World’s biggest lie ever is
“Yes, I have read and accepted these Terms of Agreement”
“Yes, I have read and accepted these Terms of Agreement”
As the Internet services hastily develop, we hardly ever remember to think of the topical question of XXI century: “How could we live without mobile phones?” Just the other way round, nowadays we rather think: “What did we do without Internet before?” Internet technologies fit our lives so harmoniously that it is hard to imagine how we performed this or that action when they did not exit. Many enthusiasts both admire and fear how fast the information technologies evolve.
Professionals who use databases (such as Liga, LexisNexis or Westlaw) today may perform several times as many operations per day as they could perform 10 years ago. However, strange as it may be, in legal terms Internet still remains a terra incognita which lawyers and legal experts aim to avoid. Indeed, there are already quite a lot of related legal regulations and court cases worldwide, so one can’t say Internet is totally ignored by lawyers. But generally Internet is still the “black hole” of the legal world, especially in terms of regulation of personal information protection. This is particularly relevant in the context of the rapid development of social networks which quite seriously touch upon the privacy of information and how this information may be used.
Facebook Imposes Rules
In early January, 2010, Mark Zuckerberg, creator of Facebook, the Internet’s biggest and most popular social network, nearly sparked a revolution in the Internet environment by publishing new Terms of Agreement of Facebook use where the user’s personal data privacy rights were virtually negated. As Mr. Zuckerberg says, his one and only purpose was to protect the users’ personal data from hacker and spam attacks by demanding… even more information from Facebook users. By a single button click a social network user would agree that after he or she uploads any information Facebook could use the same without any further consent from such user. So, by posting their pet’s photo to the profile the user would basically consent to such photo being used in any manner, even as a Facebook ad.
However, the attempt failed. Users outraged and the Electronic Privacy Information Center based in Washington was about to file a claim with the US Federal Trade Commission for illegality of the newly introduced Terms of Agreement, when Zuckerberg anticipated the public response and followed the public requests just in good time by declaring that the new Terms of Agreement will not become effective. Nevertheless, things were set in motion.
In January 2011 Facebook endeavored to adopt new rules which would make the users’ phone numbers and Web addresses visible to third parties, but once again had to act as the public demanded and temporarily suspended the project for elaboration of new Terms of Agreement. This time, in legal sense, the new Terms of Agreement were not rejected but rather gave rise to some practical issues. Although users may set up the account privacy level, the default settings provide that the users consent to their personal data being shown to any third parties on Internet (even those not on Facebook). Since most of the users are too fast to click the “Yes, I have read and accepted these Terms of Agreement” button, they would be “trapped” and, as a result, would in fact share their e-mail addresses or phone numbers with the whole world.
Although the Terms of Agreement still have not been modified in respect of personal information use, Facebook is quite often featured in mass media. If you enter the word “facebook law” in a search engine you will easily find headings saying:
1. Facebook Violates Canadian Personal Information Protection Laws;
2. Facebook Violates South Korea Privacy Laws;
3. Facebook Infringes European Laws;
3. Facebook Breached Privacy Laws; etc.
Most of the criticism is about Facebook sharing user personal data with game producers and application and software developers counting over 950 000 worldwide (this is the main reason why Facebook is attacked by the South Korea Public Relations Commission and the Office of the Privacy Commissioner of Canada) and that Facebook stores the user account information on a permanent basis (which is another reason why Facebook faces criticism from the Canadian and Australian Privacy Commissioners). In other words, once uploaded by the user the personal data will be perpetually stored in the social network database. Among other things, there is a threat that after the sensitive information is transferred to third parties, it may be thereafter disclosed by such third parties which are unable to provide adequate protection to such information.
Viewing someone’s picture on the Internet and sharing it with “friends” across various social networks is an invasion of privacy, whichever way you look at it. Having spotted a picture discrediting one’s colleague, one may post it for public view without the colleague’s permission or knowledge. Theoretically, it may happen that the colleague, who has had no access to the network for some time, returns to work and finds himself “an office celebrity”. On several occasions already, the European Union has raised the question of revamping its Data Protection Directive (Directive 95/46/EC) to set stricter personal data use rules for the search and social networking giants Google and Facebook and promises to approve a number of amendments to the Directive to ensure protection of the personal data of users registering their accounts with social networking sites, including Facebook.
For its part, Switzerland, which is known for its strict confidentiality rules, suggests adopting regulations compelling Facebook and any other social networking sites to directly contact the users whose pictures are uploaded to their sites and ask their permission to publish such pictures.
Meanwhile, one should understand that the criticism mainly comes from lawyers or social groups who generally see the big picture and understand the theoretical problems that may arise from the use of personal information by social networking sites. At the same time, one should understand the practical meaning of the existence of social networks and the intentions behind their creation. First, social networks have completely diluted the notion of borders, and it is impossible to ensure compliance with the requirements of all national jurisdictions. Directives of the European Union will differ from the laws of Canada which, in their turn, will differ from the laws of Switzerland. Second, the very purpose of social networks is communication and dissemination of news and, therefore, an account opened on a social networking site may need to be viewed as a publicly available publication rather than personal information. And third, the very fact that users actively use their accounts and post personal information implies that they accept Facebook’s Terms of Agreement.
Recent Decisions
Concerns over the privacy of social networking sites have already crossed over into the realm of relations between social network users and their employers. A short while ago, the U.S. Maryland Department of Public Safety and Correctional Services asked its job applicant Robert Collins to give up the passwords to all his social networking accounts. Collins at first agreed, but later contacted the American Civil Liberties Union, and they promised to probe into the legitimacy of such demands. In the end, as a result of intense public scrutiny and pressure, the Department suspended its policy of demanding social networking passwords from its job applicants for a 45-day review.
The Department officially explained its practice of requesting such passwords with the simple need to check that its job applicants were not involved in gangs. It seems that its senior officials expected their officers to make status updates like “I lost a bunch of master keys somewhere near the central bank office yesterday. Please return them to me.”
A flurry of new developments in social networking has also extended into the realm of litigation. Thus, the UK Supreme Court issued a guidance allowing journalists to use “text-based communications” (microblogs), such as tweeting on micro-blogging service Twitter, to update people outside the courtroom on the progress of cases. An exception is made for criminal cases involving the risk that Twitter blogs may somehow influence the jury or witnesses. Meanwhile, it is still strictly forbidden to take pictures (including with a mobile phone) during the hearing or make any audio recordings. Therefore, if necessary, the general public can learn the verdict without having to wait for the courtroom door to open. Lawyers and journalists tend to open Twitter accounts to share the latest news or communicate legislative updates. As a result, almost one million users worldwide followed Twitter and other live microblogs during the recent hearing on the extradition of Julian Assange (the founder of the whistle-blowing website Wikileaks) to Sweden.
We may assume that the increasingly popular social networks will ultimately progress to be governed by special laws and international conventions on social networking and users’ personal data protection, especially as they tend to be tied to each other (when user’s activity in one network automatically updates several other networks).
We are left to hope that new legislative developments will not spoil the pleasure of using microblogs and social networking sites and that in a few years’ time we will suddenly find ourselves thinking: “How did we live without social networks?”
Юридическая практика (Yuridicheskaya Praktika), №13, Mar 29, 2011
Professionals who use databases (such as Liga, LexisNexis or Westlaw) today may perform several times as many operations per day as they could perform 10 years ago. However, strange as it may be, in legal terms Internet still remains a terra incognita which lawyers and legal experts aim to avoid. Indeed, there are already quite a lot of related legal regulations and court cases worldwide, so one can’t say Internet is totally ignored by lawyers. But generally Internet is still the “black hole” of the legal world, especially in terms of regulation of personal information protection. This is particularly relevant in the context of the rapid development of social networks which quite seriously touch upon the privacy of information and how this information may be used.
Facebook Imposes Rules
In early January, 2010, Mark Zuckerberg, creator of Facebook, the Internet’s biggest and most popular social network, nearly sparked a revolution in the Internet environment by publishing new Terms of Agreement of Facebook use where the user’s personal data privacy rights were virtually negated. As Mr. Zuckerberg says, his one and only purpose was to protect the users’ personal data from hacker and spam attacks by demanding… even more information from Facebook users. By a single button click a social network user would agree that after he or she uploads any information Facebook could use the same without any further consent from such user. So, by posting their pet’s photo to the profile the user would basically consent to such photo being used in any manner, even as a Facebook ad.
However, the attempt failed. Users outraged and the Electronic Privacy Information Center based in Washington was about to file a claim with the US Federal Trade Commission for illegality of the newly introduced Terms of Agreement, when Zuckerberg anticipated the public response and followed the public requests just in good time by declaring that the new Terms of Agreement will not become effective. Nevertheless, things were set in motion.
In January 2011 Facebook endeavored to adopt new rules which would make the users’ phone numbers and Web addresses visible to third parties, but once again had to act as the public demanded and temporarily suspended the project for elaboration of new Terms of Agreement. This time, in legal sense, the new Terms of Agreement were not rejected but rather gave rise to some practical issues. Although users may set up the account privacy level, the default settings provide that the users consent to their personal data being shown to any third parties on Internet (even those not on Facebook). Since most of the users are too fast to click the “Yes, I have read and accepted these Terms of Agreement” button, they would be “trapped” and, as a result, would in fact share their e-mail addresses or phone numbers with the whole world.
Although the Terms of Agreement still have not been modified in respect of personal information use, Facebook is quite often featured in mass media. If you enter the word “facebook law” in a search engine you will easily find headings saying:
1. Facebook Violates Canadian Personal Information Protection Laws;
2. Facebook Violates South Korea Privacy Laws;
3. Facebook Infringes European Laws;
3. Facebook Breached Privacy Laws; etc.
Most of the criticism is about Facebook sharing user personal data with game producers and application and software developers counting over 950 000 worldwide (this is the main reason why Facebook is attacked by the South Korea Public Relations Commission and the Office of the Privacy Commissioner of Canada) and that Facebook stores the user account information on a permanent basis (which is another reason why Facebook faces criticism from the Canadian and Australian Privacy Commissioners). In other words, once uploaded by the user the personal data will be perpetually stored in the social network database. Among other things, there is a threat that after the sensitive information is transferred to third parties, it may be thereafter disclosed by such third parties which are unable to provide adequate protection to such information.
Viewing someone’s picture on the Internet and sharing it with “friends” across various social networks is an invasion of privacy, whichever way you look at it. Having spotted a picture discrediting one’s colleague, one may post it for public view without the colleague’s permission or knowledge. Theoretically, it may happen that the colleague, who has had no access to the network for some time, returns to work and finds himself “an office celebrity”. On several occasions already, the European Union has raised the question of revamping its Data Protection Directive (Directive 95/46/EC) to set stricter personal data use rules for the search and social networking giants Google and Facebook and promises to approve a number of amendments to the Directive to ensure protection of the personal data of users registering their accounts with social networking sites, including Facebook.
For its part, Switzerland, which is known for its strict confidentiality rules, suggests adopting regulations compelling Facebook and any other social networking sites to directly contact the users whose pictures are uploaded to their sites and ask their permission to publish such pictures.
Meanwhile, one should understand that the criticism mainly comes from lawyers or social groups who generally see the big picture and understand the theoretical problems that may arise from the use of personal information by social networking sites. At the same time, one should understand the practical meaning of the existence of social networks and the intentions behind their creation. First, social networks have completely diluted the notion of borders, and it is impossible to ensure compliance with the requirements of all national jurisdictions. Directives of the European Union will differ from the laws of Canada which, in their turn, will differ from the laws of Switzerland. Second, the very purpose of social networks is communication and dissemination of news and, therefore, an account opened on a social networking site may need to be viewed as a publicly available publication rather than personal information. And third, the very fact that users actively use their accounts and post personal information implies that they accept Facebook’s Terms of Agreement.
Recent Decisions
Concerns over the privacy of social networking sites have already crossed over into the realm of relations between social network users and their employers. A short while ago, the U.S. Maryland Department of Public Safety and Correctional Services asked its job applicant Robert Collins to give up the passwords to all his social networking accounts. Collins at first agreed, but later contacted the American Civil Liberties Union, and they promised to probe into the legitimacy of such demands. In the end, as a result of intense public scrutiny and pressure, the Department suspended its policy of demanding social networking passwords from its job applicants for a 45-day review.
The Department officially explained its practice of requesting such passwords with the simple need to check that its job applicants were not involved in gangs. It seems that its senior officials expected their officers to make status updates like “I lost a bunch of master keys somewhere near the central bank office yesterday. Please return them to me.”
A flurry of new developments in social networking has also extended into the realm of litigation. Thus, the UK Supreme Court issued a guidance allowing journalists to use “text-based communications” (microblogs), such as tweeting on micro-blogging service Twitter, to update people outside the courtroom on the progress of cases. An exception is made for criminal cases involving the risk that Twitter blogs may somehow influence the jury or witnesses. Meanwhile, it is still strictly forbidden to take pictures (including with a mobile phone) during the hearing or make any audio recordings. Therefore, if necessary, the general public can learn the verdict without having to wait for the courtroom door to open. Lawyers and journalists tend to open Twitter accounts to share the latest news or communicate legislative updates. As a result, almost one million users worldwide followed Twitter and other live microblogs during the recent hearing on the extradition of Julian Assange (the founder of the whistle-blowing website Wikileaks) to Sweden.
We may assume that the increasingly popular social networks will ultimately progress to be governed by special laws and international conventions on social networking and users’ personal data protection, especially as they tend to be tied to each other (when user’s activity in one network automatically updates several other networks).
We are left to hope that new legislative developments will not spoil the pleasure of using microblogs and social networking sites and that in a few years’ time we will suddenly find ourselves thinking: “How did we live without social networks?”
Юридическая практика (Yuridicheskaya Praktika), №13, Mar 29, 2011