evening - data protection
MRS
 
Data Privacy Trends in 2021: Compliance with New Regulations
Data Privacy Trends in 2021: Compliance with New RegulationsData Privacy Trends in 2021: Compliance with New Regulations
Data Privacy Trends in 2021: Compliance with New Regulations
PECB
 
GDPR: data needs to be in safe hands
GDPR: data needs to be in safe hands GDPR: data needs to be in safe hands
GDPR: data needs to be in safe hands
legalandgeneral
 
European Data Protection, the Right to be Forgotten and Search Engines
European Data Protection, the Right to be Forgotten and Search EnginesEuropean Data Protection, the Right to be Forgotten and Search Engines
European Data Protection, the Right to be Forgotten and Search Engines
David Erdos
 
Be careful what you wish for: the great Data Protection law reform - Lilian E...
Be careful what you wish for: the great Data Protection law reform - Lilian E...Be careful what you wish for: the great Data Protection law reform - Lilian E...
Be careful what you wish for: the great Data Protection law reform - Lilian E...
IISPEastMids
 
Privacy Practice Fundamentals: Understanding Compliance Regimes and Requirements
Privacy Practice Fundamentals: Understanding Compliance Regimes and RequirementsPrivacy Practice Fundamentals: Understanding Compliance Regimes and Requirements
Privacy Practice Fundamentals: Understanding Compliance Regimes and Requirements
Anitafin
 
GDPR: the legal aspects. By Matthias of theJurists Europe.
GDPR: the legal aspects. By Matthias of theJurists Europe.GDPR: the legal aspects. By Matthias of theJurists Europe.
GDPR: the legal aspects. By Matthias of theJurists Europe.
Matthias Dobbelaere-Welvaert
 
Companies, digital transformation and information privacy: the next steps
Companies, digital transformation and information privacy: the next stepsCompanies, digital transformation and information privacy: the next steps
Companies, digital transformation and information privacy: the next steps
The Economist Media Businesses
 
Do You Have a Roadmap for EU GDPR Compliance?
Do You Have a Roadmap for EU GDPR Compliance?Do You Have a Roadmap for EU GDPR Compliance?
Do You Have a Roadmap for EU GDPR Compliance?
Ulf Mattsson
 
Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...
Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...
Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...John Nas
 
"The EU General Data Protection Regulation: GDPR" - TRA Annual Meeting 2018
"The EU General Data Protection Regulation: GDPR" - TRA Annual Meeting 2018"The EU General Data Protection Regulation: GDPR" - TRA Annual Meeting 2018
"The EU General Data Protection Regulation: GDPR" - TRA Annual Meeting 2018
TRA - Tax Representative Alliance
 
Your Big Data Opportunity
Your Big Data OpportunityYour Big Data Opportunity
Your Big Data Opportunity
iCrossing
 

What's hot (20)

Comparing EU and Council of Europe Data Protection Standards in the Context o...
Comparing EU and Council of Europe Data Protection Standards in the Context o...Comparing EU and Council of Europe Data Protection Standards in the Context o...
Comparing EU and Council of Europe Data Protection Standards in the Context o...
 
GDPR, DPAs and the Journalistic Media: Walking the Regulatory Tightrope
GDPR, DPAs and the Journalistic Media: Walking the Regulatory TightropeGDPR, DPAs and the Journalistic Media: Walking the Regulatory Tightrope
GDPR, DPAs and the Journalistic Media: Walking the Regulatory Tightrope
 
Data Protection and Academic Research: The New GDPR Framework
Data Protection and Academic Research: The New GDPR FrameworkData Protection and Academic Research: The New GDPR Framework
Data Protection and Academic Research: The New GDPR Framework
 
DPA and GDPR
DPA and GDPRDPA and GDPR
DPA and GDPR
 
Data Protection Reform: What Businesses Need to know About GDPR and its Impac...
Data Protection Reform: What Businesses Need to know About GDPR and its Impac...Data Protection Reform: What Businesses Need to know About GDPR and its Impac...
Data Protection Reform: What Businesses Need to know About GDPR and its Impac...
 
Replacement standard contractual clauses
Replacement standard contractual clausesReplacement standard contractual clauses
Replacement standard contractual clauses
 
Reconciling Humanities and Social Science Research With Data Protection
Reconciling Humanities and Social Science Research With Data ProtectionReconciling Humanities and Social Science Research With Data Protection
Reconciling Humanities and Social Science Research With Data Protection
 
General Data Protection Regulation: what do you need to do to get prepared? -...
General Data Protection Regulation: what do you need to do to get prepared? -...General Data Protection Regulation: what do you need to do to get prepared? -...
General Data Protection Regulation: what do you need to do to get prepared? -...
 
Members evening - data protection
Members evening - data protectionMembers evening - data protection
Members evening - data protection
 
Data Privacy Trends in 2021: Compliance with New Regulations
Data Privacy Trends in 2021: Compliance with New RegulationsData Privacy Trends in 2021: Compliance with New Regulations
Data Privacy Trends in 2021: Compliance with New Regulations
 
GDPR: data needs to be in safe hands
GDPR: data needs to be in safe hands GDPR: data needs to be in safe hands
GDPR: data needs to be in safe hands
 
European Data Protection, the Right to be Forgotten and Search Engines
European Data Protection, the Right to be Forgotten and Search EnginesEuropean Data Protection, the Right to be Forgotten and Search Engines
European Data Protection, the Right to be Forgotten and Search Engines
 
Be careful what you wish for: the great Data Protection law reform - Lilian E...
Be careful what you wish for: the great Data Protection law reform - Lilian E...Be careful what you wish for: the great Data Protection law reform - Lilian E...
Be careful what you wish for: the great Data Protection law reform - Lilian E...
 
Privacy Practice Fundamentals: Understanding Compliance Regimes and Requirements
Privacy Practice Fundamentals: Understanding Compliance Regimes and RequirementsPrivacy Practice Fundamentals: Understanding Compliance Regimes and Requirements
Privacy Practice Fundamentals: Understanding Compliance Regimes and Requirements
 
GDPR: the legal aspects. By Matthias of theJurists Europe.
GDPR: the legal aspects. By Matthias of theJurists Europe.GDPR: the legal aspects. By Matthias of theJurists Europe.
GDPR: the legal aspects. By Matthias of theJurists Europe.
 
Companies, digital transformation and information privacy: the next steps
Companies, digital transformation and information privacy: the next stepsCompanies, digital transformation and information privacy: the next steps
Companies, digital transformation and information privacy: the next steps
 
Do You Have a Roadmap for EU GDPR Compliance?
Do You Have a Roadmap for EU GDPR Compliance?Do You Have a Roadmap for EU GDPR Compliance?
Do You Have a Roadmap for EU GDPR Compliance?
 
Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...
Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...
Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...
 
"The EU General Data Protection Regulation: GDPR" - TRA Annual Meeting 2018
"The EU General Data Protection Regulation: GDPR" - TRA Annual Meeting 2018"The EU General Data Protection Regulation: GDPR" - TRA Annual Meeting 2018
"The EU General Data Protection Regulation: GDPR" - TRA Annual Meeting 2018
 
Your Big Data Opportunity
Your Big Data OpportunityYour Big Data Opportunity
Your Big Data Opportunity
 

Similar to European Data Protection and Social Networking

Draft data protection regn 2012
Draft data protection regn 2012Draft data protection regn 2012
Draft data protection regn 2012
lilianedwards
 
[REPORT PREVIEW] GDPR Beyond May 25, 2018
[REPORT PREVIEW] GDPR Beyond May 25, 2018[REPORT PREVIEW] GDPR Beyond May 25, 2018
[REPORT PREVIEW] GDPR Beyond May 25, 2018
Altimeter, a Prophet Company
 
The Evolution of Data Privacy - A Symantec Information Security Perspective o...
The Evolution of Data Privacy - A Symantec Information Security Perspective o...The Evolution of Data Privacy - A Symantec Information Security Perspective o...
The Evolution of Data Privacy - A Symantec Information Security Perspective o...
Symantec
 
The GDPR for Techies
The GDPR for TechiesThe GDPR for Techies
The GDPR for Techies
Lilian Edwards
 
GDPR: Into Practice
GDPR: Into PracticeGDPR: Into Practice
GDPR: Into Practice
Jisc
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)
BenjaminShalevSalovi
 
International Summer School on Cyber Law - Moscow - July 2014
International Summer School on Cyber Law - Moscow - July 2014International Summer School on Cyber Law - Moscow - July 2014
International Summer School on Cyber Law - Moscow - July 2014
Giovanni Maria Riccio
 
"Data Breaches & the Upcoming Data Protection Legal Framework: What’s the Buz...
"Data Breaches & the Upcoming Data Protection Legal Framework: What’s the Buz..."Data Breaches & the Upcoming Data Protection Legal Framework: What’s the Buz...
"Data Breaches & the Upcoming Data Protection Legal Framework: What’s the Buz...
Cédric Laurant
 
Answer the Below Question. APA format. 300 words.Textbook .docx
Answer the Below Question. APA format. 300 words.Textbook .docxAnswer the Below Question. APA format. 300 words.Textbook .docx
Answer the Below Question. APA format. 300 words.Textbook .docx
nolanalgernon
 
GDPR A Practical Guide with Varonis
GDPR A Practical Guide with VaronisGDPR A Practical Guide with Varonis
GDPR A Practical Guide with Varonis
Angad Dayal
 
EU General Data Protection Regulation - Update 2017
EU General Data Protection Regulation - Update 2017EU General Data Protection Regulation - Update 2017
EU General Data Protection Regulation - Update 2017
Cliff Ashcroft
 
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docx
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docxhttpsdigitalguardian.comblogsocial-engineering-attacks-common.docx
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docx
adampcarr67227
 
GDPR: how IT works
GDPR: how IT worksGDPR: how IT works
GDPR: how IT works
Morris Dorfer
 
Is data protection the new defamation?
Is data protection the new defamation?Is data protection the new defamation?
Is data protection the new defamation?
jtownend
 
GDPR and Analytics
GDPR and AnalyticsGDPR and Analytics
GDPR and Analytics
brunomase
 
GDPR - A practical guide
GDPR - A practical guideGDPR - A practical guide
GDPR - A practical guide
Angad Dayal
 
Unit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrUnit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hr
Tushar Rajput
 
Data protection & security breakfast briefing master slides 28 june-final
Data protection & security breakfast briefing master slides 28 june-finalData protection & security breakfast briefing master slides 28 june-final
Data protection & security breakfast briefing master slides 28 june-final
Dr. Donald Macfarlane
 
Data Protection & Security Breakfast Briefing - Master Slides_28 June_final
Data Protection & Security Breakfast Briefing - Master Slides_28 June_finalData Protection & Security Breakfast Briefing - Master Slides_28 June_final
Data Protection & Security Breakfast Briefing - Master Slides_28 June_finalDr. Donald Macfarlane
 
NetSquared London - GDPR for charities
NetSquared London - GDPR for charitiesNetSquared London - GDPR for charities
NetSquared London - GDPR for charities
Tech Trust
 

Similar to European Data Protection and Social Networking (20)

Draft data protection regn 2012
Draft data protection regn 2012Draft data protection regn 2012
Draft data protection regn 2012
 
[REPORT PREVIEW] GDPR Beyond May 25, 2018
[REPORT PREVIEW] GDPR Beyond May 25, 2018[REPORT PREVIEW] GDPR Beyond May 25, 2018
[REPORT PREVIEW] GDPR Beyond May 25, 2018
 
The Evolution of Data Privacy - A Symantec Information Security Perspective o...
The Evolution of Data Privacy - A Symantec Information Security Perspective o...The Evolution of Data Privacy - A Symantec Information Security Perspective o...
The Evolution of Data Privacy - A Symantec Information Security Perspective o...
 
The GDPR for Techies
The GDPR for TechiesThe GDPR for Techies
The GDPR for Techies
 
GDPR: Into Practice
GDPR: Into PracticeGDPR: Into Practice
GDPR: Into Practice
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)
 
International Summer School on Cyber Law - Moscow - July 2014
International Summer School on Cyber Law - Moscow - July 2014International Summer School on Cyber Law - Moscow - July 2014
International Summer School on Cyber Law - Moscow - July 2014
 
"Data Breaches & the Upcoming Data Protection Legal Framework: What’s the Buz...
"Data Breaches & the Upcoming Data Protection Legal Framework: What’s the Buz..."Data Breaches & the Upcoming Data Protection Legal Framework: What’s the Buz...
"Data Breaches & the Upcoming Data Protection Legal Framework: What’s the Buz...
 
Answer the Below Question. APA format. 300 words.Textbook .docx
Answer the Below Question. APA format. 300 words.Textbook .docxAnswer the Below Question. APA format. 300 words.Textbook .docx
Answer the Below Question. APA format. 300 words.Textbook .docx
 
GDPR A Practical Guide with Varonis
GDPR A Practical Guide with VaronisGDPR A Practical Guide with Varonis
GDPR A Practical Guide with Varonis
 
EU General Data Protection Regulation - Update 2017
EU General Data Protection Regulation - Update 2017EU General Data Protection Regulation - Update 2017
EU General Data Protection Regulation - Update 2017
 
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docx
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docxhttpsdigitalguardian.comblogsocial-engineering-attacks-common.docx
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docx
 
GDPR: how IT works
GDPR: how IT worksGDPR: how IT works
GDPR: how IT works
 
Is data protection the new defamation?
Is data protection the new defamation?Is data protection the new defamation?
Is data protection the new defamation?
 
GDPR and Analytics
GDPR and AnalyticsGDPR and Analytics
GDPR and Analytics
 
GDPR - A practical guide
GDPR - A practical guideGDPR - A practical guide
GDPR - A practical guide
 
Unit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrUnit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hr
 
Data protection & security breakfast briefing master slides 28 june-final
Data protection & security breakfast briefing master slides 28 june-finalData protection & security breakfast briefing master slides 28 june-final
Data protection & security breakfast briefing master slides 28 june-final
 
Data Protection & Security Breakfast Briefing - Master Slides_28 June_final
Data Protection & Security Breakfast Briefing - Master Slides_28 June_finalData Protection & Security Breakfast Briefing - Master Slides_28 June_final
Data Protection & Security Breakfast Briefing - Master Slides_28 June_final
 
NetSquared London - GDPR for charities
NetSquared London - GDPR for charitiesNetSquared London - GDPR for charities
NetSquared London - GDPR for charities
 

More from David Erdos

Regulatory Enforcement of UK Data Protection
Regulatory Enforcement of UK Data ProtectionRegulatory Enforcement of UK Data Protection
Regulatory Enforcement of UK Data Protection
David Erdos
 
Generative AI, Search Engines and GDPR
Generative AI, Search Engines and GDPRGenerative AI, Search Engines and GDPR
Generative AI, Search Engines and GDPR
David Erdos
 
Google Spain and its Aftermath 2014-2023: An EU and UK GDPR Perspective
Google Spain and its Aftermath 2014-2023: An EU and UK GDPR PerspectiveGoogle Spain and its Aftermath 2014-2023: An EU and UK GDPR Perspective
Google Spain and its Aftermath 2014-2023: An EU and UK GDPR Perspective
David Erdos
 
The Brexit Isles Alter Ego? Revisiting Ireland's Commonwealth Exit 1948-49
The Brexit Isles Alter Ego? Revisiting Ireland's Commonwealth Exit 1948-49The Brexit Isles Alter Ego? Revisiting Ireland's Commonwealth Exit 1948-49
The Brexit Isles Alter Ego? Revisiting Ireland's Commonwealth Exit 1948-49
David Erdos
 
Data Protection Post-Brexit: Can the UK Craft a Credible New Approach?
Data Protection Post-Brexit: Can the UK Craft a Credible New Approach?Data Protection Post-Brexit: Can the UK Craft a Credible New Approach?
Data Protection Post-Brexit: Can the UK Craft a Credible New Approach?
David Erdos
 
The GDPR and Journalism: Enforcement and Beyond
The GDPR and Journalism: Enforcement and BeyondThe GDPR and Journalism: Enforcement and Beyond
The GDPR and Journalism: Enforcement and Beyond
David Erdos
 
Constitutional Privacy and Data Protection in the EU
Constitutional Privacy and Data Protection in the EUConstitutional Privacy and Data Protection in the EU
Constitutional Privacy and Data Protection in the EU
David Erdos
 
Dead Ringers? Legal Persons & the Deceased in European Data Protection Law
Dead Ringers? Legal Persons & the Deceased in European Data Protection LawDead Ringers? Legal Persons & the Deceased in European Data Protection Law
Dead Ringers? Legal Persons & the Deceased in European Data Protection Law
David Erdos
 
UK & EU Freedom of Information & Data Protection: Continuity & Change
UK & EU Freedom of Information & Data Protection: Continuity & ChangeUK & EU Freedom of Information & Data Protection: Continuity & Change
UK & EU Freedom of Information & Data Protection: Continuity & Change
David Erdos
 
Data Protection and Academia: Fundamental Rights in Conflict
Data Protection and Academia: Fundamental Rights in ConflictData Protection and Academia: Fundamental Rights in Conflict
Data Protection and Academia: Fundamental Rights in Conflict
David Erdos
 
Regulation of Medical Research under European Data Protection
Regulation of Medical Research under European Data ProtectionRegulation of Medical Research under European Data Protection
Regulation of Medical Research under European Data Protection
David Erdos
 
New Media Internet Expression and European Data Protection
New Media Internet Expression and European Data ProtectionNew Media Internet Expression and European Data Protection
New Media Internet Expression and European Data Protection
David Erdos
 
EU General Data Protection Regulation & Transborder Information Flow
EU General Data Protection Regulation & Transborder Information FlowEU General Data Protection Regulation & Transborder Information Flow
EU General Data Protection Regulation & Transborder Information Flow
David Erdos
 

More from David Erdos (13)

Regulatory Enforcement of UK Data Protection
Regulatory Enforcement of UK Data ProtectionRegulatory Enforcement of UK Data Protection
Regulatory Enforcement of UK Data Protection
 
Generative AI, Search Engines and GDPR
Generative AI, Search Engines and GDPRGenerative AI, Search Engines and GDPR
Generative AI, Search Engines and GDPR
 
Google Spain and its Aftermath 2014-2023: An EU and UK GDPR Perspective
Google Spain and its Aftermath 2014-2023: An EU and UK GDPR PerspectiveGoogle Spain and its Aftermath 2014-2023: An EU and UK GDPR Perspective
Google Spain and its Aftermath 2014-2023: An EU and UK GDPR Perspective
 
The Brexit Isles Alter Ego? Revisiting Ireland's Commonwealth Exit 1948-49
The Brexit Isles Alter Ego? Revisiting Ireland's Commonwealth Exit 1948-49The Brexit Isles Alter Ego? Revisiting Ireland's Commonwealth Exit 1948-49
The Brexit Isles Alter Ego? Revisiting Ireland's Commonwealth Exit 1948-49
 
Data Protection Post-Brexit: Can the UK Craft a Credible New Approach?
Data Protection Post-Brexit: Can the UK Craft a Credible New Approach?Data Protection Post-Brexit: Can the UK Craft a Credible New Approach?
Data Protection Post-Brexit: Can the UK Craft a Credible New Approach?
 
The GDPR and Journalism: Enforcement and Beyond
The GDPR and Journalism: Enforcement and BeyondThe GDPR and Journalism: Enforcement and Beyond
The GDPR and Journalism: Enforcement and Beyond
 
Constitutional Privacy and Data Protection in the EU
Constitutional Privacy and Data Protection in the EUConstitutional Privacy and Data Protection in the EU
Constitutional Privacy and Data Protection in the EU
 
Dead Ringers? Legal Persons & the Deceased in European Data Protection Law
Dead Ringers? Legal Persons & the Deceased in European Data Protection LawDead Ringers? Legal Persons & the Deceased in European Data Protection Law
Dead Ringers? Legal Persons & the Deceased in European Data Protection Law
 
UK & EU Freedom of Information & Data Protection: Continuity & Change
UK & EU Freedom of Information & Data Protection: Continuity & ChangeUK & EU Freedom of Information & Data Protection: Continuity & Change
UK & EU Freedom of Information & Data Protection: Continuity & Change
 
Data Protection and Academia: Fundamental Rights in Conflict
Data Protection and Academia: Fundamental Rights in ConflictData Protection and Academia: Fundamental Rights in Conflict
Data Protection and Academia: Fundamental Rights in Conflict
 
Regulation of Medical Research under European Data Protection
Regulation of Medical Research under European Data ProtectionRegulation of Medical Research under European Data Protection
Regulation of Medical Research under European Data Protection
 
New Media Internet Expression and European Data Protection
New Media Internet Expression and European Data ProtectionNew Media Internet Expression and European Data Protection
New Media Internet Expression and European Data Protection
 
EU General Data Protection Regulation & Transborder Information Flow
EU General Data Protection Regulation & Transborder Information FlowEU General Data Protection Regulation & Transborder Information Flow
EU General Data Protection Regulation & Transborder Information Flow
 

Recently uploaded

Ease of Paying Tax Law Republic Act 11976
Ease of Paying Tax Law Republic Act 11976Ease of Paying Tax Law Republic Act 11976
Ease of Paying Tax Law Republic Act 11976
PelayoGilbert
 
Abdul Hakim Shabazz Deposition Hearing in Federal Court
Abdul Hakim Shabazz Deposition Hearing in Federal CourtAbdul Hakim Shabazz Deposition Hearing in Federal Court
Abdul Hakim Shabazz Deposition Hearing in Federal Court
Gabe Whitley
 
Roles of a Bankruptcy Lawyer John Cavitt
Roles of a Bankruptcy Lawyer John CavittRoles of a Bankruptcy Lawyer John Cavitt
Roles of a Bankruptcy Lawyer John Cavitt
johncavitthouston
 
办理(waikato毕业证书)新西兰怀卡托大学毕业证双学位证书原版一模一样
办理(waikato毕业证书)新西兰怀卡托大学毕业证双学位证书原版一模一样办理(waikato毕业证书)新西兰怀卡托大学毕业证双学位证书原版一模一样
办理(waikato毕业证书)新西兰怀卡托大学毕业证双学位证书原版一模一样
9ib5wiwt
 
NATURE, ORIGIN AND DEVELOPMENT OF INTERNATIONAL LAW.pptx
NATURE, ORIGIN AND DEVELOPMENT OF INTERNATIONAL LAW.pptxNATURE, ORIGIN AND DEVELOPMENT OF INTERNATIONAL LAW.pptx
NATURE, ORIGIN AND DEVELOPMENT OF INTERNATIONAL LAW.pptx
anvithaav
 
XYZ-v.-state-of-Maharashtra-Bombay-HC-Writ-Petition-6340-2023.pdf
XYZ-v.-state-of-Maharashtra-Bombay-HC-Writ-Petition-6340-2023.pdfXYZ-v.-state-of-Maharashtra-Bombay-HC-Writ-Petition-6340-2023.pdf
XYZ-v.-state-of-Maharashtra-Bombay-HC-Writ-Petition-6340-2023.pdf
bhavenpr
 
Bharatiya Nagarik Suraksha Sanhita power.pptx
Bharatiya Nagarik Suraksha Sanhita power.pptxBharatiya Nagarik Suraksha Sanhita power.pptx
Bharatiya Nagarik Suraksha Sanhita power.pptx
ShivkumarIyer18
 
The Reserve Bank of India Act, 1934.pptx
The Reserve Bank of India Act, 1934.pptxThe Reserve Bank of India Act, 1934.pptx
The Reserve Bank of India Act, 1934.pptx
nehatalele22st
 
Business and Corporate Case Update (2024)
Business and Corporate Case Update (2024)Business and Corporate Case Update (2024)
Business and Corporate Case Update (2024)
Wendy Couture
 
Donald_J_Trump_katigoritirio_stormi_daniels.pdf
Donald_J_Trump_katigoritirio_stormi_daniels.pdfDonald_J_Trump_katigoritirio_stormi_daniels.pdf
Donald_J_Trump_katigoritirio_stormi_daniels.pdf
ssuser5750e1
 
怎么购买(massey毕业证书)新西兰梅西大学毕业证学位证书注册证明信原版一模一样
怎么购买(massey毕业证书)新西兰梅西大学毕业证学位证书注册证明信原版一模一样怎么购买(massey毕业证书)新西兰梅西大学毕业证学位证书注册证明信原版一模一样
怎么购买(massey毕业证书)新西兰梅西大学毕业证学位证书注册证明信原版一模一样
9ib5wiwt
 
Rokita Releases Soccer Stadium Legal Opinion
Rokita Releases Soccer Stadium Legal OpinionRokita Releases Soccer Stadium Legal Opinion
Rokita Releases Soccer Stadium Legal Opinion
Abdul-Hakim Shabazz
 
Understanding about ITR-1 and Documentation
Understanding about ITR-1 and DocumentationUnderstanding about ITR-1 and Documentation
Understanding about ITR-1 and Documentation
CAAJAYKUMAR4
 
ADR in criminal proceeding in Bangladesh with global perspective.
ADR in criminal proceeding in Bangladesh with global perspective.ADR in criminal proceeding in Bangladesh with global perspective.
ADR in criminal proceeding in Bangladesh with global perspective.
Daffodil International University
 
Matthew Professional CV experienced Government Liaison
Matthew Professional CV experienced Government LiaisonMatthew Professional CV experienced Government Liaison
Matthew Professional CV experienced Government Liaison
MattGardner52
 
Daftar Rumpun, Pohon, dan Cabang Ilmu (28 Mei 2024).pdf
Daftar Rumpun, Pohon, dan Cabang Ilmu (28 Mei 2024).pdfDaftar Rumpun, Pohon, dan Cabang Ilmu (28 Mei 2024).pdf
Daftar Rumpun, Pohon, dan Cabang Ilmu (28 Mei 2024).pdf
akbarrasyid3
 
Tax Law Notes on taxation law tax law for 10th sem
Tax Law Notes on taxation law tax law for 10th semTax Law Notes on taxation law tax law for 10th sem
Tax Law Notes on taxation law tax law for 10th sem
azizurrahaman17
 
Responsibilities of the office bearers while registering multi-state cooperat...
Responsibilities of the office bearers while registering multi-state cooperat...Responsibilities of the office bearers while registering multi-state cooperat...
Responsibilities of the office bearers while registering multi-state cooperat...
Finlaw Consultancy Pvt Ltd
 
Secure Your Brand: File a Trademark Today
Secure Your Brand: File a Trademark TodaySecure Your Brand: File a Trademark Today
Secure Your Brand: File a Trademark Today
Trademark Quick
 
Consolidated_Analysis_report_(Phase_1_to_7)_of_Criminal_and_Financial_backgro...
Consolidated_Analysis_report_(Phase_1_to_7)_of_Criminal_and_Financial_backgro...Consolidated_Analysis_report_(Phase_1_to_7)_of_Criminal_and_Financial_backgro...
Consolidated_Analysis_report_(Phase_1_to_7)_of_Criminal_and_Financial_backgro...
YashSingh373746
 

Recently uploaded (20)

Ease of Paying Tax Law Republic Act 11976
Ease of Paying Tax Law Republic Act 11976Ease of Paying Tax Law Republic Act 11976
Ease of Paying Tax Law Republic Act 11976
 
Abdul Hakim Shabazz Deposition Hearing in Federal Court
Abdul Hakim Shabazz Deposition Hearing in Federal CourtAbdul Hakim Shabazz Deposition Hearing in Federal Court
Abdul Hakim Shabazz Deposition Hearing in Federal Court
 
Roles of a Bankruptcy Lawyer John Cavitt
Roles of a Bankruptcy Lawyer John CavittRoles of a Bankruptcy Lawyer John Cavitt
Roles of a Bankruptcy Lawyer John Cavitt
 
办理(waikato毕业证书)新西兰怀卡托大学毕业证双学位证书原版一模一样
办理(waikato毕业证书)新西兰怀卡托大学毕业证双学位证书原版一模一样办理(waikato毕业证书)新西兰怀卡托大学毕业证双学位证书原版一模一样
办理(waikato毕业证书)新西兰怀卡托大学毕业证双学位证书原版一模一样
 
NATURE, ORIGIN AND DEVELOPMENT OF INTERNATIONAL LAW.pptx
NATURE, ORIGIN AND DEVELOPMENT OF INTERNATIONAL LAW.pptxNATURE, ORIGIN AND DEVELOPMENT OF INTERNATIONAL LAW.pptx
NATURE, ORIGIN AND DEVELOPMENT OF INTERNATIONAL LAW.pptx
 
XYZ-v.-state-of-Maharashtra-Bombay-HC-Writ-Petition-6340-2023.pdf
XYZ-v.-state-of-Maharashtra-Bombay-HC-Writ-Petition-6340-2023.pdfXYZ-v.-state-of-Maharashtra-Bombay-HC-Writ-Petition-6340-2023.pdf
XYZ-v.-state-of-Maharashtra-Bombay-HC-Writ-Petition-6340-2023.pdf
 
Bharatiya Nagarik Suraksha Sanhita power.pptx
Bharatiya Nagarik Suraksha Sanhita power.pptxBharatiya Nagarik Suraksha Sanhita power.pptx
Bharatiya Nagarik Suraksha Sanhita power.pptx
 
The Reserve Bank of India Act, 1934.pptx
The Reserve Bank of India Act, 1934.pptxThe Reserve Bank of India Act, 1934.pptx
The Reserve Bank of India Act, 1934.pptx
 
Business and Corporate Case Update (2024)
Business and Corporate Case Update (2024)Business and Corporate Case Update (2024)
Business and Corporate Case Update (2024)
 
Donald_J_Trump_katigoritirio_stormi_daniels.pdf
Donald_J_Trump_katigoritirio_stormi_daniels.pdfDonald_J_Trump_katigoritirio_stormi_daniels.pdf
Donald_J_Trump_katigoritirio_stormi_daniels.pdf
 
怎么购买(massey毕业证书)新西兰梅西大学毕业证学位证书注册证明信原版一模一样
怎么购买(massey毕业证书)新西兰梅西大学毕业证学位证书注册证明信原版一模一样怎么购买(massey毕业证书)新西兰梅西大学毕业证学位证书注册证明信原版一模一样
怎么购买(massey毕业证书)新西兰梅西大学毕业证学位证书注册证明信原版一模一样
 
Rokita Releases Soccer Stadium Legal Opinion
Rokita Releases Soccer Stadium Legal OpinionRokita Releases Soccer Stadium Legal Opinion
Rokita Releases Soccer Stadium Legal Opinion
 
Understanding about ITR-1 and Documentation
Understanding about ITR-1 and DocumentationUnderstanding about ITR-1 and Documentation
Understanding about ITR-1 and Documentation
 
ADR in criminal proceeding in Bangladesh with global perspective.
ADR in criminal proceeding in Bangladesh with global perspective.ADR in criminal proceeding in Bangladesh with global perspective.
ADR in criminal proceeding in Bangladesh with global perspective.
 
Matthew Professional CV experienced Government Liaison
Matthew Professional CV experienced Government LiaisonMatthew Professional CV experienced Government Liaison
Matthew Professional CV experienced Government Liaison
 
Daftar Rumpun, Pohon, dan Cabang Ilmu (28 Mei 2024).pdf
Daftar Rumpun, Pohon, dan Cabang Ilmu (28 Mei 2024).pdfDaftar Rumpun, Pohon, dan Cabang Ilmu (28 Mei 2024).pdf
Daftar Rumpun, Pohon, dan Cabang Ilmu (28 Mei 2024).pdf
 
Tax Law Notes on taxation law tax law for 10th sem
Tax Law Notes on taxation law tax law for 10th semTax Law Notes on taxation law tax law for 10th sem
Tax Law Notes on taxation law tax law for 10th sem
 
Responsibilities of the office bearers while registering multi-state cooperat...
Responsibilities of the office bearers while registering multi-state cooperat...Responsibilities of the office bearers while registering multi-state cooperat...
Responsibilities of the office bearers while registering multi-state cooperat...
 
Secure Your Brand: File a Trademark Today
Secure Your Brand: File a Trademark TodaySecure Your Brand: File a Trademark Today
Secure Your Brand: File a Trademark Today
 
Consolidated_Analysis_report_(Phase_1_to_7)_of_Criminal_and_Financial_backgro...
Consolidated_Analysis_report_(Phase_1_to_7)_of_Criminal_and_Financial_backgro...Consolidated_Analysis_report_(Phase_1_to_7)_of_Criminal_and_Financial_backgro...
Consolidated_Analysis_report_(Phase_1_to_7)_of_Criminal_and_Financial_backgro...
 

European Data Protection and Social Networking

  • 2. Outline  Social Networking Sites (SNS) and SNS Content  Potential DP concerns arising from SNS Content  Potential DP responsibilities of SNS Users  Potential DP responsibilities of SNS Providers  Conclusions
  • 3. Background: Social Networking Sites  According to the A29 WP, SNS are:  Private message and a homepage almost always provided.  The centrality of the network per se may also differ.  Given this, it might be better to think about SNS within a broader category of “online forums” (ICO, 2013).  The rise of ubiquitous and profitable SNS is a reality of Web 2.0.  Nevertheless, platforms for social communication go back to the early days of online technology (even before the Web). “online communication platforms which enable individuals to join or create networks of like-minded users.” (p. 4)
  • 4. SNS and ʻContentʼ Personal Information  SNS results in the processing of vast amounts of personal information.  Very broadly, information use may be divided into:  ʻBackgroundʼ information used to manage essential site services, personalize content, target adverts and sell as a commodity.  ʻContentʼ information including of third parties (3Ps) published by SNS users and/or providers on the site  Clearly there is an overlap between these two classes & to an extent we may need to look at SNS roles as a whole  However, we focus only on “content information”.
  • 5. SNS ʻContentʼ Personal Info. and DP  Use of personal information as SNS content has resulted in a wide range of concerns potentially related to DP.  Many concerns focus on 3P dissemination including:  Invasion of privacy,  Unwarranted denigration (incl. linked to discrimination),  Spreading of inaccuracies,  Loss of information control  Dissemination of information which is excessive, irrelevant etc. (or which becomes so over time)  We will look at the potential responsibilities of two key actors here: (a) SNS Users and (b) SNS Providers.
  • 6. SNS Users as Controllers? Introduction  SNS User activity generally falls within general material scope of data protection (DP).  However, is the household exemption engaged?  SNS Users are generally natural persons.  Processing is ʻon behalf ofʼ if not strictly ʻbyʼ them.  What SNS activity is “purely personal or household”?  Generally agreed can’t cover professional/commercial activity.  Many Data Protection Authorities would confine to small-scale dissemination, perhaps limited to friends and family or consent.  However, other DPAs concerned about such an interpretation.
  • 7. Common WP29 Position: Opinion 5/2009 “In most cases, users are considered to be data subjects” “[I]f a user takes an informed decision to extend access beyond self- selected “friends” data controller responsibilities come into force.” “A high number of contacts could be an indication that the household exemption does not apply and therefore that the user would be considered a data controller.” “The application of the household exemption is also constrained by the need to guarantee the rights of third parties, particularly with regard to sensitive data.”
  • 8. ICO Position: SNS & Online Forum Guide (c. 2013) “42. The ICO will not consider complaints made against individuals who have posted personal data whilst acting in a personal capacity, no matter how unfair, derogatory or distressing the posts may be. This is because where an individual is posting for the purposes of their personal, family[,] household or recreational purposes the section 36 exemption will apply. 43. The ICO will consider complaints about posts made by businesses, organisations, or individuals acting for non-domestic purposes in the normal way, using a proportionate approach.”
  • 9. Irish DPA Position in Facebook Audit (2011) “Under Irish law where an individual uses Facebook for purely social and personal purposes to interact with friends etc they are considered to be doing so in a private capacity with no consequent individual data controller responsibility. This so-called domestic exemption means for instance that there are no fair processing obligations that arise for an individual user when posting information about other individuals on their Facebook page. The Article 29 Working Party Opinion 5/2009 on online social networking also recognised this distinction.” (p. 24)
  • 10. CJEU: Core ruling in C-101/01 Lindqvist  Articulated categorical rule that indeterminate publication is outside the household exception.  CJEU also suggested should apply narrow concept of “private and family life” to exception as a whole. The household exception must “be interpreted as relating only to activities which are carried out in the course of private or family life of individuals, which is clearly not the case with the processing of personal data consisting in publication on the internet so that those data are made accessible to an indefinite number of people.” (at [47])
  • 11. CJEU: Related ruling in C-212/13 Rynes Facts: About householders’ CCTV overlooking public area outside house. Disclosure only to police. Did the exemption apply? Ruling: No Reasoning: “the exception provided for … must be narrowly construed.” (at [29]) “the processing of personal data comes within the exception … only where it is carried out in the purely personal or household setting of the person processing the data.” (at [31])
  • 12. ICO: Response to Rynes (outside CCTV)  Guidance on drones altered but no change otherwise.  But practical, philosophical etc. obstacles to full acceptance by ICO of thrust of CJEU case law here remain formidable. “Clearly this is a significant judgment. We’ve previously considered the domestic exemption to be quite broad, but the judgment suggests a more narrower interpretation, which could have an effect beyond surveillance cameras. There’s work for us to do now. We are talking to the Ministry of Justice about the effects on our UK law. We’ll be studying the judgment in detail before deciding what steps we need to take … Once we’ve done that, we’ll provide another update.”
  • 13. CJEU: Further ruling in C-345/17 Buivids  Fact that recording public officials performing public duties did not change this (at [44]).  Stressed again that exceptions must be “interpreted strictly” (at [41]) [S]ince Mr Buivids published the video in question on a video website [YouTube] on which users can send, watch and share videos, without restricting access to that video, thereby permitting access to personal data to an indefinite number of people, the processing of personal data at issue … does not come within the context of purely personal or household activities. (at [43]).
  • 14. Household Exemption under GDPR Article 2(2): “This Regulation does not apply to the processing of personal data: …. (c) by a natural persona in the course of a purely personal or household activity” Recital 18: “This Regulation does not apply to the processing of personal data by a natural person in the course of a purely personal or household activity and thus with no connection to a professional or commercial activity. Personal or household activities could include correspondence and the holding of addresses, or social networking and online activity undertaken within the context of such activities. However, this Regulation applies to controllers or processors which provide the means for processing personal data for such personal or household activities.”
  • 15. SNS Users DP Responsibilities  SNS users publishing 3P personal data could have duty to:  Register with the ICO  Provide notice to individuals (at least re direct collection)  Gain consent re: many forms of ʻsensitiveʼ data  Answer subject access requests  Take steps to ensure accuracy, non-excessiveness etc.  But as regards some/all of this, it could be argued that:  If non-intrusive may fall within GDPR household exemption  May fall within special purposes (cf. art. 85(2) GDPR), or may  Require other explicit rights balancing (cf. art. 85(1)).
  • 16. Lindqvist & Buivids on Rights Balance C-101/01 Lindqvist (2003): “Mrs Lindqvist’s freedom of expression in her work preparing people for Communion and her freedom to carry out activities contributing to religious life have to be weighed against the protection of the private life of the individuals about whom Mrs Lindqvist has placed data her internet site” (at [86]) C-345/17 Buivids (2019) “ʻ[J]ournalistic activitiesʼ are those which have as their purpose the disclosure to the public of information, opinions or ideas” (at [53]) “[I]f [that] should transpire … it is for the referring court to determine whether the exemptions or derogations provided for … are necessary in order to reconcile the right to privacy with the rules governing freedom of expression, and whether those exemptions and derogations are applied only in so far as is strictly necessary.” (at [68]).
  • 17. SNS Providers as Controllers: Introduction  Clearly  re: ʻbackgroundʼ personal information.  Bit more complex re: ʻcontentʼ personal information:  Are SNS Providers only processors of personal information?  If they exercise control, is this only partial?  If so, does this limit their duties as data controllers? “controller” = anyone who “alone or jointly with others determines the purposes and means of the processing of personal data”
  • 18. Irish DPA: Position in Facebook Audit (2011) “Complaint 18 – Obligations as Processor from “Europe-v-Facebook” contended that Facebook’s operation as a processor is at variance with both Irish Data Protection legislation and Directive 95/46/EC. The complaint states that Facebook and its users can only process data legally if Facebook clearly defines, in relation to each piece of data held, who is the data controller and who is the data processor. This issue is deal with in the introduction to this Report by reference to what is termed the household or domestic exemption and the responsibilities of a business for instance when using the site.” (pp. 38-39)
  • 19. Common WP 29 Position in Opinion 5/2009 “SNS providers are data controllers … They provide the means for the processing of user data and provide all the “basic” services related to user management (e.g. registration and deletion of accounts).” (p. 5) Should establish clearly visible complaints handling office for DP & privacy issues/complaints for members & non-members. (p. 11) Recommends as regards the upload of information that: • Provide adequate warnings about privacy risks and fact may impinge of privacy and DP rights. • “SNS user should be advised by SNS that if they wish to upload pictures or information about others individuals, this should be done with the individual’s consent.” (p. 7)
  • 20. ICO Position: SNS & Online Forum Guide (c. 2013) “26. The first issue a person or organisation that runs a social networking site or other online forum needs to consider is the extent to which they are a data controller. … … 31. … If the site only allows posts subject to terms and conditions which cover acceptable content, and if it can remove posts which breach its policies on such matters, then it will still, to some extent, be determining the purposes and manner in personal data is processed. It will therefore be a data controller.”
  • 21. ICO Position Continued:  Focus on policies and ex post control can be seen as reflecting (i) idea of a granular “controller” and/or (ii) need for a balance with other fundamental rights. “40. We would expect a person or organisation running a social networking site or online forum to have policies in place that are sufficient to deal with: • Complaints from people who believe that their personal data may have been processed unfairly or unlawfully because they have been the subject of derogatory, threatening or abusive online postings by third parties; • Disputes between individuals about the factual accuracy of posts”
  • 22. e-Commerce Directive (ECD) Host Shield  Definition (art. 14): Storing information at request of recipient and where recipient not acting under their authority or control.  General liability shield (art. 14(1)): Exemption if:  No actual knowledge of illegality (or re: damages, awareness of facts or circumstances from which illegality apparent).  Upon obtaining knowledge/awareness, act expeditiously to remove/disable access.  Injunction possibility remains (art. 14(3): May be administrative &/or court injunction – terminating or preventative.  General monitoring prohibition (art. 15): No general obligation to monitor for illegality (but may be specified monitoring)
  • 23. ECD: Special Aspects Relevant to DP?  Duty of care possibility (recital 48): “This Directive does not affect the possibility for Member States of requiring service providers, who host information provided by recipients of their service, to applying duties of care, which can reasonably be expected from them and which are specified by national law, in order to detect and prevent certain types of illegal activity.”  Data protection clause (art. 1(5)):  Excludes “questions relating to information society services covered by” EU data protection framework.  GDPR text maintains with this but adds that it is “without prejudice” to Directive 2000/31 and intermediary shields (GPDR, art. 2 (4)).
  • 24. CG v Facebook Ireland (2016) (NICA) Facts: Various postings related to a convicted sex offender (CG) including information on his home address. Held: Facebook liable but only for failure to promptly take down material specifically flagged up to it. Reasoning: Facebook was a controller of this data. But also a “host” within ECD 2000/31 (art. 14), data protection clause (art. 1(5)(b) not true exemption and “no general obligation to monitor” (art. 15) interpreted broadly.
  • 25. AY v Facebook Ireland (2016) (NIHC) Facts: Repeated publication of naked photos of plaintiff when aged 14 including on “shame page”. Held: Facebook might be liable to filter via PhotoDNA. Reasoning: Even if ECD host shield applied “the trial judge might conclude, having regard to existing technology, that blocking could be achieved without impermissible monitoring”. (But blocking “shame page” would require general monitoring). N.B.: ICO looked likely to intervene; Facebook then settled.
  • 26. Conclusions  SNS Content can raise significant DP/privacy concerns, whilst also engaging freedom of expression.  SNS Users – Some may benefit from domestic exemption but many are full controllers & outside special expression.  Implies wide-ranging DP responsibilities but some DPAs including ICO unwilling to accept this.  SNS Providers also exert some control over SNS Content.  Many DPAs increasing hold that this results in at least ex post DP responsibilities.  Courts seem to be moving in similar direction but see e- Commerce Directive as limiting scope of duties here.