Identity Theft website prof. Eve Łętowska shows that the law fails to protect the corporate clients living with personal data.
Identity theft on the Internet affects politicians, artists, celebrities and journalists. Students create fake profiles of teachers. Disappointed lovers - fake profiles of people who have rejected them. Fake profile is ideal for stalking or harassment.
Prof. identity theft. Eve Łętowska, judge of the Constitutional Court and the rest of the first Ombudsman (we wrote about it in "Election" on January 7, 2015.), Is unique - lawyers who are public so far is hardly touched.
Prof. Łętowska succeeded in getting Facebook to shut down fake profiles that were found. But only by contacting a representative of Poland Jakub Facebook Turowski.
A mere mortal is doomed to fill out the form and send it in an anonymous space, which will get the answer - or not. Prof. Łętowska is rehearsed and got the answer that identity theft is not contrary to the principles of privacy on Facebook.
A few months struggled to remove his false account TVN journalist Andrzej Morozowski. Filled out the form, to be credible, even sent - as told Facebook - scan your ID card. Did not get a response. Helped only contact with Jacob Turowski.
I could not get from Turowski answers to questions such as Facebook examine the report of identity theft, how to verify the accuracy of both the owner of the account, as well as a violation of the applicant. PR firm submitted the case, and this sent me a link to the application form of the infringement on Facebook.
Thomas Relewicz with this company, pressed, said that this method of verification of complaints secrecy. Only betrayed that Facebook founder contacts the account. When asked where he comes from an answer with links to forms, which sent me, he said that from "a spokesman for the region". Refused to reveal his name. Then he said that he called "Facebook spokeperson." And so I do not know whether this is a real person.
Who investigates complaints? It turns out that not a specific person, but "community operation", ie the teams across the world. Relewicz assured that there are "people connected contextually with the culture and language of the country of origin of the complaint", so they are able to verify the authenticity of the account. The methods covered by the company's secret. Denied that searched for this purpose, the computer of the person who set up an account, and the one who reports a violation.
So - despite its name - Facebook does not have a face. Contact with him is a game whose rules known only to one side. A front is not a particular employee is responsible for resolution of a complaint, but an anonymous entity called "community operation", which does not like to complain.
In addition, his response to disappear by themselves account for which they were sent, and so if you can not protect them, for example. Screenshot - you can not even prove what and when "community" answered.
- The ratio of large corporations living with personal data of customers is a relationship of power. A level of opacity of these firms exceeded all limits - says Katarzyna Szymielewicz, president of the foundation Panoptykon.
Facebook, Google, Yahoo! and others are American companies and complying with the European rules when they have an interest. Last year's judgment of the Court of Justice of the EU on the Google Spain (for erasure challenged by the person concerned) provides that if the company provides services targeted to EU residents, it must comply with the law.
This theoretically means that in Poland the person to whom a false Facebook profile does not remove, can this request on the basis of the Law on electronic services. There is a principle of "reported - removed". And if the administrator does not "take off" controversial content, it can sue. In the case of a false profile - for infringement of personal rights. Personal good in this case would be the identity.
But if the Polish court finds that the judgment in Google Spain applies to Facebook? Facebook can claim that the application must be submitted to him in the country in which it is registered with the European representation, so in Ireland. Experience Max Schrems, an Austrian who sent to Ireland a few dozen complaints about Facebook, it does not encourage: Irish Data Protection Supervisor and the applied method of blurring przeczekiwania. Perhaps because Ireland is dependent on taxes from Facebook and similar companies, thus creating favorable conditions for their business, like Luxembourg, where the headquarters of Google. Now Schrems collects thousands of European (Polish) Facebook client application for a class action lawsuit, which lodges in the Austrian court.
They will complain of a breach of personal data. Because if they complained about the violation of the rights of the consumer, Facebook would point them to the court in California. According to the agreement concluded with Facebook only the court can judge its disputes with customers. And who has thousands of dollars to invest in such a process?
You could also sue for infringement of the perpetrator of the theft of personal identity. But you have to have his name and address. Only Facebook has an internet address, which was established profile, and knows the IP of the computer. On this basis, the police could determine the person. But web identity theft is not a separate offense.
According to Milena Bogdanovich, legal counselor, which represents prof. Łętowska, this can be considered a crime of stalking, harassment or persistent, impersonate another person, "using her image or other personal information in order to cause the damage to property or personal" (art. 190a para. 2 of the Penal Code).
But if a false profile is an action "persistent"? I like to prove action "to cause harm", if there is a false profile derogatory content?
Facebook client situation and other American giants can be improved, if the EU adopts prepared for several years Regulation on the protection of personal data. The draft stipulates that all companies operating in the Union are subject to the law, a complaint of a breach of personal data will be considered in the country of origin of the applicant is a person.
Today, even if you manage to win a European trial for violation of data protection, it's still no guarantee that an American company with the judgment surrenders. It depends on the good will.
When it comes to Polish law, is, according to Wojciech Wiewiórowski, a former Polish Chief Inspector for Personal Data Protection, and currently the Deputy Inspector General of the European, should think about the establishment of the crime of identity theft on the Internet. Without the requirement to make it "in order to" harm. - This phenomenon has become a social problem, and is, in my opinion, socially harmful - says Wiewiórowski.
Catherine Szymielewicz wants to increase the accountability of companies. You need its opinion to the Law on electronic services introduced provisions clarifying the obligations of the operator, which reported a violation, for example. Identity theft.
- This should be a fast path: the company shall notify the person who set up the questionable profile, calling on it to prove that it is false. If you do not hear from - the company liquidates profile. If you hear from her, but the company will not consider the case to be obvious - the applicant provides data that person - and let him think. Proposals for such changes have been prepared, but stalled in the Ministry of Administration and Digitization - says Szymielewicz.