and jus-bit

Today ENISA (European Network and Information Security Agency) published a new report on social networks accessible through mobile devices titled "Online As Soon As It Happens" (online as soon as it happens). And 'possible to download the document from the website of ENISA .

This report also sees my own collaboration for Italy.

ENISA in its press release noted that:

The report points out the risks and threats of mobile social networking services, eg identity theft, data leakage and corporate reputation risks of mobile social networks. The Report Also Gives 17 'golden rules' on how to combat These threats.

(The report highlights the risks and threats of mobile social network services, eg. Identity theft, data loss and corporate reputation risks of mobile social networks. The report also contains 17 "golden rules" on how combat these threats)

The report does not cover the phenomenon of social networking for minors but it is a sort of general guide to avoid the risks associated with the phenomenon of mobile social networking. In this paper is a description of what is meant by mobile social network that is described as follows:

Mobile social networking is a means-of communication using a combination of voice and data devices over cellular networks Including private and public IP technology and infrastructure. Generally speaking MSNs can be Divided into two categories: 'on deck' and 'off deck'. 'On Deck' That Refers to services operated through partnerships Between social networking companies and wireless phone carriers. This category of services and programs enable the Which applications are distributed via social networking experience and the wireless carriers are pre-packaged with the purchase of a mobile phone. 'Off Deck' Refers to services instead Whose applications do not like pre-packaged and the user has to download the application from the Internet or from a wireless provider after the time of purchase.

Well, the document distinguishes between mobile social networkings (MSNs) "on deck" and "off deck": the first case of social network services pre-installed in your phone or mobile device and offered under an agreement between the social network provider and provider, while the latter is freely downloadable applications on the device and released by specific agreements.

The document provides the framework for privacy-related aspects of this phenomenon and the main rschi thereof.

Overall this is an excellent and useful document in the style of ENISA.

Source: ENISA

Returning Art to the document. 29 WP, I think it useful to give the final part with the list of rights and duties (unofficial translation):

Summary of Obligations / Rights

Applicability of EC Directives

1. The Data Protection Directive Generally Applies to the processing of personal data by SNS, Even When Their headquarters are outside of the EEA (Directive on the protection of personal information generally applies to the processing of personal data by the SNS, even when their headquarters is outside of Europe).

2. SNS providers are data controllers under the Considered Data Protection Directive (the SNS are considered responsible for the data under the Directive on the protection of personal data).

3. Application providers Might Be Considered on controllers under the Data Protection Directive (Software vendors may be considered responsible for the data under the Directive on the protection of personal data).

4. Users are given Considered subjects vis-à-vis the processing of Their given by (SNS users are considered subjects of the data being processed by the SNS).

5. Processing of personal data by users in Most cases Falls Within The household exemption. There are instances where the Activities of a user are not covered by this exemption (The processing of personal data from users in many cases not covered by the exemption).

6. SNS fall outside of the scope of the definition of electronic communication service and the Data Retention Directive Therefore does not apply to (SNS SNS To not fall within the definition of electronic communications service does not apply to the Directive on data retention).

Obligations of SNS

7. Should about SNS users of Their identity, and Provide clear and comprehensive information about the practical purposes and different ways in Which They INTEND to process personal data (The SNS should inform users about their identity and provide clear and understandable information about the aims and ways diveris in which they intend to process personal data).

8. Should SNS offer privacy-friendly default settings (The NSS should provide simple default privacy settings).

9. SNS Should Provide information and adequate warning to users about privacy risks on When They upload onto the SNS (The NSS should provide users with adequate information and warnings about the privacy risks when they upload the data on SNS).

11. Users Should Be Advised by SNS That pictures or information about other individuals, Should only be uploaded with the individual's consent (Users should be advised by SNS that pictures or information about other individuals should be uploaded with the permission of the persons) .

12. At a minimum, the homepage of SNS Should Contain a link to a complaint facility, covering data protection issues, for Both members and non-members (a minimum, the home page of SNS should contain a link to a simple report, with regard to issues privacy for members and non-members).

13. Marketing activity must Comply with the rules laid down in the Data Protection and ePrivacy Directives (The marketing de comply with the directives imposed role of data protection and ePrivacy).

14. SNS must-September maximum periods to retain data on inactive users. Abandoned accounts must be deleted (The NSS should set maximum periods to retain data for inactive users. The abandoned acount be deleted).

15. With regard to minors, take appropriate action to SNS Should Limit the Risks (With regard to minors, the NSS should make appropriate interventions to mitigate the risk).

Rights of Users

16. Both members and non-members of SNS have the rights of data subjects if applicable, According To the PROVISIONS of Article 10 to 14 of the Data Protection Directive (both members and nonmembers of the SNS have the right of data subjects if applicable, according forecasts of Articles 10-14 of the Directive on data protection).

17. Both members and non-members access to an Should Have easy-to-use complaint handling procedures set up by the SNS (both members and non-members should have access to a simple notification procedure set by the SNS).

18. Should users in general, be allowed to adopt a pseudonym (Users should generally be allowed to adopt a pseudonym).

The position of the limb. 29 WP looks very much in line with the principles signed by the SNP in Luxembourg on 10 February. However, the paper art. 29 WP is important because it clarifies the precise issues on which there were some doubts. The hope is that the SNP will soon adjust to allow compliance with the directives in question.

On 12 June, the so-called Article 29 Working Party (Article 29 Data Protection Working Party) has adopted the document entitled "Opinion 5 / 2009 on online social networking" on social netorking online.

This document constitutes a valuable contribution to the analysis of the connection between privacy, personal data and social networks.

Probably for the first time provide the definition of "Social Network Service" as follows (paragraph 2):

The SNS can broadly be defined as a platform for online communication that allows people to join or create networks of users like. In the legal sense, social networks are information society services, as defined in Article 1, paragraph 2, of Directive 98/34/EC, as amended by Directive 98/48/EC.

The SNS share certain characteristics:

- Users are asked to provide personal data in order to generate a description of themselves or 'profile'.

- The SNS also provide tools that allow users to publish their own material (user-generated content, such as a photograph or a note, music or video clips or links to other sites);

- "Social networking" is enabled, using tools that provide a list of contacts for each user, and with which users can interact. The SNS generate much of their income through advertising that is proposed along with the web pages set and accessed by users. Users who have placed a great deal of information about their interests on their profiles offer a fine market for advertisers who want to offer targeted advertising based on such information.

It is therefore important that SNS operate in a manner which respects the rights and freedoms of users who have a legitimate expectation in the correct processing of personal data in accordance with national and European privacy laws.

It is very important as stated in paragraph 3.1 on the charge of personal data. In fact, the document under review states that the Social Network Service Provider be liable are of personal data under the Directive on personal data. There is, moreover, that the producers of software (applications) may also be responsible for processing data when developing applications that work together with the software platform of social networks and the user decides to use that application.

Further clarification about the role of the user when using the information for purely personal or family business enjoys a sort of exemption (called "household exemption"). However, in some cases you may not enjoy the exemption cited such as when the social network is used as a platform shared by associations or societies, or when the profile information are extended to all members of the social network so as to be indexed in search engines, and finally when they have to be guaranteed the rights of third parties in case the user will render himself liable according to national standards (eg libel, etc..).

It must of course be guaranteed a level of security and privacy settings by default. Sensitive data may be disclosed only with your explicit consent.