Social Media Data (0)
Note on compliance with the General Data Protection Regulation as pertaining to use of social media data within REScEU projects
EuVisions often conducts research which involves the collection and analysis of publicly available data from social media platforms. Much of this data, including usernames, is considered personal data under the General Data Protection Regulation (GDPR). In order to ensure this data is processed lawfully and transparently, the following procedures are followed by EuVisions projects undertaken by REScEU:
- All data collected from social media platforms is accessed through the official application programming interface (API) of that platform, and stored and used in compliance with that API’s terms of service.
- EuVisions often applies techniques in artificial intelligence to social media data, in order to conduct research on this data. We ensure that the reasons for applying these techniques, the methodology used to analyse data, and the conclusions drawn from our analysis are presented clearly and fully in each research output. EuVisions is aware that the use of such techniques – when aimed at investigating individual political attitudes, orientations and preferences on the basis of personal characteristics and opinions – may configure the case of “profiling”. In compliance with the Art. 14, paragraph 5b of the General Data Protection Regulation 2016/679, information about profiling will not be made available individually to data subjects involved in the case of social media data. In fact, this communication can be avoided when and insofar “the provision of such information proves impossible or would involve a disproportionate effort, in particular for processing for [..] scientific or historical research purposes" (Art. 89, paragraph 1, GDPR 2016/679). Furthermore, we aim at collecting from social networking platforms only the information that data subjects agreed to share publicly in accordance with the social network’s terms of service. The GDPR (under Article 35 Paragraph 2.a) also requires controllers to conduct a Privacy Impact Assessment (PIA) when the processing of personal data includes profiling activities “on which decisions are based that produce legal eﬀects concerning the natural person or similarly signiﬁcantly aﬀect the natural person.” However, EuVisions involves profiling activities only insofar as these are necessary for the specific research purposes of the project. Such activities will not by any means constitute the basis for “decisions” that could produce legal effects concerning individual data subjects or affect the natural person in any way.
- In order to respect the rights of data controllers to maintain control of their personal data, EuVisions will remove from any dataset personal data pertaining to an individual who requests such deletion.
- EuVisions does not publish any personal data collected during its research, nor is personal data shared with third parties external to EuVisions and CASM Consulting LLP, without the explicit consent of the data subject. Any data published or shared with a third party is aggregated, anonymised or altered to prevent identification of a natural person.
- Where quotes from social media users are published in reports, these quotes are bowdlerised – altered in a way which preserves meaning but prevents retroactive identification of the original post through e.g an online search. An occasional exception to this policy is observed when the user is publically known to the extent that they would not reasonably expect their social media posts to be private. It should be noted here that the GDPR only applies to natural persons, and not companies or organisations.
Title of Project: REScEU – Reconciling Economic and Social Europe: the role of the role of ideas, values and politics
Funding: European Research Council – ERC-2013-ADG
Name and Contact Details of Principal Investigator:
Prof. Maurizio Ferrera
If you have a query, concern or complaint about any aspect of this study, please contact the Principal Investigator.
If your concern or complaint is not resolved, you should contact the Data Protection Officer of the University of Milan:
Avv. Pierluigi Perri
Via Festa del Perdono 7