Italy’s Data Protection Authority has ordered Facebook to turn over all the data it has on a user, along with data from a fake page that a troll set up in his name and used to extort him.
In addition, the company’s been ordered to hand over details of how the personal data was used, including who it was sent to or who might have obtained knowledge about it.
According to official documents, the user in question had accepted a friend request from an unspecified party.
When the man – kept anonymous in the documents – resisted that party’s extortion attempt, the troll swiped his personal information and photo and set up a phony account in his name.
Then, he or she used the fake account to send pictures and video montages to the man’s contacts. The images were meant to smear his reputation by implicating him in sexual activity, including with a minor.
The man immediately asked Facebook to take down the bogus account and to hand over all the relevant information it had on him, including data and photographs. Facebook then sent him an email explaining how to download his personal data using the standard tool.
But what he downloaded was jibberish, he said: a series of data, unintelligible because it was marked with codes, numbers and symbols. Beyond that, Facebook hadn’t delivered information about his tormentor.
Facebook told him it was taking steps to delete the fake account. But the self-service tool showed him that related conversations, though marked unavailable, hadn’t actually been deleted.
Unsatisfied, seeking information about who set up the account, he took the matter to the Italian data protection authority (DPA).
The DPA agreed with him.
It ordered Facebook to hand over all the data concerning the user: personal information, photographs, and posts, including those entered and shared by the troll. Also, the DPA said that the social network has to hand over information on its “aims, methods and logic of data processing,” as well as on the people communicated with, in an intelligible, non-gobbledygook form.
The case is notable because it’s yet another example of a European data authority telling tech companies they can’t hide inside their “but our headquarters are over here!” jurisdiction argument.
Read More Facebook told to hand over all data on user, including fake account set up by extortionist
In addition, the company’s been ordered to hand over details of how the personal data was used, including who it was sent to or who might have obtained knowledge about it.
According to official documents, the user in question had accepted a friend request from an unspecified party.
When the man – kept anonymous in the documents – resisted that party’s extortion attempt, the troll swiped his personal information and photo and set up a phony account in his name.
Then, he or she used the fake account to send pictures and video montages to the man’s contacts. The images were meant to smear his reputation by implicating him in sexual activity, including with a minor.
The man immediately asked Facebook to take down the bogus account and to hand over all the relevant information it had on him, including data and photographs. Facebook then sent him an email explaining how to download his personal data using the standard tool.
But what he downloaded was jibberish, he said: a series of data, unintelligible because it was marked with codes, numbers and symbols. Beyond that, Facebook hadn’t delivered information about his tormentor.
Facebook told him it was taking steps to delete the fake account. But the self-service tool showed him that related conversations, though marked unavailable, hadn’t actually been deleted.
Unsatisfied, seeking information about who set up the account, he took the matter to the Italian data protection authority (DPA).
The DPA agreed with him.
It ordered Facebook to hand over all the data concerning the user: personal information, photographs, and posts, including those entered and shared by the troll. Also, the DPA said that the social network has to hand over information on its “aims, methods and logic of data processing,” as well as on the people communicated with, in an intelligible, non-gobbledygook form.
The case is notable because it’s yet another example of a European data authority telling tech companies they can’t hide inside their “but our headquarters are over here!” jurisdiction argument.
Read More Facebook told to hand over all data on user, including fake account set up by extortionist
