Internet Dating A booming

1
Internet DatingA booming risky business?

• Ewout Keuleers
• Attorney-at-law at the Bar of Brussels
• Researcher at the Centre for Computer and Law,
  CRID
• Internet Dating Conference Nice, 15 July 2004
• Ewout.keuleers_at_ulys.net
• www.ulys.net

2
(No Transcript)
3
Introduction overview

• Privacy and data protection
• Social network based on profiles
• Sensitive data etnical/religious/sex dating
• Advertising
• SPAM electronic mail E-card newsletter
• Consumer protection
• Protection of minors
• Electronic commerce
• Regulatory framework
• General obligations for online services (ISS)

4
Data Protection Privacy
EU framework
5
(No Transcript)
6
General sector specific regulations

• General 95/46
• Protection of personal data
• General principles
• Sensitive data
• Scope?
• Online and offline
• Public private networks

• Specific 2002/58
• Privacy electronic communications
• Specific obligations
• Cookies spyware
• spam E-Cards
• Scope?
• Communication service
• Public networks

7
1. General Protection Directive 95/46

• Scope customer  profile 
• 9 Principles of Data protection

• Case Studies - specific issues
• Privacy Policy
• Unique Service Point cross-profiling
• Disclosure of data - testimonials
• Etnical/religious/ sex Dating

8
1. Directive 95/ 46 Scope (1.2)

• Processing of personal data
• social network is based on matching registered
• profiles
•  personal data 
• Information concerning a data subject
• identifiable natural person
• Direct or indirect
• Controller or third party

•  Processing 
•  Any  operation performed upon personal data

9
Directive 95/ 46 Scope (1.3)

• Processing of personal data  adult  sites
• Do not expose minors to harmful or  explicit 
  content
• Online identification of persons AVS procedure
• profile will contain more detailed personal
  information on customer

10
Directive 95/ 46 - General Principles (1.4)

• Data must be
• fairly and lawfully processed
• processed for specified, detailed and legitimate
  purposes
• adequate, relevant and not excessive
• accurate
• not kept longer than necessary
• processed in accordance with the data subject's
  rights
• secure and remain confidential
• not transferred to countries without adequate
  protection (outside EU)
• processing activities  must   be notified to
  the supervisory authority.

11
Case study 1
Privacy Policy
12
Case Study 2 Unique Service Point

• Dating sites have great commercial potential
• Generate traffic

• Customer DB with profiles

Can I share customer information with third
parties? Can I use the profiles for (targetted)
advertising purposes?
13
Case Study 3 disclosure of data

• Chat, forum, testimonials, etc.

• Testimonial  HeatherAge 27 - Alabama
• Dear Matchamerica.com,
• We are happily married and enjoying the many
  blessings of being parents. If not for your
  website our happiness would not have happened.
  Best of luck to all.

14
Testimonial disclosure of data

• Our wedding was on October 4, 2003, in St.
  Dorothy's Church, Drexel Hill, PA. Jeri and I met
  in late February of this year on
  catholicsingles.com. She had been on the web site
  during 2002 without much success. I had been on
  at around the same time and met some very nice
  ladies, but nothing clicked.
• Our first meeting was for mass and breakfast
  across the street. One thing led to another in
  June we both asked each other "Will you marry
  me?" we both said yes, and the rest is
  history.Thank you for all that your web site did
  for two middle-aged people who had had successful
  marriages, were widowed much too soon, and were
  blessed by God to find happiness again. -Joe
  Jeri Santine

15
Disclosure of personal data

• Broad an open notion of  processing  includes
   disclosure by transmission, dissemination or
  otherwise making available 
• Must be careful if you disclose personal
  information in a newsletter or on your website,
  e.g., personal contact details, names
• Lindqvist case (Sweden European Court of
  Justice, 2003)

16
Sensitive data
17
1. Directive 95/ 46 sensitive data (1.5)

• Sensitive data (art 8)
•  personal data revealing racial or ethnic
  origin, political opinions, religious or
  philosophical beliefs, trade-union
  membership, and the processing of data
  concerning health or sex life. 
• Direct and indirect
• information on sexual orientation or a disease?

18
(No Transcript)
19
1. Directive 95/ 46 sensitive data (1.6)

• Very strict regime
• No processing allowed unless limited exception
• Exceptions
• protect the vital interests of the data subject?
• the purposes of preventive medicine, medical
  diagnosis, the provision of care or treatment or
  the management of health-care services?
• Processing of data relating to offences, criminal
  convictions or security measures may be carried
  out only under the control of official authority?
• Explicit consent of data subject

Member State?
20

• Media Advertising law

21
Advertising - Content (2.1)

• In contrast to some sectors, e.g, gambling,
  tobacco, etc., no particular restrictions, except
  for minors!
• EU regulatory framework for consumer protection
  and  publicity 
• Proposal Directive on Unfair Commercial Practices
  (June 2004)
• Directive on electronic commerce
• Directive on distance selling
• Directives on misleading comparative
  advertising.

22
Advertising - Content (2.2)

• Unfair Commercial Practice
• The practice is contrary to the requirements of
  professional diligence
• The practice materially distorts consumers
  behavior.
• Average consumer

23
Advertising - Content (2.3)

• Misleading practices
• Claiming to be a signatory to a code of conduct
  when the trader is not.
• "Bait advertising" scams (advertising a product
  as a special offer without actually having it in
  stock, or having only a token stock of the
  product)
• Stating that a product can legally be sold when
  it cannot.
• Materially misrepresenting the risk to the
  consumer or his family if the consumer does not
  purchase the product.
• Describing a product as gratis, free,
  without charge or similar if the consumer has
  to pay anything other than the unavoidable cost
  of responding and collecting or paying for
  delivery.
• Aggressive practices
• Creating the impression that the consumer cannot
  leave the premises until a contract is formed.
• Conducting personal visits to the consumers home
  ignoring the consumer's request to leave or not
  to return.
• Demanding payment for products supplied by the
  trader, but which were not solicited by the
  consumer (inertia selling).

24
Advertising - Content (2.4)

• Advertising social network services for
   adults 

• Exposure of minors to harmful content
• Infringing public order and morality

25
Advertising - Content (2.5)

• Dating site as UPS link/ banner for other
  services
• illegal service, e.g., Mail Order Bride Sites,
  remote gaming or online pharmacies

26
Advertising - Content (2.6)
27
Advertising Support (2.7)

• Specific regulation for some media
• Written press, freedom to provide goods
• TV (Bacardi Case TWF Directive)
• Radio
• Internet? iDTV? 3G?
• Specific regulation for traditional media does
  (not) apply, only general (or) technology neutral
  regulation does?

28
Commercial Communications

• Online privacy protection

29

• EU Framework for commercial communications
• Electronic Commerce Directive

• commercial communications
• any form of communication designed to promote,
  directly or indirectly, the goods, services or
  image of person pursuing a commercial activity
• Legal regime
• Article 6 Commercial Communication Information
  to be provided
• The commercial communication must be identified
  as such
• The natural or legal person on whose behalf the
  commercial communication is made, must be
  identified
• promotional offers, such as discounts, premiums
  and gifts, shall be
• clearly identifiable as such, and the
  conditions which are to be met to
• qualify for them shall be easily accessible
  and be presented clearly
• and unambiguously

30

• EU Framework for commercial communications
• Electronic Commerce Directive

• Article 7 Unsolicited commercial
  communications SPAM
• Spam must be identified in a clear and
  unambiguous
• way, as from the moment of reception on
• Service providers must respect opt-out
  registers
• Article 16 Codes of Conduct or other
  self-regulatory
  instruments

31

• EU Framework for commercial communications
• Privacy Issues Directive 2002/58/EC

• Unsolicited Communications article 13
• Principle OPT IN must give their prior
  consent
• Electronic mail email, sms, mmspop up? Banner
  ? Newsletter?
• How to obtain a prior valid consent?
•  Exception OPT-OUT if
•  Existing commercial relationship
•  Same natural or legal person
•  Similar products or services
•  Consumer is given the opportunity to refuse
  reception (opt-out)

32
Case study refer a friend E-card

• E-cards Opt-in?
• Spam or private correspondance?
• Broad notion of
•  commercial communication 
•  electronic mail 

33

• EU Framework for commercial communications
• Privacy Issues Directive 2002/58/EC

• Cookies, Spyware, hidden identifiers and other
  similar devices
•  Legitimate purposes
• User must be informed on the installation, on
  its purposes promotion of gaming activities?
•  Users should have the opportunity to refuse to
  have a cookie
•  User should receive user-friendly information on
  how to refuse installation

34

• Closing remarks and conclusion
• Booming industry with great potential
• Trust and confidence are key factors
• Process profiles in compliance with privacy
  regulations, in particular when dealing with
  sensitive data
• Be transparent and inform customer on his rights
  (e-commerce, distance selling, data protection)
• Adopt reasonable measures to prevent exposure of
  minors to adult or harmful content

Ewout.keuleers_at_ulys.net www.ulys.net
35
Q

A
Ewout.keuleers_at_ulys.net www.ulys.net