Doesn't this mirror some of the concerns raised in the opinion on Social Networking Sites from the Article 29 Working Group? They clearly indicate that the SNS has responsibilities as a (joint) Data Controller (which they tend to deal with poorly). One of those responsibilities surely would be adequately confirming the identity of the person creating the account (mandatory ID card would help! ;-) ).

The opinion also points out that not all the usage of a SNS by an individual is necessarily covered by the domestic purposes exemption - particularly where harm is being caused.

Donald Henderson

Information Compliance Manager

Perth & Kinross Council

From: This list is for those interested in Data Protection issues [mailto:[log in to unmask]] On Behalf Of Tim Trent
Sent: 30 September 2009 09:06
To: [log in to unmask]
Subject: [data-protection] Social media, Impersonation, Defamation

I've been asked a question by a friend in the USA regarding an article (linked below) that he has written on his blog. Brody is not "your average blogger", rather, he is a professional journalist who covers articles that have a different interest form his mainstream political work and does that in his blog. Obviously I need to remind us all that our comments are public comments, available to all on the JISCMail site.

Here is the question:
BEGINS
Dear Tim ~

This story comes from ABCNews.com and I found it topical in consideration of the Interview series that I am researching now. My question to you as a privacy expert, is how does one prevent this from happening? Should the social network sites be required to have proof on file for users? Or, as some have suggested, "be warned that IP address ____________ is being recorded for," {the user} and that user is liable for all contents? What happens when people get bullied, do we hold the site accountable?
As an expert in this field, I am curious to hear your comments on this.

Cheers

Brody

http://brodylevesque.blogspot.com/2009/09/brodys-notes-teen-pranksters-sued-in.html
ENDS

I love being called a Privacy Expert. To me that means that I know where to find the answers! And that means asking the list members what their opinions are. Is it possible to prevent cyber bullying by use of some form of privacy limitation, for example?

While this incident is under US law, I think the general principles apply worldwide, don't they?

The article is too long to reproduce here, so my apologies to those whose opinion is disenfranchised by blogs being blacklisted at work. It;s a hard article to precis in a few short words, too. BROADLY it is that a couple of people created a Facebook account in the name of a third person. They amassed that perosn's friends as Facebook friends and then ruined his/her reputation online.

I've seen the same impersonation happen on Twitter with Tom Daley, the UK diving star, where someone is masquerading as him in addition to his own account.

The question is not "what can social media do to put this right?" so much as "how can social media prevent it from happening?"

I see that as a tough question.

Tim Trent - Consultant
Tel: +44 (0)7710 126618
web: ComplianceAndPrivacy.com - where busy executives go to find the news first
personal blog: timtrent.blogspot.com/ - news, views, and opinions
personal website: Tim's Personal Website - more than anyone needs to know

Important: This message is private and confidential. If you have received this message in error, please notify us and remove it from your system. This email and any attachment(s) are believed to be virus-free, but it is the responsibility of the recipient to make all the necessary virus checks. This email and any attachments to it are copyright of Meadowood Associates, owners of Compliance And Privacy, unless otherwise stated. Their copying, transmission, reproduction in whole or in part may only be undertaken with the express permission, in writing, of Meadowood Associates, at Meadowood House, 30 Redditch, Bracknell, Berkshire, RG12 0TT.

All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html

Selected commands (the command has been filled in below in the body of the email if you are receiving emails in HTML format):

Leaving this list: send leave data-protection to [log in to unmask]
Suspending emails from all JISCMail lists: send SET * NOMAIL to [log in to unmask]
To receive emails from this list in text format: send SET data-protection NOHTML to [log in to unmask]
To receive emails from this list in HTML format: send SET data-protection HTML to [log in to unmask]

All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm and are sent in the body of an otherwise blank email to [log in to unmask]

Any queries about sending or receiving messages please send to the list owner [log in to unmask]

(Please send all commands to [log in to unmask] not the list or the moderators, and all requests for technical help to [log in to unmask], the general office helpline)

Securing the future... - Improving services - Enhancing quality
of life - Making best use of public resources.

The information in this email is solely for the intended
recipients.

If you are not an intended recipient, you must not disclose,
copy, or distribute its contents or use them in any way: please
advise the sender immediately and delete this email.

Perth & Kinross Council does not warrant that this email or any
attachments are virus-free and does not accept any liability for
any loss or damage resulting from any virus infection. Perth &
Kinross Council may monitor or examine any emails received by its
email system.

The information contained in this email may not be the views of
Perth & Kinross Council. It is possible for email to be falsified
and the sender cannot be held responsible for the integrity of
the information contained in it.

Requests to Perth & Kinross Council under the Freedom of
Information (Scotland) Act should be directed to the Freedom of
Information Team - email: [log in to unmask]

General enquiries should be made to [log in to unmask] or 01738
475000.

Securing the future... - Improving services - Enhancing quality
of life - Making best use of public resources.

All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html

Selected commands (the command has been filled in below in the body of the email if you are receiving emails in HTML format):

Leaving this list: send leave data-protection to [log in to unmask]
Suspending emails from all JISCMail lists: send SET * NOMAIL to [log in to unmask]
To receive emails from this list in text format: send SET data-protection NOHTML to [log in to unmask]
To receive emails from this list in HTML format: send SET data-protection HTML to [log in to unmask]

All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm and are sent in the body of an otherwise blank email to [log in to unmask]

Any queries about sending or receiving messages please send to the list owner [log in to unmask]

(Please send all commands to [log in to unmask] not the list or the moderators, and all requests for technical help to [log in to unmask], the general office helpline)