In 2021, almost a third of complaints (83) regarding information disseminated on the Internet concerned social networks (Facebook, LinkedIn, TikTok, Instagram Discord, etc.), according to the Office of the Journalism Ethics Inspector. In previous years it was noted that the number of complaints regarding possible violations on various social networks was rising. MRU Justice LAB Head Salvija Mulevičienė shared her insights and advice on the matter.
It is not uncommon for creators and users of social networking content to forego considering themselves as controllers of information and personal data managers (producers of public information) as they boldly disseminate information and disclose personal data. They do not take into account that they may be responsible for properly processing personal data published on social media accounts. In addition, they fall within the scope of the EU's General Data Protection Regulation (GDPR).
Often disclosure of data is linked to a lack of knowledge among content creators and users regarding what constitutes personal data and in what instances it becomes a data controller/processor of personal data. For example, a person publishes photos of an improperly parked car with prominent license plates or a lost ID on the Internet. In this way, users of social networks wanting to do a good deed, (find the owner of the ID) not thinking about possible consequences, violate rights of those persons in regard to safeguarding data, because becomes accessible to an indefinite number of persons.
First of all, it is worth remembering that a person's identity can be determined directly or indirectly. In other words, it is not necessary to disclose a person's first and last name in order to identify a specific person. A person's identity can be determined using data such as a car license plate or visual date. Some types of data enjoy special protection due to their importance. This includes biometric and genetic data and information related to the health or sexual life of a person.
It is also important to know what is considered personal data management. It can be any kind of exchange of notes, photos, video or sound recordings, which contains personal data therefore making them accessible on social networks. Some information may be freely published. For example, in social networks (in a closed group or personal account) information is presented connected only with the person, who is publishing the info, private life, hobbies, personal photos or videos. Then for personal data there is an exception that is applied and the GDPR regulations for such activity are not applied. However, in this case it is important to remember that it must be strictly personal information and only for a small group of people, who are not connected with commercial or with professional activities.
There are quite a few restrictions with the GDPR when managing personal information and for the manager of personal data. For example, the necessity to receive permission from the individual whose data you want to publish. On the other hand, in Lithuania as in all the other EU country states, the right to personal data security, according to the GDPR must be coordinated with the right to self-expression and freedom of information including data management in academic, artistic settings and literary self-expression and journalistic aims.
More about how to exchange information in social networks without violating the GDPR regulations, you can find in the "ConCon" project created guidelines, "How to Manage Personal Data in Social Networks" where not only legal information, but many examples are presented. Many often-asked questions are answered. You can find the guidelines below.
Personal Data Protection for Social Network Users Here.