Facebook will be accountable for fake profiles created on its platform and offer full cooperation and transparency. In the last few days the Italian DPA has published a provision from last February concerning a dispute between a well-known doctor from Perugia and Facebook Ireland Ltd. The complaint presented in November 2015 and originated from an attempt at extortion carried out on the pages of the famous social network.
The doctor had been the victim of activities amounting to threats, attempts at extortion, impersonation and the unlawful breaking into a computer system by a Facebook user, who, after requesting online friendship and obtaining acceptance from the doctor, started an “electronic correspondence with him, which at first was of a confidential nature, but which subsequently aimed to pursue criminal ends”. The criminal had created a fake account using photos and personal data of the Perugia doctor and had attempted to blackmail him with threats of sending obscene photomontages showing child pornography material to friends, acquaintances and colleagues. The doctor, who had not given in to these blackmail attempts, asked Facebook to take appropriate steps to eliminate the fake profiles and to provide him with all the relevant information necessary to limit as quickly as possible the damage suffered by his image.
According to the doctor’s lawyers, Facebook did not take the appropriate action on the matter, not granting satisfactory and complete access to the required data. In particular, Facebook simply made available through its “download tool” service a set of data, which were not clearly intelligible as they only referred to code numbers. Furthermore, the data set was incomplete as it simply referred to data from the claimant’s valid Facebook account and did not include data processed by the fake account and shared on the social network.
Therefore, the DPA established that Facebook Ireland Ltd, which is in possession of the information required by the doctor, must communicate “to the claimant in an intelligible form all data relating to him that are held with regard to the Facebook profiles opened in his name”. The social network must close down the fake profile in order to facilitate any possible investigation into establishing the identity of those responsible for the attempt at extortion.
Following the expiry of the thirty day term to comply with the DPA’s provisions, Facebook will have about two weeks to file opposition before the Court of Perugia, failing which the penalty will consist of a fine and up to two years’ imprisonment.
The recent firing of a British employee who seems to have lost her job for posting a complaint on her Facebook profile about her salary, leads us to thinking again about the question of the uses employees make of technological resources in Italy. Here we are talking about Facebook only because it is the most widespread social network.
1) Is it forbidden to use Facebook in the workplace?
Not always, it depends, the employer has the right to choose.
2) How can we know what the employer’s choice is?
We need to read employer policy or the guidelines (names can vary greatly) also keeping one eye on the Guidelines of the Italian Data Protection Authority.
3) What if policies do not exist?
Obviously rules can be found elsewhere, for example in the contract. In this case work tools are only supposed to be entrusted to the employee for professional use.
4) Could professional policies provide for the use of Facebook for personal reasons?
Generally, yes. An employer’s choices can vary widely. The employer may also exercise a choice of leniency.
5) What if the employer is a public body?
In such cases the matter is rather more delicate. We have to remember that the criminal code punishes the crime of embezzlement.
6) Are workers in any way limited when they express thoughts on Facebook regarding their work or employer?
They are limited by norms of a general nature which might be applied in the same way to Facebook as to any other circumstances, and which could be, for example, the duty of professional loyalty, the principle of fairness, the obligation of non-competition, the norms of personal data protection, and also the respect of honour and of other people’s reputations.
7) Are employers allowed to use information about their workers found on Facebook?
If it is found through legal channels through Facebook’s particular chain of consent, then yes.
8) Should information found on Facebook be considered as private?
It depends on the meaning of “private”. Public information on Facebook is directly or indirectly visible to authorized individuals (for example, friends, friends of friends) and so potentially posted to many individuals.
9) Can information on Facebook only be used for certain purposes (e.g. personal) and not for others (e.g professional)?
Only if this limitation is expressly stated. At the moment it is not possible.
10) Do we need an ad hoc law?
Germany is thinking in this direction. Personally I am still against special laws for every technological innovation. What we need is greater awareness.
- Italian Government’s answer to the dramatic rise in cybercrime
- Italian DPA: reputation rating harms human dignity
- Recognise reliable sources of information as the antidote to “post-truth”
- France: from 2017 the “right to disconnect” comes into force.
- UE: proposed new measures for the protection of private life and personal data in electronic communications as an addition to the privacy regulation
- Accountability (1)
- Anonymity (4)
- computer crimes (13)
- Consumer rights (19)
- Copyrights (17)
- digital identity (12)
- E-commerce and contracts (24)
- Economic competition (2)
- Electronic signatures (20)
- Events (6)
- Internet control (11)
- Interviews (3)
- Labour law and digital world (1)
- Legal profession (7)
- Media (3)
- New technologies (9)
- Privacy (48)
- Responsibility of providers (23)
- Right to oblivion (8)
- Senza categoria (3)
- telemarketing (1)