Diritto & Internet

The Italian Data Protection Authority calls on Facebook to communicate data relating to attempts of online identity thefts to data subjects

THE ITALIAN DPA HAS RULED IN FAVOUR OF THE APPEAL BY A USER, TO WHOM FACEBOOK HAD NOT GRANTED A BAN ON FAKE PROFILES CREATED TO HIS DETRIMENT

Facebook will be accountable for fake profiles created on its platform and offer full cooperation and transparency. In the last few days the Italian DPA has published a provision from last February concerning a dispute between a well-known doctor from Perugia and Facebook Ireland Ltd. The complaint presented in November 2015 and originated from an attempt at extortion carried out on the pages of the famous social network.

The doctor had been the victim of activities amounting to threats, attempts at extortion, impersonation and the unlawful breaking into a computer system by a Facebook user, who, after requesting online friendship and obtaining acceptance from the doctor, started an “electronic correspondence with him, which at first was of a confidential nature, but which subsequently aimed to pursue criminal ends”. The criminal had created a fake account using photos and personal data of the Perugia doctor and had attempted to blackmail him with threats of sending obscene photomontages showing child pornography material to friends, acquaintances and colleagues. The doctor, who had not given in to these blackmail attempts, asked Facebook to take appropriate steps to eliminate the fake profiles and to provide him with all the relevant information necessary to limit as quickly as possible the damage suffered by his image.

According to the doctor’s lawyers, Facebook did not take the appropriate action on the matter, not granting satisfactory and complete access to the required data. In particular, Facebook simply made available through its “download tool” service a set of data, which were not clearly intelligible as they only referred to code numbers. Furthermore, the data set was incomplete as it simply referred to data from the claimant’s valid Facebook account and did not include data processed by the fake account and shared on the social network.

Therefore, the DPA established that Facebook Ireland Ltd, which is in possession of the information required by the doctor, must communicate “to the claimant in an intelligible form all data relating to him that are held with regard to the Facebook profiles opened in his name”. The social network must close down the fake profile in order to facilitate any possible investigation into establishing the identity of those responsible for the attempt at extortion.

Following the expiry of the thirty day term to comply with the DPA’s provisions, Facebook will have about two weeks to file opposition before the Court of Perugia, failing which the penalty will consist of a fine and up to two years’ imprisonment.

 

 

Add comment

Scientific Director
Prof. Avv. Giusella Finocchiaro
Editorial Curator
Dott. Giulia Giapponesi