Personal Privacy and Sovereignty in Social Networks

Discussions about privacy and personal sovereignty in social networks should start with general questions. What is privacy in the context of the human presence in cyberspace? What constitutes personal sovereignty in the digital world? Could a social network have something like sovereignty? Who will defeat whom – a whale or an elephant – if a whale is a network, and an elephant is a state?

We know that the inviolability of private life is a fairly traditional, “analogue” human right, which is guaranteed by the constitutions of many countries throughout the world, including Russia. But in the digital world, in particular in social networks, the “analogue” right to privacy is being transformed into a “digital” individual right, which in reality depends on its recognition by the state, the operator of the social network and the person himself. In turn, both the social network and the person have some signs of sovereignty in cyberspace, and in this regard, they become like the state, almost on the same level, which leads to the emergence of inevitable interactions between them. Much depends on how such “digital” human rights and interactions are regulated in reality, rather than just on paper. Here I mean the inviolability of the digital personality, the right to be forgotten, the right to access information technology, etc.

All these rights are included in a certain commonality, which can be conditionally called the sovereignty of an individual. What constitutes the sovereignty of an individual? First, the recognition of one’s inherent dignity, which, as stated in the preamble to the Universal Declaration of Human Rights, is related to “all members of the human family”. Second, as the Constitutional Court of the Russian Federation points out, Chapter 2 of the Constitution of the Russian Federation imposes on the state not only the passive duty of abstaining from interfering with the freedom of the individual, but also an active (positive) duty to provide assistance in the practical implementation by an individual of his rights and freedoms. The list of these rights is extensive. However, keeping in mind the topic of our discussion, we will highlight those that are most important for a person in the environment of social networks and Big Data: the right to access the Internet, the right to personal data, the right to be forgotten, the right to access Internet technologies, the right to refuse Internet technologies, the right to mental inviolability, digital privacy, the right to a name, to an image, etc.

In cyberspace, a sovereign person collides with other sovereign entities, and, above all, with the state under whose jurisdiction he resides. State sovereignty, according to the classical doctrine, consists of the supremacy, independence and completeness of state power on its territory. According to the Constitutional Court of the Russian Federation, the territorial supremacy of state power is expressed in the fact that no other power is allowed within the territory of the Russian Federation, which could exist along with it or outside its control. In this regard, it is quite logical to include in this scheme the so-called sovereign Internet, which, like a certain lagoon, can only be separated from the ocean not by a sand spit, but by the insurmountable barrier of the state border.

A sovereign person also collides with network sovereignty. Does it really exist? There may be different opinions on this issue, but in any case, social networks have certain features of sovereignty. Within the network, the power of its administrator (operator, owner) is characterised by completeness, supremacy, and independence. It has its place in cyberspace, which is like a territory. It also has its own population – users. All of them have accepted user agreements, thereby, entered into the “citizenship of the social network” and pledged to obey these agreements.

At the same time, the social network has properties that the state does not have: a transboundary nature, anonymity, public accessibility, and technological unity. Each of these characteristics deserves a separate analysis.

The transboundary nature of the Internet and, consequently, social networks creates a situation where they exist, so to speak, in parallel with the state, since there is no state territory in cyberspace. However, the people, as noted by the Constitutional Court of the Russian Federation, form the physical substrate of the state and are identified with the concept of “citizens”; they, in turn, may be users of a social network. Inevitably there must be certain interactions between the social network and the state.

In a sense, the state and the social network compete in extending their sovereignty over the individual. But if the state, according to the Constitution, is obliged to recognise, observe and protect human and civil rights, then the network does not have such an obligation. It imposes responsibilities through the user agreement. Here, too, it resembles a state, which, with the help of laws, self-obliges itself to respect the rights of the individual.

The range of possible options for interactions between the state and the social network is extremely wide: from disregard, which was typical at the time when social networks began to appear, to prohibition and blocking; from soft, compromising regulations to harsh ones. However, the resolution of the conflict with the help of national legislation bumps into the cross-border activity of social networks. In particular, what is an offense in some countries may not be considered an offense in other countries, which means that the imposed restrictions and sanctions against users may turn out to be just, legal and justified in some countries, and illegal, unreasonable, and infringing on the rights and legal interests of users in other countries.

Let’s consider two options for the legal regulation of social networks, implemented in the European Union and the United States. The EU Regulation on Combating the Dissemination of Terrorist Content Online of March 16, 2021, obliges hosting providers to remove illegal content or restrict access to it within an hour after receiving an order from the competent national authorities. In other words, firstly, the obligated subject is not the owner (operator, administrator) of a social network, but a hosting provider that provides services on the territory of a particular EU member state. Secondly, the duty is not to monitor user accounts, but to comply with the requirements of the supervisory authority of the relative state.

In contrast, the US 1996 Communication Decency Act, Section 230 (c) does not impose any obligation on the hosting provider, owner, operator, or administrator of a social network. According to this regulatory legal act, any provider, and therefore the owner (operator, administrator) of a social network is released from responsibility for blocking and deleting materials that the provider considers obscene, depraved, rude, too cruel, harassing or otherwise. So it follows, that the provider has the right, but not the obligation to monitor user accounts. At the same time, he is released from responsibility both for removing or blocking content that he himself considers illegal, and for not removing or blocking content that the state considers illegal. In other words, the provider, on the one hand, is endowed with the rights of the editor-in-chief of the media in relation to user accounts (the right to remove any content), and on the other hand, he is discharged from liability for the content in the user accounts, since he is not an “editor-in-chief” or “publisher of the entire social network, but only “the owner of the fence on which the ads are posted”.

The models are different: in one case, the provider is obliged to comply, in the other – he has the right to take measures to restrict the dissemination of information. The goals are also different: in the first case, we talk about the idea of terrorist content, in the second case – about the free discretion of a bona fide provider, whom the American law compares to the “good Samaritan”. By the way, recently the Communication Decency Act rules were discussed in one of the US Congress committees, where they caused a deep split between Democrats, who demanded more censorship of dangerous and fake content, and Republicans, who opposed internal censorship in the networks.

Comparing the Russian domestic legislative innovations of December 30, 2020, one cannot fail to notice the bifurcation in the will of the legislator. The new version of the federal law “On information, information technologies and information protection” obliges the owner of the social network to monitor and block accounts, that is, to simultaneously act as the editor-in-chief of the media and Roskomnadzor. On the contrary, the new version of the federal law “On measures to influence persons involved in violations of fundamental human rights and freedoms, rights and freedoms of citizens of the Russian Federation” prohibits network owners from blocking user accounts under the threat of reprisals against the network as a whole.

The formulations used in the laws create a paradoxical picture. For example, a user writes on Twitter that someone is a bastard because he lives in Chertanovo district and works at the Zhilishchnik state budgetary institution. If the owner of Twitter does not restrict access to such an account, he will break the information law, and if he does, he will violate the law on measures to influence.

At the same time, the question of the limits of national jurisdiction on the Internet is quite interesting. The EU regulation states that it should apply to all providers that meet two criteria: first, the provider allows individuals or legal entities in one or more EU member states to use its services and, second, the provider has a significant connection with these countries. In turn, a significant connection is confirmed by the fact that the provider is established in the EU, provides services in the EU and its activities are aimed at the EU countries. The latter circumstance can be confirmed, in particular, by such signs as the use of language or currency, the possibility to order goods and services from the EU, presence in the national app stores, and the provision of local advertising.

The Russian domestic legislator also uses some of the listed criteria for the national localisation of an information resource, but inconsistently and haphazardly. Thus, in the law on information the language and advertising are used in relation to social networks and news aggregators, and in relation to search engines and audiovisual services – only the orientation of advertising. At the same time, nowhere can find by what indicators it is possible to determine the orientation of advertising.

So, let’s summarise. First, the choice of a person between the sovereignty of the state and the sovereignty of the network is illusory, because a person is always within the limits of state sovereignty – either by virtue of being in the territory, or by virtue of citizenship. Second, the network presumes the legal capacity and relevance of its users and keeps aloof, within the limits determined by itself, from restricting freedom of thought and speech, the right to information, freedom of conscience, freedom of creativity, etc. Third, guarantees of rights recognised by the state for a person can become a reality on the network only if the network has self-commitments, which can be the result of either a global conventional solution or legislative consolidation at the national level of adequate rules for the regulation of social networks. I would like to note that back in 2010, the relevant committee of the State Duma discussed a bill that was proposed by our UNESCO Chair. It was designed to conceptually solve these problems, but the legislator went along the path of creating the so-called “Law on bloggers”, which, as you know, ended in a fiasco.

From our partner RIAC

Mikhail Fedotov
Mikhail Fedotov
Doctor of Sciences, Professor, Faculty of Law, HSE University, RIAC Member