• Courses
      • Executive Management Courses
      • Global Series of National Privacy Laws
      • Netherlands Privacy Academy (in Dutch)
      • Caribbean Data Protection Academy
    • Resources
    • Join GADPPRO ACADEMY
      • Join GADPPRO Academy as an Official Partner
      • Become an Official GADPPRO Training Entity
      • Join the GADPPRO Business Academy
      • Secretariat & International Training Centre
      • Contact Us
    •  
      • RegisterLog in
    Privacad GADPPRO Academy
      • Courses
        • Executive Management Courses
        • Global Series of National Privacy Laws
        • Netherlands Privacy Academy (in Dutch)
        • Caribbean Data Protection Academy
      • Resources
      • Join GADPPRO ACADEMY
        • Join GADPPRO Academy as an Official Partner
        • Become an Official GADPPRO Training Entity
        • Join the GADPPRO Business Academy
        • Secretariat & International Training Centre
        • Contact Us
      •  
        • RegisterLog in

      Blog

      Privacy data protection targeting of social media users – public consultation version

      • Categories Blog, Business, Design / Branding, Free Data Protection Resources, Uncategorized
      • Date September 26, 2020

      Guidelines 08/2020 on the targeting of social media users – version for public consultation

      Paragraph 8.1.2  Inferred and combined special categories of data

      114 Assumptions or inferences regarding special category data, for instance that a person is likely to vote for a certain party after visiting a page preaching liberal opinions, would also constitute a special category of personal data. Likewise, as previously stated by the EDPB, “profiling can create special category of data by inference from data which is not special category of data in its own right, but becomes so when combined with other data. For example, it may be possible to infer someone’s state of health from the records of their food shopping combined with data on the quality and energy content of foods”.

      115 For instance, the processing of a mere statement, or a single piece of location data or similar, which reveals that a user has (either once or on a few occasions) visited a place typically visited by people with certain religious beliefs will generally not in and of itself be considered as processing of special categories of data. However, it may be considered as processing of special categories of data if these data are combined with other data or because of the context in which the data are processed or the purposes for which they are being used.

      • Example 11:

      • The profile on Mr.Novak’s social media account only reveals general information such as his name and domicile, but a status update reveals that he has visited the City Church frequently where he attended a religious service. Later on, the City Church wants to target its visitors with religious messages in order to encourage Christian people to join the congregation. In such circumstances, the use of personal data in Mr. Novak’s status update for such a targeting purposes amounts to the processing of special categories of personal data.

      116 If a social media provider or a targeter uses observed data to categorise users as having certain religious, philosophical or political beliefs – regardless of whether the categorization is correct/true or not – this categorisation of the user must obviously be seen as processing of special category of personal data in this context. As long as the categorisation enables targeting based on special category data, it does not matter how the category is labelled.

      • Example 12:

      • Mr.Sifuentes provides information in his social media profile in the shape of regular status updates, check-ins, etc., which indicate that he regularly takes part in activities arranged by the “Mind, Bodyand Spirit Movement”. Even though no explicit statement on philosophical belief is provided, all updates, likes, check-ins and similar data provided by the user when collated, strongly indicate that Mr. Sifuentes has a certain philosophical belief.

      • Example 13:

      • A social media provider uses information actively provided by Ms. Allgrove on her social media profile page about her age, interests and address and combines it with observed data about the websites visited by her and her “likes” on the social media platform. The social media provider uses the data to infer that Ms. Allgrove is a supporter of left-wing liberal politics and places her in the “interested in leftwing liberal politics” targeting category, and makes this category available to targeters for targeted advertising.

      117 In Example 12, the vast information and the absence of measures to prevent targeting based on special category data implies that a processing of special categories of data is taking place. However, the mere fact that a social media provider processes large amounts of data which potentially could be used to infer special categories of data does not automatically mean that the processing falls under Article 9 GDPR. Article 9 will not be triggered if the social media provider’s processing does not result in inference of special categories of data and the social media provider has taken measures to prevent that such data can be inferred or used for targeting. In any case, processing of a large amount of personal data about users may entail specific risks for the rights and freedoms of natural persons,which have to be addressed by implementing appropriate security measures, as prescribed under Article 32, and also by taking into account the outcome of the DPIA to be performed pursuant to Article 35 of the GDPR.

      118 In Example 13, the offering as well as use of the targeting category “interested in left-wing liberal politics” amounts to processing of special categories of data, as this category could easily be used as aproxy to target individuals who have left-wing liberal political beliefs. By assigning an inferred political opinion to a user, the social media provider processes special categories of data. For the purpose of Article 9 GDPR, it is not relevant whether the user in fact is a supporter of left-wing liberal politics. Nor is it relevant that the targeting category is named “interested in…” and not “supporter of…”, since the user is placed in the targeting category based on inferred political interests.

      • Example14:

      • Mr. Svenson takes a career aptitude test developed, containing a psychological evaluation, by the company “YourPerfectJob” which is made available on a social media platform and makes use of the Application Programming Interface (API) provided by the social media provider. YourPerfectJobcollects data about Mr. Svenson‘s education, employment status, age, hobbies, posts, email-addressand connections. YourPerfectJob obtains the data through the API in accordance with the “permissions” granted by Mr. Svenson through his social media account. The stated purpose of the application is to predict what would be the best career path for a specific user.

      • Without the knowledge or approval of the social media provider, YourPerfectJob uses this information to infer a number of personal aspects, including his personality traits, psychological profile and politicalbeliefs. YourPerfectJob later decides to use this information to target Mr. Svenson on behalf of apolitical party, using of the email-based targeting feature of the social media provider, without adding any other targeting criteria offered by the social media provider.

      In Example 14, the targeter processes special categories of personal data, whereas the social media provider does not. Indeed, the assessment and identification of Mr. Svenson’s political belief occurs without the involvement of the social media provider. In addition to triggering the general prohibition of Article 9 GDPR, the targeting mentioned in Example 14 also constitutes an infringement of the requirements concerning fairness, transparency and purpose limitation. Indeed, Mr. Svenson is not properly informed of the fact that the personal relating to him will be processed for political targeting, which in addition, does not seem compatible with a career aptitude test.

      119 While processing activities of the social media provider in Example 14 do not amount to processing of special categories of data within the meaning of Article 9 GDPR, the social media provider is responsible for integrating the necessary safeguards into the processing in order to meet the requirements of the GDPR and protect the rights of data subjects in accordance with Article 24 and 25 GDPR.

      • Share:
      User Avatar
      Richard V

      Previous post

      Privacy data protection targeting of social media users – public consultation version
      September 26, 2020

      Next post

      Privacy data protection targeting of social media users – public consultation version
      September 26, 2020

      You may also like

      Children Safety Encryption www.privacad.com
      Apple’s New Step to Protect Child Abuse via Encryption Feature
      20 August, 2021
      DNA Technology and Privacy www.privacad.com
      DNA Technology Regulation Bill and Violation of Privacy for Minority Groups
      19 August, 2021
      www.privacad.com
      India accuses Twitter of not complying with new IT rules
      18 August, 2021

      Search

      Categories

      • Blog
      • Business
      • Design / Branding
      • Free Data Protection Resources
      • Nederlandse Privacy Academie
      • Uncategorized
      Facebook-f Linkedin-in

      © Privacad 2020

      For all your questions about courses

      students@privacad.com

      For all your questions about Privacad for business

      info@privacad.com

      Links

      • Courses
      • Become a GADPPRO Academy Official Training Entity
      • Resources
      • Free Data Protection Resources
      • Blog
      • Profile
      • Students Stewards Network (SSN)

      Support

      • Privacy Policy
      • Terms of Use
      • FAQs
      • Contact

      © GADPPRO Academy | Privacad 2023

      GADPPRO Academy 2023

      Login with your site account

      Lost your password?

      Not a member yet? Register now

      Register a new account

      Are you a member? Login now