Last month three Google executives were convicted on privacy violations in an Italian court. They were found guilty of failing to comply with Italian privacy law in allowing a disparaging video to be posted online.
As anticipated, the ruling sparked a renewed debate about who is responsible for data uploaded to Web sites. As Google global privacy counsel Peter Fleischer said, the decision raises questions for operators of many Internet platforms.
The implications extend beyond companies, as more individuals become data controllers in the world of YouTube, Facebook and FourSquare. A strict read of EU law suggests that individuals could be held liable for data they upload to such Web sites. Already, the Spanish data protection authority requires that those who upload content featuring other people obtain consent before doing so. If a tourist in Barcelona posts a photo of La Sagrada Familia that inadvertently captures strangers, can that person be held liable? Although the answer to that question is cloudy at present, it could become clearer in the months ahead.
Just last week we learned that European regulators are looking into whether certain posts made to social networking sites violate privacy laws. Data protection officials in Switzerland and Germany are examining whether the posting of photos and other information online without the consent of those featured constitutes a breach.
In response to news of the Swiss and German inquiries, Facebook's European policy director said the company has added a tool to facilitate non-user data removal. Could this be a way forward?
In this issue of Inside 1to1: Privacy, we explore the removal of online data. Some social networkers are electing to extinguish their online lives, nix their digital breadcrumbs in response to privacy and other concerns. We look at how easy or difficult it is to do this (some say it's not even possible) and explore varying viewpoints on data erasure.
J. Trevor Hughes, CIPP
Executive Director, IAPP