EUROPEAN SOCIAL NETWORKS GROUP RESPONSE TO THE COUNCIL OF EUROPE PUBLIC

CONSULTATION ON THE DRAFT RECOMMENDATION ON MEASURES TO PROTECT AND

PROMOTE RESPECT FOR HUMAN RIGHTS WITH REGARD TO SOCIAL NETWORKING SERVICES

EUROPEAN SOCIAL NETWORKS GROUP, c/o Xing AG, Gaensemarkt 43, 20354 Hamburg,
Germany –
ID number: 19984124971-53

Representing 11 European social networks with more than 70 million registered users.

Introduction

It is well known that social networking services in Europe are becoming an increasingly
important part of people’s daily lives, specifically with relation to the individual´s participation
in social life. For this reason, social network providers must focus on promoting and facilitating
users’ well-being while respecting theirs rights, and especially their right to privacy and the
enforcement of data protection regulation.

In today's globalized world, we are all aware of the fact that European consumers have access
to many non-European online services. We strongly believe that any EU recommendations or
guidelines that are approved at an EU level should be applicable to any online service
providers that target European consumers regardless of the geographic location of the data
controller.

More broadly, the EU should ensure that all rules are enforced equally for European and non-
European providers, irrespective of that provider’s physical location. Thus, in order to
strengthen the sustainability of the Directive 95/46/EC, we believe it is necessary to ensure
that it applies to both European and non-European providers whose online services explicitly
target European consumers.

Without this certainty, there exists a major commercial and competitive disadvantage for
European social network providers and in the worst case could lead to a massive exodus of
online operators to non-EU countries. Additionally, due to the lack of controls and sanctions
targeted at companies out of compliance with European data protection laws, there is no level
playing field for business and no guarantee of data protection for European consumers, who
are entitled to this protection under the EU Charter of Fundamental Rights and EU data
protection regulation.

The EU should ensure that all rules are enforced equally for European and non-European
providers, so that all social networks are required to follow the same guidelines with regards
to protection of user data. To make this possible, the law needs to be enforced in a consistent
way within the EU for both local and foreign operators.

1
Comments on the Council of Europe´s draft Recommendations and proposal for draft
Guidelines

(I) Transparency as regards freedom of expression and access to information

It is commonly accepted that the freedom of expression and information, and the absence of
censorship, are fundamental rights in most democratic societies. We believe that in present
day society, social networks not only provide a space for sharing and engaging socially, but also
facilitate a users ability to freely communicate and access information.

This creates a challenge for social network providers because although it is necessary to allow
users to exercise their freedom of expression online, it is just as important to ensure a secure
online environment, where all users are respected and protected.

For this reason, it is crucial that social networks provide users with a clear understanding of
their responsibilities when engaging online: applicable rules, enforceable laws and possible
penalties in case of breach of these laws. It is important to clearly communicate what is illegal
and what is inappropriate content on a social network.

That said, the obligation to inform users of the “applicable rules” concerning appropriate
content must be limited to this warning and cannot imply an obligation for the social network
to control and supervise all content uploaded by its users. This type of monitoring is not only
unfeasible but an infringement of users rights: article 15 of the Directive 2000/31/EC
specifically states that Member States shall not impose a general obligation on providers to
monitor the information that they transmit or store, nor a general obligation to actively to
seek facts or circumstances indicating illegal activity.

It will continue to be necessary to promote and encourage self-regulatory initiatives that

complement and facilitate application of the regulatory framework on freedom of speech,
such as dissemination of information with respect to a users online rights and responsibilities.
It is also necessary to implement effective report systems in order to guarantee both freedom
of speech and mutual respect.

(II) Appropriate protection of children against harmful content and behaviour

We believe that it is imperative, especially for users who are minors and their parents, to feel
confident about using the tools put at their disposal to manage the information that they
publish within a social networking service, to completely delete their profile and all their
personal data a network could contain, and to have sufficient knowledge about available
reporting mechanism to get harmful content or behavior eliminated from their network.

We understand, as indicated by the Council of Europe, that there is not a suitable technical
solution with regard to online age verification that does not infringe on other human rights
and/or does not facilitate age falsification. Therefore, age-verification systems must be
implemented based on age input provided by the users themselves when first creating a
profile with the social network service. This can be complemented with proactive and reactive
tools to detect underage users.

2
Notwithstanding, in order to make the mentioned “privacy by design” structure of social
network services really effective and to protect European users’ rights more broadly, we
should recall that the EU should ensure that all rules are enforced equally (in terms of
regulation and accountability) for European and non-European providers, so that all social
networks are required to follow the same rules regarding protection of user data, especially
for minors. We need to recall, the need for law enforcement in a consistent way within the EU
for both local and foreign operators.

We absolutely agree that users should have access to easy to use mechanism for reporting
inappropriate and illegal content or behaviour to site supervisors. In order to adopt specific
measures to prevent cyber bullying and cyber grooming, the social networks services provide
users with proactive and reactive tools to control harmful content or behavior, including
effective report systems and proactive protocol of cyber bulling and cyber grooming detection.

Notwithstanding, we believe that social networking providers obligations should absolutely

encompass effective, transparent, independent and accountable mechanisms to control or
block harmful content or behavior, but cannot imply in any case the obligation of a social
network to control, supervise, and rate all the content uploaded by its users.

We strongly disagree with the use of pseudonymous profiles [see below promotion of
identified users at (III) Ensuring user´s control over their data], as in our experience
unidentifiable profiles lead to many difficulties in controlling cyber bullying and cyber
grooming. In these cases, age-appropriate access cannot be controlled and cooperation with
authorities can only be done on a limited basis because of limited or unknown information
about the alleged offender.

(III) Ensuring user´s control over their data

We understand, as suggested, that it is important to inform the users clearly about the terms
of use, in order to ensure control over their data. In this regard, Social network providers have
included transparent information for users about the management of their personal data in
the terms and conditions of the social networking site, in a form and language that is
appropriate for the target groups of the social networking service.

Social network providers have implemented applicable European privacy regulations as well as
complementary self-regulation initiatives as members of the European Social Networks
(representing 11 European social networks with more than 70 million registered users). We are
concerned about the importance of active collaboration with local Data Protection Authorities.
Social network providers, under supervision of each local Data Protection Authority, complies
with a strict privacy regulation in Europe by limiting default access to self-selected friends,
applying state of the art security measures and ensuring legitimate processing of personal data
(especially with respect to processing by third parties and for behavioural advertising).

Regarding this, it is well known that having all social network providers, meaning both
European and non-European providers who target European customers, respect European
privacy regulations will help assure the protection of all European citizens.

3
We strongly believe that users should register as themselves with their correct identifiable
information (processing their data as confidential and applying state of the art security
measures to protect this data against unlawful access by third parties) as opposed to allowing
users to register anonymously (by allowing the possibility of pseudonymous profiles), for a
number or reasons:

- This question deserves specific attention, because encouraging “identified” users instead
of pseudonymous profiles is part of our foundation as social network providers based on
the “circle of trust” relationship between users.
- We agree with the Committee of experts on new media that, as social networking services,
we offer the possibility to both receive and impart information. In this sense, being part of
our social network service means that users are able, having been previously informed
about the consequences, to connect with friends on an individual basis or with a dynamic
group of people.
- Moving someone’s real life to the Internet means allowing users to make the same
genuine connections they make in the real world online. We encourage users to only share
information and connect with people they really know, and in order to trust that this is the
case, it Is necessary to provide ones real information.
- Sharing information only with identified participants empowers users to feel confident
about options for managing their profile and respecting other users, thus preventing harm
to themselves and others.
- We promote a service through which users can share the information they choose and
understand the implications of sharing this information [see point (I) Transparency, and
the concept of privacy by design]. Since users have themselves chosen who to allow into
their “circle of trust”, there is no need to be anonymous, and the presence of anonymous
profiles leads to a feeling of distrust in other users and the network itself.
- The criteria for establishing whether a profile is a real person or not would be impossible
to maintain, and the mechanisms for removing fake or harmful profiles from the network
would be greatly hindered.
- We believe that allowing for pseudonymous profiles would make collaboration with law
enforcement bodies next to impossible, as the anonymity of profiles would make it
impossible to locate a person’s real identity.

Conclusions

The main conclusions with respect to the Council of Europe´s public consultation are the
following:

 The EU should ensure that all rules are enforced equally for European and non-
European social network providers, irrespective of the fact that the latter has no
permanent physical presence or processing centers in the European Union.

 The obligation to inform users on the “applicable rules” concerning freedom of

expression must be limited to the publishing of guidelines and should not imply in any
case the obligation of the social network to control and supervise all the content
uploaded by its users.

4
  Encouraging the use of pseudonymous profiles could add difficulties to cyber bullying
and cyber grooming prevention. Establishing a “circle of trust” that enables users to
feel safe online is only possible if users are transparent about their real identities and
adopt appropriate privacy measures.

 Likewise, an obligation to label and provide an age rating of content is entirely

unfeasible and inappropriate. Social Network administrators have neither the
resources nor any legitimate basis to establish a rating for content generated by users.
In terms of content generated by the network itself (namely advertising), there already
exists appropriate age targeting that complies with actual laws.

_____________________________________________________________________________

This proposal was drafted by Mr. Oscar Casado, General Counsel and Chief Privacy Officer of
Tuenti Technologies, S.L., and reflects the opinion of members of the group “European Social
Networks”, registered in the European Commission´s of Interest representatives with ID
number 19984124971-53, which are at the moment (subject to increasing):

aka-aki networks GmbH – www.aka-aki.com - Germany

Barrabes Esquí Montaña S.L.U. – www.barrabes.com – Spain
Hyves – www.hyves.nl - Netherlands
Nasza Klasa Sp. z o.o. – www.nk.pl – Poland
Serviço de Apontadores Portugueses –SAPO – sapo.pt – Portugal
Tuenti Technologies – www.tuenti.com - Spain
VZnet Netzwerke Ltd. – www.studivz.net – Germany
Xing AG – www.xing.com – Germany
Zoo – www.zoo.gr – Greece
IWIW – www.iwiw.hu – Hungary
Netlog NV – www.netlog.com – Belgium

18 March 2011