Last Wednesday, President Trump signed an immigration-related Executive Order (EO) titled “Enhancing Public Safety in the Interior of the United States” that, among other...30 January 2017
Social Network Impersonator Fined by Spanish Data Protection Authority In New Exercise of Regulatory Authority
By Pablo Rivas and Marta Jaureguizar in our Madrid Office
On October 20th, the Spanish Data Protection Authority, the Agencia Espanola de Protecccion de Datos (AEPD), announced an unprecedented decision against an individual who impersonated someone on a social networking site and thus engaged in identity theft. The AEPD fined the individual who had created a profile in a sexually-oriented social network using personal details of a third person, including that person's name, surname, phone number, and photo. Notably, the AEPD did not proceed against the online host of the impersonator's content.
The impersonation was found to be a processing of the impersonated individual's personal data without his/her consent, constituting an infringement of the Spanish Data Protection Act 15/1999, of 13 December 1999. While online impersonation has been the subject of judicial actions in Spain, this was the first exercise of the regulator's authority under the data protection law.
Online impersonation, especially of celebrities, is commonplace on web sites and social networks. This new decision by the AEPD offers a new avenue of recourse for impersonated people and one that, given the substantial fining ability of the AEPD, should give pause to those contemplating impersonation.
The decision also may suggest that social networking sites and other hosts of impersonators' content may not be the target of the AEPD's enforcement actions, since in the recent action, the DPA went directly after the impersonator and not the host site of the impersonator's content.
The Decision of the Spanish Data Protection Agency is published in Spanish and can be found here.
A stricter regime for profiling07 June 2016
The Regulation aims to strengthen the rights of individuals. It does so by retaining rights that already exist under the Data Protection Directive and introducing the new rights of data...06 June 2016