Facebook  Twitter  LinkedIn  Slideshare

  Steering Committee (CDMSI)
  Bureau of the Committee (CDMSI-BU)
  Former Steering Committee (CDMC)
  Former Bureau of the Committee (CDMC-BU)
  Committee of experts on Media Pluralism and Transparency of Media Ownership (MSI-MED)
  Committee of experts on Internet Intermediaries (MSI-NET)  
  Transfrontier Television
  Conditional Access
  Protection of Journalism and Safety of Journalists
  Cross-border flow of Internet traffic and Internet freedom
  Rights of Internet Users
  Information Society
  New Media
  Public Service Media Governance
  Cross-border Internet
  Protection Neighbouring Rights of Broadcasting Organisations
  Media Diversity
  Public service Media
  Conference Freedom of Expression and Democracy in the Digital Age - Opportunities, Rights, Responsibilities, Belgrade, 7-8/11/2013
  Conference "The Hate factor in political speech - Where do responsibilities lie?", Warsaw18-19 September 2013
  Conference of Ministers, Reykjavik - Iceland, 28-29 May 2009
  European Dialogue on Internet Governance (EuroDIG)
  Committee of Ministers texts
  Parliamentary Assembly texts
  Ministerial Conferences
Useful links

Strasbourg, 20 September 2011



5th Meeting
20-21 September 2011
Agora Building
Room G05

Draft Recommendation of the Committee of Ministers to member states on the protection of freedom of expression and the right to private life with regard to
social networking services


1. Social networking services are increasingly becoming an important part of people’s daily lives. They are a tool for expression but also for communication between individuals or for mass communication. This complexity gives them a great potential to promote the exercise and enjoyment of human rights and fundamental freedoms, in particular the freedom to express, to create and to exchange content and communication.

2. Given their increasingly prominent role, social networking services and other social media services also offer great possibilities for enhancing the individual’s right to participate in political, social and cultural life. Bearing in mind Recommendation (2007)16 of the Committee of Ministers on the public service value of the Internet which states that the Internet and other ICT services have high public service value in that they serve to promote the exercise and enjoyment of human rights and fundamental freedoms for all who use them, greater efforts could be put into exploring how social networking services and other social media could act as a means to enhancing participation (especially of marginalised groups in society) and contributing to the strengthening of democracy and social cohesion.

3. The right to freedom of expression and information, as well as the right to private life, non discrimination and human dignity, may also be challenged on social networking services. These challenges may arise, for example, through lack of due process preceding the exclusion of users, insufficient protection of children1 and young people against the harmful behaviour of others, violation of other people’s rights, lack of privacy-friendly default settings, and lack of transparency about the purposes for which personal data is being collected and processed.

4. Users of social networking services need to respect other people’s rights and freedoms. Media education is particularly important in the context of social networking services in order to make the users aware of their rights when using these tools. Media literacy should also help individuals to acquire the human rights values and behaviour necessary to respect other people’s rights and freedoms.

5. A number of co- and self-regulatory mechanisms have already been set up in some Council of Europe member states. It is important that procedural safeguards are respected by these mechanisms, in line with the human right to a fair trial, within reasonable time, and starting with the presumption of innocence.

6. The Committee of Ministers recommends that member states, in cooperation with private sector actors and civil society, develop and promote coherent strategies to protect and promote respect for human rights with regard to social networking services, in line with the European Convention on Human Rights (ETS No. 5), especially Article 8 (Right to respect for private and family life) and Article 10 (Freedom of expression) and with the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (ETS No. 108), in particular by:

Appendix – Principles

I. Raising awareness as regards freedom of expression and access to information

1. Social networking services offer the possibility to both receive and impart information. Users can invite recipients on an individual basis, but in most cases the recipients are a dynamic group of people, sometimes even a “mass” of unknown people (all the members of the social network). In cases where users’ profiles are indexed by search engines there is potentially unlimited access to parts of or all information published on the profile.

2. It is important for participants to be able to feel confident that information that they share will be processed appropriately and to know whether this information has a public or private character and the implications that follow from choosing to make information public. In particular, children, especially teen agers, and other categories of vulnerable people need guidance in order to be able to manage their profile and understand the impact that the publication of information of a private nature could have, in order to prevent harm to themselves and others.

3. In cooperation with the private sector and civil society, member states should ensure that users’ right to freedom of expression is guaranteed, in particular by:

II. Appropriate protection of children against harmful content and behaviour

4. Freedom of expression includes the freedom to impart and receive information which may be shocking, disturbing and offensive and content that is unsuitable for particular age groups. Since social networking services play an increasingly important role in the life of children, as part of the development of their own personality and identity, and as part of their participation in debates and social activities, there are reasons for protecting children because of the inherent vulnerability that their age implies. This does not, however, entail an obligation on social a networking service to control, supervise and/or rate all content uploaded by its users. Parents should play a primary role in working with children to ensure that they are using the services in an appropriate manner.

5. Age-verification systems are often described as a possible solution for protecting children from output that may be harmful to them. However, at present there is not a single technical solution with regard to online age verification that does not infringe on other human rights and/or does not facilitate age falsification, thus causing greater risks than benefits to the children involved.

6. In cooperation with the private sector and civil society, member states should ensure children’s safety and protect their dignity while also guaranteeing procedural safeguards and the right to freedom of expression and access to information, in particular by:

III. Ensuring users’ control over their data

7. Social networking services process large amounts of personal data, including users’ profiling data and traffic data. Publishing personal data in a profile can lead to access by third parties, including, amongst others, employers, insurance companies, law enforcement agencies and the secret services.
In order for users to exercise control over their data, social networking services should offer privacy-friendly default settings, as already highlighted by a number of instruments adopted at both European and international level2. The interface must be clear and allow users to effectively exercise their rights.
8. Social networking services should not process personal data beyond the legitimate and specified purposes for which they have collected it. They should limit processing only to that data which is strictly necessary for the agreed purpose and for as short a time as possible. Social networking services must seek the informed consent of users if they wish to process new data about them, share their data with other categories of people or companies and/or use their data in other new ways. As stated in Recommendation (2010)13 on the protection of individuals with regard to automatic processing of personal data in the context of profiling, users should be informed where their personal data is used in the context of profiling. The user’s decision (refusal or consent) should not have any effect on the continued availability of the service to him or her. When allowing third party applications to access users’ personal data, the services must provide sufficiently multi-layered access to allow users to specifically consent to access to different kinds of data.
9. The default setting for users should be that access is limited to self-selected contacts. Users should be able to make an informed decision to grant access to a larger public, in particular with regard to indexability by external search engines. Social networking services should clearly inform users of the consequences of making information publicly available, including unrestricted access to, and collection of, data by third parties. The social networking service must offer adequate, refined possibilities to ‘opt in’ for (consent to) wider access. In case a user wants to widen access to all users of a social networking service or even globally, through indexability by external search engines, it must be clear - and the appropriate tools must be easily accessible - how they may restrict access again, including removal from archives and search engine caches. The use of techniques that may have a significant impact on users’ privacy, where for instance processing involves sensitive or biometric data (such as face recognition) requires enhanced protection and should not be activated by default.

10. It is key that social networking services apply the most appropriate security measures to protect personal data against unlawful access by third parties. Such measures should include end to end encryption of communication between the user and the SNS website. In case there is no applicable data-breach legislation, social networking services should report personal data breaches to their users, to enable them to take preventive measures, such as changing their password and/or keeping a close eye on their financial transactions (where the providers are in possession of bank or credit card details). Social network services are invited to address data protection needs at the stage of conception of their services or products and continuously assess the privacy impact of changes to existing services with a view to strenghtening security and users' control of their personal data.

11. Users should be informed about the processing of their personal data, including the existence of, and means of exercising their rights (i.e. access, rectification, erasure), in a clear and understandable manner, in language geared to the target audience. Users should be informed about possible challenges to their right to private life, not only in the social networking services’ core conditions (including when changes are brought to terms of service), but every time such a challenge may arise, for example, when the users make information on their profile available to new (groups of) users or when they install a third party application.

12. Users should be informed as to what law is applicable in the execution of the social networking services and the related processing of their personal data.
13. The practice of pseudonymous profiles offers both possibilities and challenges for human rights. In its Declaration on freedom of communication on the Internet (adopted on 28 May 2003), the Committee of Ministers stressed that “in order to ensure protection against online surveillance and to enhance the free expression of information and ideas, member states should respect the will of users of the Internet not to disclose their identity”.
The right of being able to use an online pseudonym should be guaranteed both from the perspective of free expression of information and ideas and from the perspective of the right to private life. In case a social networking service requires users to register with their real identity, publication of that real identity on the internet should be optionnal for the users. This does not prevent law enforcement to gain access to the real identity when necessary.
14. Users should always be able to withdraw their consent to the processing of their personal data. Before terminating their account, users should be able to easily and freely move the data they have uploaded to another service or device, in a usable format. Upon termination, all data from and about the users should be permanently eliminated from the storage media of the social networking service.

15. In addition to applicable legal provisions, appropriate complaint handling mechanisms should be guaranteed against abusive behaviour of users, in particular with regard to identity theft.

16. Non-users of the social network may also be affected by incautious disclosure of their personal data by users of the service or by use of their data by the social networking service itself. Non users should thus have effective means of exercising their rights without having to become a member of the service and/or otherwise provide excessive personal data. Social networking providers should refrain from collecting and processing personal data about non-users, for example e-mail addresses and biometric data (e.g. photographs). Users should be made aware of the obligations they have towards other individuals and, in particular, that the publication of personal data related to other people must respect rights of those individuals.

17. In cooperation with the private sector and civil society, member states should work upon operators of social networks that they ensure that users’ right to private life is protected, in particular by:

1 Below the age of 18.

2 See Article 29 Data Protection Working Party Opinion 5/2009 (12 June 2009); 30th International Conference of Data Protection and Privacy Commissioners Resolution on Privacy Protection in Social Network Services (Strasbourg 17 October 2008); International Working Group on data Protection in Telecommunications (IWGDPT) “Rome Memorandum” (Rome on 3-4 March 2008).