EU Social Network Group_ Response Council of Europe_18.03.2011 (FinalVersion)

8/7/2019 EU Social Network Group_ Response Council of Europe_18.03.2011 (FinalVersion)

1/5

1

EUROPEAN SOCIAL NETWORKS GROUP RESPONSE TO THE COUNCIL OF EUROPE PUBLIC

CONSULTATION ON THE DRAFT RECOMMENDATION ON MEASURES TO PROTECT AND

PROMOTE RESPECT FOR HUMAN RIGHTS WITH REGARD TO SOCIAL NETWORKING SERVICES

EUROPEAN SOCIAL NETWORKS GROUP, c/o Xing AG, Gaensemarkt 43, 20354 Hamburg,

Germany

ID number: 19984124971-53

Representing 11 European social networks with more than 70 million registered users.

Introduction

It is well known that social networking services in Europe are becoming an increasingly

important part of peoples daily lives, specifically with relation to the individuals participation

in social life. For this reason, social network providers must focus on promoting and facilitating

users well-being while respecting theirs rights, and especially their right to privacy and the

enforcement of data protection regulation.

In today's globalized world, we are all aware of the fact that European consumers have access

to many non-European online services. We strongly believe that any EU recommendations or

guidelines that are approved at an EU level should be applicable to any online service

providers that target European consumers regardless of the geographic location of the data

controller.

More broadly, the EU should ensure that all rules are enforced equally for European and non-

European providers, irrespective of that providers physical location. Thus, in order to

strengthen the sustainability of the Directive 95/46/EC, we believe it is necessary to ensure

that it applies to both European and non-European providers whose online services explicitly

target European consumers.

Without this certainty, there exists a major commercial and competitive disadvantage for

European social network providers and in the worst case could lead to a massive exodus of

online operators to non-EU countries. Additionally, due to the lack of controls and sanctions

targeted at companies out of compliance with European data protection laws, there is no level

playing field for business and no guarantee of data protection for European consumers, who

are entitled to this protection under the EU Charter of Fundamental Rights and EU data

protection regulation.

The EU should ensure that all rules are enforced equally for European and non-European

providers, so that all social networks are required to follow the same guidelines with regards

to protection of user data. To make this possible, the law needs to be enforced in a consistent

way within the EU for both local and foreign operators.


2/5

2

Comments on the Council of Europes draft Recommendations and proposal for draft

Guidelines

(I) Transparency as regards freedom of expression and access to information

It is commonly accepted that the freedom of expression and information, and the absence of

censorship, are fundamental rights in most democratic societies. We believe that in present

day society, social networks not only provide a space for sharing and engaging socially, but also

facilitate a users ability to freely communicate and access information.

This creates a challenge for social network providers because although it is necessary to allow

users to exercise their freedom of expression online, it is just as important to ensure a secure

online environment, where all users are respected and protected.

For this reason, it is crucial that social networks provide users with a clear understanding of

their responsibilities when engaging online: applicable rules, enforceable laws and possible

penalties in case of breach of these laws. It is important to clearly communicate what is illegal

and what is inappropriate content on a social network.

That said, the obligation to inform users of the applicable rules concerning appropriate

content must be limited to this warning and cannot imply an obligation for the social network

to control and supervise all content uploaded by its users. This type of monitoring is not only

unfeasible but an infringement of users rights: article 15 of the Directive 2000/31/EC

specifically states that Member States shall not impose a general obligation on providers to

monitor the information that they transmit or store, nor a general obligation to actively to

seek facts or circumstances indicating illegal activity.

It will continue to be necessary to promote and encourage self-regulatory initiatives that

complement and facilitate application of the regulatory framework on freedom of speech,

such as dissemination of information with respect to a users online rights and responsibilities.

It is also necessary to implement effective report systems in order to guarantee both freedom

of speech and mutual respect.

(II) Appropriate protection of children against harmful content and behaviour

We believe that it is imperative, especially for users who are minors and their parents, to feel

confident about using the tools put at their disposal to manage the information that they

publish within a social networking service, to completely delete their profile and all their

personal data a network could contain, and to have sufficient knowledge about available

reporting mechanism to get harmful content or behavior eliminated from their network.

We understand, as indicated by the Council of Europe, that there is not a suitable technical

solution with regard to online age verification that does not infringe on other human rights

and/or does not facilitate age falsification. Therefore, age-verification systems must be

implemented based on age input provided by the users themselves when first creating a

profile with the social network service. This can be complemented with proactive and reactive

tools to detect underage users.


3/5

3

Notwithstanding, in order to make the mentioned privacy by design structure of social

network services really effective and to protect European users rights more broadly, we

should recall that the EU should ensure that all rules are enforced equally (in terms of

regulation and accountability) for European and non-European providers, so that all social

networks are required to follow the same rules regarding protection of user data, especially

for minors. We need to recall, the need for law enforcement in a consistent way within the EU

for both local and foreign operators.

We absolutely agree that users should have access to easy to use mechanism for reporting

inappropriate and illegal content or behaviour to site supervisors. In order to adopt specific

measures to prevent cyber bullying and cyber grooming, the social networks services provide

users with proactive and reactive tools to control harmful content or behavior, including

effective report systems and proactive protocol of cyber bulling and cyber grooming detection.

Notwithstanding, we believe that social networking providers obligations should absolutely

encompass effective, transparent, independent and accountable mechanisms to control or

block harmful content or behavior, but cannot imply in any case the obligation of a social

network to control, supervise, and rate all the content uploaded by its users.

We strongly disagree with the use of pseudonymous profiles [see below promotion of

identified users at (III) Ensuring users control over their data], as in our experience

unidentifiable profiles lead to many difficulties in controlling cyber bullying and cyber

grooming. In these cases, age-appropriate access cannot be controlled and cooperation with

authorities can only be done on a limited basis because of limited or unknown information

about the alleged offender.

(III) Ensuring users control over their data

We understand, as suggested, that it is important to inform the users clearly about the terms

of use, in order to ensure control over their data. In this regard, Social network providers have

included transparent information for users about the management of their personal data in

the terms and conditions of the social networking site, in a form and language that is

appropriate for the target groups of the social networking service.

Social network providers have implemented applicable European privacy regulations as well as

complementary self-regulation initiatives as members of the European Social Networks

(representing 11 European social networks with more than 70 million registered users). We are

concerned about the importance of active collaboration with local Data Protection Authorities.

Social network providers, under supervision of each local Data Protection Authority, complies

with a strict privacy regulation in Europe by limiting default access to self-selected friends,

applying state of the art security measures and ensuring legitimate processing of personal data

(especially with respect to processing by third parties and for behavioural advertising).

Regarding this, it is well known that having all social network providers, meaning both

European and non-European providers who target European customers, respect European

privacy regulations will help assure the protection of all European citizens.


4/5

4

We strongly believe that users should register as themselves with their correct identifiable

information (processing their data as confidential and applying state of the art security

measures to protect this data against unlawful access by third parties) as opposed to allowing

users to register anonymously (by allowing the possibility of pseudonymous profiles), for a

number or reasons:

- This question deserves specific attention, because encouraging identified users insteadof pseudonymous profiles is part of our foundation as social network providers based on

the circle of trust relationship between users.

- We agree with the Committee of experts on new media that, as social networking services,we offer the possibility to both receive and impart information. In this sense, being part of

our social network service means that users are able, having been previously informed

about the consequences, to connect with friends on an individual basis or with a dynamic

group of people.

- Moving someones real life to the Internet means allowing users to make the samegenuine connections they make in the real world online. We encourage users to only share

information and connect with people they really know, and in order to trust that this is the

case, it Is necessary to provide ones real information.

- Sharing information only with identified participants empowers users to feel confidentabout options for managing their profile and respecting other users, thus preventing harm

to themselves and others.

- We promote a service through which users can share the information they choose andunderstand the implications of sharing this information [see point (I) Transparency, and

the concept of privacy by design]. Since users have themselves chosen who to allow into

their circle of trust, there is no need to be anonymous, and the presence of anonymous

profiles leads to a feeling of distrust in other users and the network itself.

- The criteria for establishing whether a profile is a real person or not would be impossibleto maintain, and the mechanisms for removing fake or harmful profiles from the network

would be greatly hindered.

- We believe that allowing for pseudonymous profiles would make collaboration with lawenforcement bodies next to impossible, as the anonymity of profiles would make it

impossible to locate a persons real identity.

Conclusions

The main conclusions with respect to the Council of Europes public consultation are the

following:

The EU should ensure that all rules are enforced equally for European and non-European social network providers, irrespective of the fact that the latter has no

permanent physical presence or processing centers in the European Union.

The obligation to inform users on the applicable rules concerning freedom ofexpression must be limited to the publishing of guidelines and should not imply in any

case the obligation of the social network to control and supervise all the content

uploaded by its users.


5/5

5

Encouraging the use of pseudonymous profiles could add difficulties to cyber bullyingand cyber grooming prevention. Establishing a circle of trust that enables users to

feel safe online is only possible if users are transparent about their real identities and

adopt appropriate privacy measures.

Likewise, an obligation to label and provide an age rating of content is entirelyunfeasible and inappropriate. Social Network administrators have neither the

resources nor any legitimate basis to establish a rating for content generated by users.

In terms of content generated by the network itself (namely advertising), there already

exists appropriate age targeting that complies with actual laws.

_____________________________________________________________________________

This proposal was drafted by Mr. Oscar Casado, General Counsel and Chief Privacy Officer of

Tuenti Technologies, S.L., and reflects the opinion of members of the group European Social

Networks, registered in the European Commissions of Interest representatives with ID

number 19984124971-53, which are at the moment (subject to increasing):

aka-aki networks GmbH www.aka-aki.com - Germany

Barrabes Esqu Montaa S.L.U. www.barrabes.com Spain

Hyves www.hyves.nl - Netherlands

Nasza Klasa Sp. z o.o. www.nk.pl Poland

Servio de Apontadores Portugueses SAPO sapo.pt Portugal

Tuenti Technologies www.tuenti.com - Spain

VZnet Netzwerke Ltd. www.studivz.net Germany

Xing AG www.xing.com Germany

Zoo www.zoo.gr Greece

IWIW www.iwiw.hu Hungary

Netlog NV www.netlog.com Belgium

18 March 2011

Documents

EU Social Network Group_ Response Council of Europe_18.03.2011 (FinalVersion)