360 likes | 499 Views
Internet Dating A booming & risky business?. Ewout Keuleers Attorney-at-law at the Bar of Brussels Researcher at the Centre for Computer and Law, CRID Internet Dating Conference – Nice, 15 July 2004 Ewout.keuleers@ulys.net www.ulys.net. Privacy and data protection:
E N D
Internet DatingA booming & risky business? Ewout Keuleers Attorney-at-law at the Bar of Brussels Researcher at the Centre for Computer and Law, CRID Internet Dating Conference – Nice, 15 July 2004 Ewout.keuleers@ulys.net www.ulys.net
Privacy and data protection: Social network based on profiles Sensitive data & etnical/religious/sex dating Advertising SPAM : electronic mail – E-card – newsletter Consumer protection Protection of minors Electronic commerce: Regulatory framework General obligations for online services (ISS) Introduction & overview
Data Protection & Privacy EU framework
General: 95/46 Protection of personal data General principles Sensitive data Scope? Online and offline Public & private networks Specific 2002/58 Privacy & electronic communications Specific obligations Cookies & spyware spam & E-Cards Scope? Communication service Public networks General & sector specific regulations
Scope: customer « profile » 9 Principles of Data protection Sensitive data 1. General Protection: Directive 95/46 • Case Studies - specific issues • Privacy Policy • Unique Service Point & cross-profiling • Disclosure of data - testimonials • Etnical/religious/ sex Dating
Processing of personal data social network is based on matching registered profiles « personal data » Information concerning a data subject identifiable natural person Direct or indirect Controller or third party IP address? 007@hotmail.com ? Profile/contact information/ demographic data = personal data 1. Directive 95/ 46: Scope(1.2) • « Processing » • « Any » operation performed upon personal data
Processing of personal data & « adult » sites Do not expose minors to harmful or « explicit » content Online identification of persons: AVS procedure profile will contain more detailed personal information on customer Directive 95/ 46: Scope(1.3)
Data must be : fairly and lawfully processed ; processed for specified, detailed and legitimate purposes ; adequate, relevant and not excessive ; accurate ; not kept longer than necessary ; processed in accordance with the data subject's rights ; secure and remain confidential ; not transferred to countries without adequate protection (outside EU) ; processing activities « must » be notified to the supervisory authority. Directive 95/ 46 - General Principles (1.4)
Case study1 Privacy Policy
Case Study 2: Unique Service Point • Dating sites have great commercial potential • Generate traffic • Customer DB with profiles Can I share ‘customer’ information with third parties? Can I use the profiles for (targetted) advertising purposes?
Case Study 3: disclosure of data • Chat, forum, testimonials, etc. Testimonial HeatherAge : 27 - Alabama “Dear Matchamerica.com, We are happily married and enjoying the many blessings of being parents. If not for your website our happiness would not have happened. Best of luck to all.”
Testimonial – disclosure of data “Our wedding was on October 4, 2003, in St. Dorothy's Church, Drexel Hill, PA. Jeri and I met in late February of this year on catholicsingles.com. She had been on the web site during 2002 without much success. I had been on at around the same time and met some very nice ladies, but nothing clicked. Our first meeting was for mass and breakfast across the street. One thing led to another; in June we both asked each other "Will you marry me?"; we both said yes, and the rest is history.Thank you for all that your web site did for two middle-aged people who had had successful marriages, were widowed much too soon, and were blessed by God to find happiness again. -Joe & Jeri Santine”
Broad an open notion of « processing » includes « disclosure by transmission, dissemination or otherwise making available» Must be careful if you disclose personal information in a newsletter or on your website, e.g., personal contact details, names Lindqvist case (Sweden –European Court of Justice, 2003) Publication on the internet Transfer to « third country »? Disclosure of personal data
Sensitive data
1. Directive 95/ 46: sensitive data(1.5) • Sensitive data: (art 8) « personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, and the processing of data concerning health or sex life. » • Direct and indirect • information on sexual orientation or a disease?
Very strict regime: No processing allowed unless limited exception Exceptions: protect the vital interests of the data subject? the purposes of preventive medicine, medical diagnosis, the provision of care or treatment or the management of health-care services? Processing of data relating to offences, criminal convictions or security measures may be carried out only under the control of official authority? Explicit consent of data subject 1. Directive 95/ 46 : sensitive data (1.6) Member State?
Advertising - Content (2.1) In contrast to some sectors, e.g, gambling, tobacco, etc., no particular restrictions, except for minors! EU regulatory framework for consumer protection and « publicity » Proposal Directive on Unfair Commercial Practices (June 2004) Directive on electronic commerce Directive on distance selling Directives on misleading & comparative advertising.
Advertising - Content (2.2) • “Unfair Commercial Practice” • The practice is contrary to the requirements of professional diligence; • The practice materially distorts consumers’ behavior. • Average consumer
“Misleading practices” Claiming to be a signatory to a code of conduct when the trader is not. "Bait advertising" scams (advertising a product as a special offer without actually having it in stock, or having only a token stock of the product) Stating that a product can legally be sold when it cannot. Materially misrepresenting the risk to the consumer or his family if the consumer does not purchase the product. Describing a product as “gratis”, “free”, “without charge” or similar if the consumer has to pay anything other than the unavoidable cost of responding and collecting or paying for delivery. “Aggressive practices” Creating the impression that the consumer cannot leave the premises until a contract is formed. Conducting personal visits to the consumer’s home ignoring the consumer's request to leave or not to return. Demanding payment for products supplied by the trader, but which were not solicited by the consumer (inertia selling). Advertising - Content (2.3)
Advertising social network services for « adults » Advertising - Content (2.4) • Exposure of minors to harmful content • Infringing public order and morality
Advertising - Content (2.5) • Dating site as UPS: link/ banner for other services • ‘illegal’ service, e.g.,Mail Order Bride Sites, remote gaming or online pharmacies
Specific regulation for some media Written press, freedom to provide goods TV (Bacardi Case – TWF Directive) Radio Internet? iDTV? 3G? Specific regulation for traditional media does (not) apply, only general (or) technology neutral regulation does? “any text, voice, sound or image message sent over a public communications network which can be stored in the network or in the recipient's terminal equipment until it is collected by the recipient” Electronic mail Advertising – Support (2.7)
Commercial Communications Online privacy protection
EU Framework for commercial communications Electronic Commerce Directive • commercial communications “any form of communication designed to promote, directly or indirectly, the goods, services or image of person pursuing a commercial activity” • Legal regime • Article 6: Commercial Communication: Information to be provided • The commercial communication must be identified as such • The natural or legal person on whose behalf the commercial communication is made, must be identified • promotional offers, such as discounts, premiums and gifts, shall be clearly identifiable as such, and the conditions which are to be met to qualify for them shall be easily accessible and be presented clearly and unambiguously
Misleading practice EU Framework for commercial communications Electronic Commerce Directive • Article 7 : Unsolicited commercial communications – SPAM • Spam must be identified in a clear and unambiguous way, as from the moment of reception on • Service providers must respect opt-out registers • Article 16 : Codes of Conduct or other self-regulatory instruments
Upon registration you ask your customer whether he/she wants to receive information on your services EU Framework for commercial communications Privacy Issues: Directive 2002/58/EC • Unsolicited Communications: article 13 : • Principle: OPT IN : must give their prior consent : • Electronic mail: email, sms, mms…pop up? Banner ? Newsletter? • How to obtain a prior valid consent? • Exception: OPT-OUT if : • Existing commercial relationship • Same natural or legal person • Similar products or services • Consumer is given the opportunity to refuse reception (opt-out)
Case study: refer a friend & E-card • E-cards & Opt-in? • Spam or private correspondance? • Broad notion of • « commercial communication » • « electronic mail »
EU Claria (Hertz – March 2004) US ‘Gator’ cases (2003) EU Framework for commercial communications Privacy Issues: Directive 2002/58/EC • Cookies, Spyware, hidden identifiers and other similar devices • Legitimate purposes • User must be informed on the installation, on its purposes: promotion of gaming activities? • Users should have the opportunity to refuse to have a cookie • User should receive user-friendly information on how to refuse installation
Closing remarks and conclusion • Booming industry with great potential • Trust and confidence are key factors • Process profiles in compliance with privacy regulations, in particular when dealing with sensitive data • Be transparent and inform customer on his rights (e-commerce, distance selling, data protection) • Adopt reasonable measures to prevent exposure of minors to adult or harmful content Ewout.keuleers@ulys.net www.ulys.net
Q & A Ewout.keuleers@ulys.net www.ulys.net