Legal Problems Regarding to the Personal Data Protection on Social Network Platforms: Data Controllers
Article Sidebar
Main Article Content
Abstract
The advanced in technology development, especially on the social network platforms has caused the obstacles on applying the data protection law. According to the research, two major problems were found: (1) the problem in determining the status of persons related to the collection, use or disclosure of personal data; and (2) the absence on the provision determining responsibility and duty of muti-controllers. Those problems result in the uncertainty of legal status and the unknown in the allocation of duties and responsibilities between social network service providers and users. Therefore, the necessity of establishing clear guidelines for interpreting the definitions of data controller and introducing provisions on the responsibility of joint controllers are essential keys to ensure the effective data protection compliance and risk management of the muti-controllers and enhance the complete protection of data subject rights.
Article Details
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
Views and opinions appearing in the Journal it is the responsibility of the author of the article, and does not constitute the view and responsibility of the editorial team.
References
Banisar, D., & Davies, S. (1999). Global Trends in Privacy Protection: An International Survey of Privacy, Data Protection, and Surveillance Laws and Developments. The John Marshall Journal of Computer & Information Law, 18(1), 1-112. https://repository.law.uic.edu/cgi/viewcontent.cgi?article=1174&context=jitpl
Blanc, N. (2018). Wirtschaftsakademie schleswig-holstein: Towards Joint Responsibility of Facebook Fan Page Administrators for Infringements to European Data Protection Law. European Data Protection Law Review (EDPL), 4(1), 120-126.
DOI https://doi.org/10.21552/edpl/2018/1/19
Changpradit, B. (2019). Cloud Computing: Recommendations for Thai Personal Data Protection Act. Graduate Law Journal, Thammasat University, 12(2), 204-213. https://so01.tci-thaijo.org /index.php/gradlawtujournal/article/view/139196
Court of Justice of the European Union (CJEU). (2018, June 5). Case C-210/16 Unabhängiges Landeszentrum für Datenschutz Schleswig-Holstein v. Wirtschaftsakademie Schleswig- Holstein GmbH. Judgment of the Court (Grand Chamber). https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX :62016CJ0210&from=en
Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data.
European Data Protection Board (EDPB). (2021a). Guidelines 07/2020 on the Concepts of Controller and Processor in the GDPR. Version 2.0 (Adopted on 07 July 2021). https://edpb.europa.eu/system/files/2021-07/eppb_guidelines_202007_controllerprocessor_final_en.pdf
European Data Protection Board (EDPB). (2021b). Guidelines 08/2020 on the Targeting of Social Media Users. Version 2.0 (Adopted on 13 April 2021). https://edpb.europa.eu/system/files/2021-04/edpb_guidelines_082020_on_the_targeting_of_social_media_users_en.pdf
GDPR Hub. (2020). AEPD-PS/00278/2020. https://www.aepd.es/es/documento/ps-00278-2020.pdf
Na Pibul, A. (2020). Legal Challenges of The Protection of Personal Data in the Context of Smart City. Graduate Law Journal, Thammasat University, 13(2), 271-294. https://so01.tci- thaijo.org/index.php/gradlawtujournal/article/view/241842
Organisation for Economic Cooperation and Development (OECD). (2013). The OECD Privacy Guidelines; Guidelines governing the protection of privacy and transborder flows of personal data. OECD. https://www.oecd.org/sti/ieconomy/oecd_privacy_framework.pdf
Personal Data Protection Commission (PDPC). (2017). Case No DP-160-A712; DP-1604-A713. https://www.pdpc.gov.sg/-/media/Files/PDPC/PDF-Files/Commissions-Decisions/Grounds-of-Decision-Social-Metric-271117.pdf
Personal Data Protection Commission (PDPC). (2018). Case No DP-1705-B0799. https://www.pdpc.gov.sg/-/media/Files/PDPC/PDF-Files/Commissions-Decisions/Grounds_of_Decision_Spring_College_International_240518.pdf
Personal Data Protection Commission (PDPC). (2021). Advisory Guidelines on Key Concepts in the Personal Data Protection Act. (Revised 1 October 2021). https://www.pdpc.gov.sg/-/media/Files/PDPC/PDF-Files/Advisory-Guidelines/AG-on-Key-Concepts/Advisory-Guidelines-on-Key-Concepts-in-the-PDPA-1-Oct-2021.pdf?la=en
Pitiyasak, S. (2018). Cloud Computing Policy and Personal Data Protection in the Cloud among the European Union, the United States, Australia and ASEAN: A Thailand Perspective. Sukhothai Thammathirat Open University Journal, 31(2), 25-43. https://so05.tci-thaijo.org
/index.php/stouj/article/view/206766
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, GDPR). https://www.legislation.gov.uk/eur/2016/679/contents#
Singapore’s Personal Data Protection Act 2012 (Act 26 of 2012). file:///C:/Users/HP/Downloads/ Personal%20Data%20Protection%20Act%202012.pdf
Thailand’s Personal Data Protection Act, B.E. 2562 (2019). (2019, May 27). Government Gazette. No.136, Chapter 69 Gor. https://thainetizen.org/wp-content/uploads/2019/11/thailand- personal- data-protection-act-2019-en.pdf
Van Alsenoy, B. (2016). Regulating Data Protection: The Allocation of Responsibility and Risk Among Actors Involved in Personal Data Processing[Doctoral Dissertation, The KU Leuven].
WP169. (2010). Opinion 1/2010 on the Concepts of ‘Controller’ and ‘Processor’. Article 29 Data Protection Working Party. https://ec.europa.eu/justice/article-29/documentation/opinion-recommendation/files/2010/wp169_en.pdf