Social Media Data (0)

Note on compliance with the General Data Protection Regulation as pertaining to use of social media data within REScEU projects

 

EuVisions often conducts research which involves the collection and analysis of publicly available data from social media platforms. Much of this data, including usernames, is considered personal data under the General Data Protection Regulation (GDPR). In order to ensure this data is processed lawfully and transparently, the following procedures are followed by EuVisions projects undertaken by REScEU:

• All data collected from social media platforms is accessed through the official application programming interface (API) of that platform, and stored and used in compliance with that API’s terms of service.

• Data is only collected from platforms for which users have provided clear consent, as defined in Article 4(11) of the GDPR, to provide that platform with published data. For example: Twitter privacy policy (Paragraph 1.2) claims that Twitter “use[s] technology like application programming interfaces (APIs) and embeds to make [publicly shared information] available to [...] others for their use - for example [...] analyzing what people say on Twitter”. Facebook’s terms of service deal with publicly shared information in a similar way. Insofar as we collect data only by accessing the public APIs provided by the social networking platforms, justification for their use and processing derives from the fact that that these data have been manifestly made public by the data subjects themselves (Art. 9, paragraph 2.e GDPR 2016/679). In compliance with the Art. 14, paragraph 5a of the General Data Protection Regulation 2016/679, by accepting the social networking platform terms of service and privacy policy, data subjects are aware of the conditions under which their data are being made available to third parties.

• The phases of collection, processing and storage of social media data will be managed by selected project participants by means of the software Method52, a web-hosted platform developed by technologists at the University of Sussex and CASM Consulting LLP. The platform is part of a suite of computational tools and data storage systems that allows researchers to collect data automatically by connecting directly to social networking platforms’ application programming interface (API) and store such data in remote encrypted servers. The access and use of the platform by selected project participants is the object of a private agreement between Centro Einaudi and CASM Consulting LLP. CASM Consulting LLP is located in the UK, therefore it operates in full compliance with GDPR, during the phases of collection, storage, procession, retention and destruction of data. Please find all the relevant information on the privacy policy they adopt at the following link: https://demos.co.uk/privacy-policy/.

• EuVisions often applies techniques in artificial intelligence to social media data, in order to conduct research on this data. We ensure that the reasons for applying these techniques, the methodology used to analyse data, and the conclusions drawn from our analysis are presented clearly and fully in each research output. EuVisions is aware that the use of such techniques – when aimed at investigating individual political attitudes, orientations and preferences on the basis of personal characteristics and opinions – may configure the case of “profiling”. In compliance with the Art. 14, paragraph 5b of the General Data Protection Regulation 2016/679, information about profiling will not be made available individually to data subjects involved in the case of social media data. In fact, this communication can be avoided when and insofar “the provision of such information proves impossible or would involve a disproportionate effort, in particular for processing for [..] scientific or historical research purposes" (Art. 89, paragraph 1, GDPR 2016/679). Furthermore, we aim at collecting from social networking platforms only the information that data subjects agreed to share publicly in accordance with the social network’s terms of service. The GDPR (under Article 35 Paragraph 2.a) also requires controllers to conduct a Privacy Impact Assessment (PIA) when the processing of personal data includes profiling activities “on which decisions are based that produce legal effects concerning the natural person or similarly significantly affect the natural person.” However, EuVisions involves profiling activities only insofar as these are necessary for the specific research purposes of the project. Such activities will not by any means constitute the basis for “decisions” that could produce legal effects concerning individual data subjects or affect the natural person in any way.

• In order to respect the rights of data controllers to maintain control of their personal data, EuVisions will remove from any dataset personal data pertaining to an individual who requests such deletion.

• EuVisions does not publish any personal data collected during its research, nor is personal data shared with third parties external to EuVisions and CASM Consulting LLP, without the explicit consent of the data subject. Any data published or shared with a third party is aggregated, anonymised or altered to prevent identification of a natural person.

• Where quotes from social media users are published in reports, these quotes are bowdlerised – altered in a way which preserves meaning but prevents retroactive identification of the original post through e.g an online search. An occasional exception to this policy is observed when the user is publically known to the extent that they would not reasonably expect their social media posts to be private. It should be noted here that the GDPR only applies to natural persons, and not companies or organisations.

Title of Project: REScEU – Reconciling Economic and Social Europe: the role of the role of ideas, values and politics

Funding: European Research Council – ERC-2013-ADG

Name and Contact Details of Principal Investigator:             

Prof. Maurizio Ferrera

This email address is being protected from spambots. You need JavaScript enabled to view it.

+390250321176

 

If you have a query, concern or complaint about any aspect of this study, please contact the Principal Investigator.

If your concern or complaint is not resolved, you should contact the Data Protection Officer of the University of Milan:

Avv. Pierluigi Perri

Via Festa del Perdono 7

20122 Milano

Email: This email address is being protected from spambots. You need JavaScript enabled to view it.