Download Study on the Privacy of Personal Data and on the Security of Information in Social Networks PDF

TitleStudy on the Privacy of Personal Data and on the Security of Information in Social Networks
LanguageEnglish
File Size2.1 MB
Total Pages143
Table of Contents
                            1 INTRODUCTION AND OBJECTIVES
	1.1 Presentation
		1.1.1 Spanish National Institute of Communication Technologies (INTECO)
		1.1.2 Spanish Data Protection Agency
	1.2 Contextualizing the study
	1.3 Objectives of the Study.
	1.4 Methodology
		1.4.1 Phase I. Data Collection and Fieldwork
		1.4.2 Phase II. Information Analysis.
		1.4.3 Phase III. Recommendations and conclusions
	1.5 Content Structure
2 SITUATION: DEFINITION OF SOCIAL NETWORKS
	2.1 Characterizing Social Networks.
		2.1.1 Theoretical Basis
		2.1.2 Origin and evolution
		2.1.3 Definitions
		2.1.4 Keys to success
	2.2 Typology of social networks
		2.2.1 Generalist and recreational social networks.
		2.2.2 Professional Social Networks.
	2.3 Value chain and business models
		2.3.1 Value chain of social networks.
		2.3.2 Business models.
	2.4 Risks implied by the use of social networks
3 ANALYSIS OF THE MOST IMPORTANT ASPECTS AND SPECIFIC PROBLEMS OF SOCIAL NETWORKS
	3.1 Protection of the right to honor, personal and family privacy and image.
		3.1.1 Definition of the right
		3.1.2 Applicable Law
		3.1.3 Possible risks. How could the right to honor, privacy and image be affected in a Social Network?
		3.1.4 Vulnerable Groups. Underage and legally incapacitated users.
		3.1.5 Measures to protect the right to honor, privacy and image
	3.2 Personal Data Protection
		3.2.1 Definition of the right
		3.2.2 Applicable law: regulation and its evolution
		3.2.3 Possible risks on social networks. ¿How does personal data could be affected?
		3.2.4 Vulnerable Groups. Underage and legally incapacitated persons.
		3.2.5 Measures taken to protect the personal data of users.
	3.3 Intellectual Property protection in social networks
		3.3.1 Definition of the right
		3.3.2 Legal framework: regulations and its evolution.
		3.3.3 Probable risks. ¿How could Intellectual Property Rights be affected in a social network?
		3.3.4 Groups specially protected. Underage and legally incapacitated persons.
		3.3.5 Measures to protect the rights to intellectual property of users and third parties.
	3.4 Protection of Users and Consumers
		3.4.1 Definition of the right
		3.4.2 Applicable Regulations: Regulation and its evolution
		3.4.3 Possible risk. ¿How do these rights could be affected?
		3.4.4 Specific Cases. Underage and legally incapacitated persons.
		3.4.5 Measures to protect the rights of users and consumers
4 PROPOSALS AND RECOMMENDATIONS ADDRESSED TO THE AGENTS PARTICIPATING IN SOCIAL NETWORKS
	4.1 Proposals and recommendations addressed to the Industry
		4.1.1 Proposals and recommendations addressed to social networks and the collaborative platforms
		4.1.2 Proposals and recommendations addressed to the manufacturers and the providers of computer security
		4.1.3 Proposals and recommendations addressed to the Internet Services Providers (ISP)
	4.2 Proposals and recommendations addressed to the Administrations and Public Institutions
		4.2.1 From a normative point of view
		4.2.2 From an executive and administrative point of view
		4.2.3 From an educational and informative point of view
	4.3 Proposals and recommendations addressed to the users and the associations
		4.3.1 Protection of personal data, honor, intimacy and personal image
		4.3.2 Intellectual property
		4.3.3 Technology and security
		4.3.4 Protection of underage users
5 CONCLUSIONS
                        
Document Text Contents
Page 1

Instituto Nacional
de Tecnologías
de la Comunicación

Study on the Privacy of Personal Data
and on the Security of Information in
Social Networks



Study on the Privacy of Personal Data and on the Security of Information in Social Networks
Information Security Observatory Page 1 of 143



INFORMATION SECURITY OBSERVATORY

Page 2

Instituto Nacional
de Tecnologías
de la Comunicación

Study on the Privacy of Personal Data and on the Security of Information in Social Networks

February 2009

This publication belongs to the Instituto Nacional de Tecnologías de la Comunicación –INTECO- (Spanish National
Institute of Communication Technologies (INTECO) and the Agencia Española de Protección de Datos –AEPD-
(Spanish Data Protection Agency), is under a Creative Commons Spain 2.5 Attribution Non-commercial license, and for this
reason copying, distributing and displaying this work is permitted under the following circumstances:

• Attribution: The content of this report can be totally or partially reproduced by third parties, specifying its source and
expressly referring to both INTECO and AEPD its website: www.inteco.es, www.agpd.es. This attribution can in no event
suggest that INTECO or AEPD provides this third party support or supports the use made of its work.

• Non-commercial Use: The original material and the resulting works can be distributed, copied and shown as long provided
that it is not for commercial purposes.

When the work is reused or distributed, its license terms must be made very clear. Some of these conditions may be not be
applicable if the copyright license is not obtained from INTECO and the AEPD. Nothing in this license impinges or restricts
INTECO's and AEPD's moral rights.

Full license text:
http://creativecommons.org/licenses/by-nc/2.5/es/

Information Security Observatory Page 2 of 143

http://www.inteco.es/
http://creativecommons.org/licenses/by-nc/2.5/es/

Page 71

Instituto Nacional
de Tecnologías
de la Comunicación

Study on the Privacy of Personal Data and on the Security of Information in Social Networks
Information Security Observatory Page 71 of 143

consent of underage and legally incapacitated persons should be provided by them if their
conditions is considered as mature by the civil law."

Moreover, the law establishes two principles that contrast with the reality of the Internet.
The Article 1 stipulates that: "the civil protection to honor, privacy and image is defined by
laws and social practices according to the acts made by a person”. Moreover, referring to
the underage persons the Section. 3, establishes a criteria, of the possibility that a mature
underage person can consent in matters which affects his honor, privacy or image, and, in
cases where children does not have the sufficient capacity to consent, the rule says that
"the consent will need to be given by a written text of the legal representative, who will be
required to inform to the Public Prosecutor about this consent. If in eight days the Public
Prosecutor has objected the given consent, the judge will decide."

An additional criteria is what the Article 4 of the Organic Law 1/1996 of January 15, of
Protection of Underage persons, that partially amends the Civil Code and the Code of
Civil Procedures, which, in addition of recognizing the child's rights in Article 18 SC
provides the intervention of the State Prosecutors in cases of spreading of information or
use of images or names of the underage persons, in media that may involve an unlawful
intrusion to their privacy, honor or reputation, or that may be contrary to their interests.
Also, the provision orders to parents and/or guardians and to the authorities to respect
these rights and protect them against possible attacks by third parties.

It is clearly evident, that the reality of social networks is beyond the actual regulations, so
it required a systematic and proper interpretation of every law and regulation. Children
under 14 years old are capable to understand the use of technology, capturing and
reproducing information which affects their honor, privacy, image, their interests or
others´. Photographs of children proliferate on the Internet on their own profile spaces,
and even on pages linked to their families and/or to school activities.

It can be noted that the specific risks for children in this area are directly related to:

• Access to inappropriate content.

• The possibility to have an online contact, and even in person, with malicious users.

• The proliferation of children images and personal information published by
themselves or by third parties with ignorance of the risks associated with.

Social networks and websites, have main difficulties in achieving effective protection of
users because their actual systems are unable to control publications made by their
underage users, and by do not having tools that fully ensure the identity of their users.

Page 72

Instituto Nacional
de Tecnologías
de la Comunicación

Study on the Privacy of Personal Data and on the Security of Information in Social Networks
Information Security Observatory Page 72 of 143

Therefore, as the measures to control the content and access to inappropriate material,
are not properly developed and implemented, the risk of violating the rights of the minors
will persist.

To this factor it should be added that, (as we have emphasized) the Organic Law 1/1982,
at the time that it was created, the usage of information and the image of the children, as
the intervention of the Prosecutor, nowadays is certainly feasible thanks to technology.

The ENISA paper 'Children in a virtual world: What parents should know about”65,
published in September 2008 provides a series of recommendations to parents,
highlighting, among other recommendations, the need to train and educate both (parents
and children) alike.

Other cases: workers

From a legal point of view, the privacy of workers have an additional protection that the
Royal Decree 1/1995 of March 24, complements by approving the text of the Workers'
Statute (WS), that repeatedly states the right to workers to be respected by the employer.

That rule provides that “records to workers could only be made in their lockers and just if
these measures are necessary for the protection of the business and other employees’
assets. During the implementation of these measures, the dignity and privacy of the
employee will have to be respected and will be made assisted by the legal representative
of the workers or, in his absence it will be made by, another worker of the company, when
it could be possible."

However, this is certainly not a criteria applied for Internet and that is something that the
Supreme Court indicated when it established that the employer can control and even limit
the access of the mentioned recordings, in virtue of the power given by the Article 20.3 of
the Workers' Status if certain conditions are reunited66.


65 http://www.enisa.europa.eu/doc/pdf/deliverables/children_on_virtual_worlds.pdf
66 UNIFICATION THEORY Appeal 966/2006, Case 26/09/2007 Supreme Court said: "The control of the
computer use provided by the employer to the employee is not regulated by Article 18 of the Workers, but by
Article 20.3 of the Workers' and this provision must be with the qualifications set out below have been made.
The first concerns the limits of that control in this area and the provision cited refers to an exercise of the
powers of surveillance and control to save on their adoption and implementation, due consideration "to the
dignity of the worker, which also refers respect for privacy in terms to which reference has already been made
in reviewing the judgments of the Constitutional Court 98 and 186/2000. (...) You have to do business in
accordance with the requirements of good faith is to establish in advance the rules for using these media, with
application of absolute or partial bans, and inform the workers that there is control and the Means to be
applied in order to verify the correctness of the applications, as well as measures to be taken where
appropriate to ensure the effective use of work environment where necessary, notwithstanding the possible
application of other measures preventive, as the exclusion of certain routes.


http://www.enisa.europa.eu/doc/pdf/deliverables/children_on_virtual_worlds.pdf

Page 142

Instituto Nacional
de Tecnologías
de la Comunicación

Study on the Privacy of Personal Data and on the Security of Information in Social Networks
Information Security Observatory Page 142 of 143

INDEX OF TABLES

Table 1: Sampling by Autonomous Communities (%) .......................................................26

Table 2: Sampling by Socio-demographic Categories (%) ................................................27

Table 3: Social Networks ...................................................................................................32

Page 143

Instituto Nacional
de Tecnologías
de la Comunicación

http://www.inteco.es http://www.agpd.es

http://observatorio.inteco.es





http://www.inteco.es/
http://www.agpd.es/
http://observatorio.inteco.es/

Similer Documents