TOPIC: Social Media as the new “Big Brother”: Government regulation of Facebook

Review of Related Literature

WHAT IS THE RIGHT TO PRIVACY?

The Right to Privacy

Authors: Samuel Warren and Louis Brandeis
Source: 4 Harvard L.R. 193 (1890)

“That the individual shall have full protection in person and property is a principle as old as the
common law; but it has been found necessary from time to time to define anew the exact nature and extent of
such protection. Political, social and economic changes entail the recognition of new rights, and the common
law, in its eternal youth, grows to meet the demands of society”

In their article, Warren and Brandeis were addressing the effects of modern technology at that time in
the form of photographs and newspaper enterprises. They argued that this new technology gave rise to two new
injuries, “mental pain and distress” and the “perversion of morality” which were not adequately protected by the
legal remedies available in their time. They discussed defamation law and property law to see if these laws can
be applied to protect the privacy of the individual. They discovered that these laws were not sufficient and
proceeded to discuss what they called the “right to be left alone” which may be invoked to “protect the privacy
of the individual from invasion either by the press, photographer or the possessor of any modern device for
recording or reproducing scenes or sounds”.

PRIVACY IN THE MODERN WORLD

“You already have zero privacy. Get over it!” Would Warren and Brandeis Argue for Privacy for Social
Networking?
Author: Connie Davis Powell
Source: 3 Pace L. Rev 146 (2011)

The author summarizes the work of Warren and Brandeis and discusses the applicability of the same
principles to the current modern technology, social networking. She posits that thru social networking sites,
data is collected in two ways, from the users directly and from tracking the users’ movements online. She also
discusses the privacy policies of social networking sites such as Facebook, Myspace and Twitter. However,
currently, the users have no control over the use of their information. There is also the real possibility that social
networks can supplant other forms of media which should frighten advocates of Privacy.

“The personal information disclosed by users of social networks in posts and profiles, coupled with the
data collected electronically from the users’ actions and interactions with online networks creates a rich profile
that can be exploited”

According to the author, Warren and Brandeis would make the claim that technology has created a
need to revisit privacy protection and recommends that we should take a new look at privacy and its protection
online, particularly privacy as it relates to social networking.

“Indeed, Warren and Brandeis would argue that courts should view the disclosure and
commercialization of personal information contrary to the wishes of the users as a legal injuria and that privacy
cannot be left in the hands of those who seek to diminish it.”
PHILIPPINE JURISPRUDENCE RECOGNIZING THE RIGHT TO PRIVACY

Morfe v Mutuc
G.R. No. L-20387

“The right to privacy as such is accorded recognition independently of its identification with liberty; in
itself, it is fully deserving of constitutional protection. The language of Prof. Emerson is particularly apt: "The
concept of limited government has always included the idea that governmental powers stop short of certain
intrusions into the personal life of the citizen. This is indeed one of the basic distinctions between absolute and
limited government. Ultimate and pervasive control of the individual, in all aspects of his life, is the hallmark of
the absolute state. In contrast, a system of limited government, safeguards a private sector, which belongs to the
individual, firmly distinguishing it from the public sector, which the state can control. Protection of this private
sector — protection, in other words, of the dignity and integrity of the individual — has become increasingly
important as modern society has developed. All the forces of a technological age — industrialization,
urbanization, and organization — operate to narrow the area of privacy and facilitate intrusion into it. In
modern terms, the capacity to maintain and support this enclave of private life marks the difference between a
democratic and a totalitarian society.”

Gamboa v. Chan
G.R. No. 193636

“The right to privacy, as an inherent concept of liberty, has long been recognized as a constitutional
right.

Zones of privacy are likewise recognized and protected in our laws. The Civil Code provides that
"every person shall respect the dignity, personality, privacy and peace of mind of his neighbors and other
persons" and punishes as actionable torts several acts by a person of meddling and prying into the privacy of
another.”

WHAT IS DATA PRIVACY?

A Typology of Privacy
Authors: Bert-jaap Koops, Bryce Clayton Newell, Tjerk Timan, Ivan Skorvanek, Tomislav Chokrevski,
Magsa Galic
Source: U. Pa. J. Int’l L. Vol. 38(2017)

The authors developed their own typology of privacy through analysing constitutional protections of
privacy in nine different countries, and studying literature from privacy scholars in the same countries. They
organized the types of privacy into five different clusters, namely:

1) Privacy in General
2) Privacy of Places and Property (Home and other places, Property, and Computers)
3) Privacy of Relations (Family Life, Establishment of Social Relations, Communications, and
Documents)
4) Privacy of the Person (Body of the Person, Thought, Decision-making, and Identity)
5) Privacy of Personal Data

Privacy of Data or Personal Information, based on the model of Russia, is the “protection of information on
the private life of persons against processing without consent”. The Czech model, on the other hand defines
Data Privacy as the “protection of people from the unauthorized gathering, public revelation or other misuse of
personal data.”

The authors also enumerated the traditional data protection principles, which are:

1) Collection Limitation Principle (Protects how data can be collected)

2) Purpose Specification Principle (Data can only be collected for specific purposes)
3) Use Limitation Principle (Data collected can only be used for specific purposes)
 4) Protection of Confidentiality
5) Individual Participation (Right to access and right to be informed)
6) Accountability principle
7) Oversight by an independent authority)

DATA PRIVACY UNDER THE DATA PRIVACY ACT

Data Privacy Act

Republic Act No. 10173

SEC. 2. Declaration of Policy. – It is the policy of the State to protect the fundamental human right of privacy,
of communication while ensuring free flow of information to promote innovation and growth. The State
recognizes the vital role of information and communications technology in nation-building and its inherent
obligation to ensure that personal information in information and communications systems in the government
and in the private sector are secured and protected.

The Data Privacy Act Does not give a direct definition of Data Privacy. However, in the Declaration of Policy,
it can be seen that the law deals with the protection of personal Information.

Furthermore, Section 16 establishes the following rights of the data subject:

1) Be informed whether personal information pertaining to him or her shall be, are being or have been
processed;
2) Be furnished the information indicated hereunder before the entry of his or her personal information
into the processing system of the personal information controller, or at the next practical opportunity
3) Reasonable access to, upon demand, to the contents and sources of his or her personal information, as
well as the recipients of the information, manner by which the data was processed and reasons for its
disclosure.
4) Dispute the inaccuracy or error in the personal information and have the personal information
controller correct it immediately and accordingly.
5) Suspend, withdraw or order the blocking, removal or destruction of his or her personal information
from the personal information controller’s filing system upon discovery and substantial proof that the
personal information are incomplete, outdated, false, unlawfully obtained, used for unauthorized
purposes or are no longer necessary for the purposes for which they were collected.
6) Be indemnified for any damages sustained due to such inaccurate, incomplete, outdated, false,
unlawfully obtained or unauthorized use of personal information.

WHAT IS SOCIAL MEDIA?

Users of the world, unite! The challenges and opportunities of Social Media
Authors: Andreas M. Kaplan, Michael Haenlein
Source: Business Horizons (2010) 53, 59-68

“Social media is a group of internet-based applications that build on the ideological and technological
foundations of Web 2.0, and that allow the creation and exchange of User Generated Content”

The article traces the history of social media from the beginning of the internet. It argues that social
media was born 20 years ago when “Open Diary”, the first blog was made available to users. It explains the
concept of Web 2.0 in which web based content are no longer created and published by individuals but are
instead continuously modified by its users. It also discussed some challenges and opportunities of social media
and gives recommendations as to how to properly utilize social media.

WHAT IS FACEBOOK?

Facebook is a social networking service launched in 2004. It provides the following services:
 1) Provide a personalized experience for the user
2) Connects the user to other people and organizations
3) Empowers the user to express himself/herself and communicate about what matters to him/her
4) Helps the user discover content, products and services
5) Combat harmful conduct and protect and support the community
6) Use and develop advanced technologies to provide safe and functional services for everyone
7) Research ways to make its services better
8) Provide consistent and seamless experiences across the Facebook Company Products
9) Enable global access to its services

According to the Terms and Policies of Facebook, the Social Networking site admits collecting data from its
users, such as:

1) Information the user provides (metadata, location of the photo taken, etc.)
2) Networks and connections (people the user connects with)
3) Product Usage (features availed of, etc.)
4) Device Information (type of device the user used, operating system, etc.)
5) Information from partners (Advertisers, Ad Developers, etc.)

Facebook also lists down how they use the information they collect:

1) Provide, personalise and improve our Products (personalise features and content, make
suggestions, create personalised products, etc.)
2) Provide measurement, analytics and other business services (Help advertisers measure the
effectiveness and distribution of their ads and services)
3) Promote safety, integrity and security (verify accounts, combat harmful conduct, prevent spam)
4) Communicate with you (send users marketing communications)
5) Research and innovate for social good (support research and innovation on topics of public
interest)

Lastly, Facebook also outlines how they share the information they collect with other parties:
1) Sharing on Facebook Products (the user chooses the audience for what he/she shares such as posts)
2) Content that others share or reshare about you (People who can see your posts can download or
reshare the same)
3) Information about your active status or presence on our Products (People you connect with can
know whether you are online or not)
4) Apps, websites and third-party integrations on or using our Products (When you choose to use
third-party apps, websites or other services that use, or are integrated with Facebook they can
receive information about what you post or share)
5) Sharing with third-party partners (Facebook shares data with third-party partners who help them
improve their products. However, Facebook does not sell the data they collect to anyone)
6) Partners who use Facebooks analytics services (Facebook provides aggregated statistics and
insights that help people and businesses understand how people are engaging with their posts,
listings, Pages, videos and other content on and off the Facebook Product)
7) Advertisers (Facebook provides advertisers with reports about the kinds of people seeing their ads
and how their ads are performing)
8) Measurement partners.
9) Partners offering goods and services in Facebook Products.
10) Vendors and service providers.
11) Researchers and academics.
12) Law enforcement or legal requests.

Facebook Messenger: Eroding User Privacy in Order to Collect, Analyze, and Sell Your Personal
Information
Author: Erica Jaeger
Source: 31 J. Marshall J Info Tech & Privacy L. 393 (2014)

The article describes Facebook as having undergone a “remarkable transformation” since the days of
its infancy. It has morphed from being a private space for communication into a platform where much of your
information is public by default. This is because, pursuant to its terms and conditions, Facebook can share
information with many of its partners. The author also outlines how the Federal Trade Commission was created
in 1914, its purpose, and how Facebook violates the Federal Trade Commission Act by engaging in unfair and
deceptive acts and practices. Lastly, the author suggests that Facebook should rewrite its Data Use Policy and
Privacy Policy so as to not leave consumers vulnerable and unprotected.

SHOULD FACEBOOK BE REGULATED?

Critical Events in the Ethics of U.S Corporation History

Author: Douglas Beets
Source: Journal of Business Ethics, Vol. 102, No. 2, pp. 193-219 (2011)

Over the course of U.S History, legal rights established for individual humans have been extended,
primarily through litigation, to Corporations. The author coins the term CEECH (Critical Event in the Ethic of
U.S. Corporation History) and discusses how these events came to be and how the Corporations evolved
because of it, mainly through the acquisition of new rights. The author concludes that there is a unidirectional
and ethically questionable sharing of legal rights between individuals and corporation in favour of corporations.
Hence, individual humans, through the government that represents them should construct laws that define and
govern corporations in such a way as to benefit humans and society.

Social Networks, Privacy, and Freedom of Association: Data Protection vs. Data Empowerment
Author: Peter Swire
Source: 90 N.C. L. Rev. 1371 (2012)

The article examines the tension between the good and bad points of sharing information. The good
point is that information sharing through social media enables political mobilization such as the Arab Spring. On
the other hand, the bad point of sharing information in social media is the threat to privacy that comes with it.
The author argues that some form of state action may help Courts bridge the tension and properly analyse the
trade-offs between privacy and freedom of associations. He gives three examples of state action: 1) State or
Federal Law that prohibits all use of social networking sites for political campaigns, 2) A Privacy by Design
Rule that requires default settings to share as little personal data as possible and; 3) A Do Not Track
Requirement that applies to the activities of political campaigns, charities, or other non-profit activities.

The Governance of Social Media

Authors: Jonathan Obar and Steven S. Wildman
Source: Telecommunications Policy, 39(9), 745-750 (2015)

“When a new technology spreads rapidly through a society and becomes the foundation for new
businesses, a force for organizing social relationships, a critical link between political candidates and their
supporters, and begins to impact the design and delivery of government services, questions about whether and
how government should respond are unavoidable”

The author argues that a government response to the rise of social media is inevitable. He outlines the
possible government responses to an emerging technology and gives the advantages and disadvantages of each
one. The first is to produce solutions from existing legal and regulatory frameworks. An example would be the
attempt to regulate internet content using laws which apply to broadcast media. However, the author argues that
Judges and Legislators, in trying to fit technological innovations under conventional legal concepts did not fully
comprehend the technologies that they were handling. The second response is institutional change or the
creation of new policies which he argues is more responsive to the issues brought about by the new technology
but is time consuming, costly, and may not be feasible.

SOCIAL CONTRACT WITH PRIVATE CORPORATIONS

Can there be a social contract with business?

Author: Paul F. Hodapp
Source: Journal of Business Ethics, Vol. 9, No. 2, pp.127-131(1990)
 The author is critiquing the claim of a certain Professor Donaldson, who attempted to use a social
contract theory to develop moral principles for regulating corporate conduct. Professor Donaldson stated that “a
social contract, while not a written contract in the real world, would have concrete significance for it would help
to interpret the nature of a corporation’s indirect obligation.” However the author argues that such a social
contract will not work. In the first place, refusing to allow corporations to exist until it is willing to do more
harm than good is an infringement on individual liberty. On the other hand, if there is no form of regulation,
corporations can always refuse to enter into social contracts. In conclusion, a social contract theory with
business is not only useless for business ethics, but also pernicious.

HOW TO REGULATE FACEBOOK?

I. REGULATING DATA COLLECTION

1) Regulating Facebook under the Data Privacy Act (Republic Act No. 10173)

SEC. 3. Definition of Terms. – Whenever used in this Act, the following terms shall have the respective
meanings hereafter set forth:

(h) Personal information controller refers to a person or organization who controls the collection, holding,
processing or use of personal information, including a person or organization who instructs another person or
organization to collect, hold, process, use, transfer or disclose personal information on his or her behalf.

Facebook, based on its services and the way it handles data, is a Personal Information Controller as defined in
the Data Privacy Act. As such, its collection, processing, and sharing of data are covered by the Data Privacy
Act.

2) Treating Personal Data as Property

The EU General Data Protection Regulation: Toward a Property Regime for Protecting Data Privacy
Author(s): JACOB M. VICTOR
Source: The Yale Law Journal, Vol. 123, No. 2 (NOVEMBER 2013), pp. 513-528

Corporations that process personal data increasingly treat it as a commodity. They collect data from
consumers, compile it, and then sell it to other corporations for profit. The author argues that because of how
data is handled, it should be treated as a commodity. Therefore, personal data can be classified as property.

If personal data can be treated as property, then features applying to property regimes should apply to
personal data. One of which is, that under some property schemes, “the burden of a property right 'runs with the
asset'" in question. This feature allows for property rights to create burdens that bind third parties, in contrast to
contract rights, which bind only the specific parties.

Therefore, consumers have legally enforceable property interests in their data which would enable certain
interests to be “built in” to personal data. For example, individuals may place limitations on the future us of their
personal information.

3) Facebook as a Public Utility

What are Public Utilities?

KMU Labor Center v. LTFRB

G.R. No. 115381 (1994)

“Public Utilities are privately owned and operated businesses whose services are essential to the
general public. They are enterprises which specifically cater to the needs of the public and conduce to their
comfort and convenience. As such, public utility services are impressed with public interest and concern.”
 “When, therefore, one devotes his property to a use in which the public has an interest, he, in effect grants
to the public an interest in that use and must submit to the control by the public for the common good, to the
extent of the interest he has thus created.”

Why are Public Utilities Regulated?

Regulation of Public Utilities

Author: James K. Hall
Source: The Annals of the American Academy of Political and Social Science, Vol. 206, pp. 92-99 (1939)

The author argues that the regulation of public utilities stems from economic considerations in which
the inevitability of monopoly and the extraordinary public dependence on the utilities creates an economic
situation in which may be resolved in the public interest only by governmental regulatory action. The author
also discusses the monopolistic tendencies of public utilities. He quoted John Stuart Mill in saying:

“When, therefore, a business of real public importance can only be carried on advantageously upon so
large a scale as to render the liberty of competition almost illusory, it is an unthrifty dispensation of the public
resources that several costly sets of arrangements should be kept up for the purpose of rendering to the
community this one service It is much better to treat it at once as a public function”

Munn v. Illinois
94 U.S. 113 (1876)

“There is no doubt that the general principle is favoured both in law and justice, that every man may
fix what price he pleases upon his own property, or the use of it, but if for a particular purpose the public have a
right to resort to his premises and make use of them, and he have a monopoly in them for that purpose, if he will
take the benefit of that monopoly, he must, as an equivalent, perform the duty to it on reasonable terms.”

4) Facebook and Product Liability

Privacy as Product Safety

Author: James Grimmelmann
Source: Selected Works of James Grimmelmann (2010)

The author argues that the loss of privacy in social media is something that lawmakers should worry
about and discusses four myths of privacy on Facebook, namely:

1) Facebook users don’t care about privacy,

2) Facebook users make rational privacy choices,
3) Facebook users’ desire for privacy is unrealistic and;
4) Database regulation will make Facebook privacy-safe.

He debunks the first myth by illustrating how users act in ways that indicate that they care about
privacy. As to the second myth, he debunks it by citing sources which how that users massively misunderstand
Facebook’s privacy architecture. He debunks the third myth by arguing how Facebook is designed to be not
fully public. Lastly, he debunks the fourth myth by saying that there are certain information that Facebook
collects that are integral to its function and what should be limited are the secondary use of these data. This is
problematic because limiting secondary use is difficult. He illustrates a situation in which, if consent by the user
is necessary before Facebook can share user data, then there would be hundreds of notifications to the user per
day, which would effectively dissuade users form using Facebook.

Instead of regulation, the author suggests using the lessons learned from laws on Product Safety in
dealing with the related problem of privacy safety. Instead of focusing on the flow of information only, the
focus should also be on how people use social media. The author points out the basic duty of sellers to make
their product safe which will require social networking sites like Facebook to continuously improve their
product design. He also points out that the problem might be in the manner in which users use Facebook in ways
that they do not understand. Thus, following the laws of product safety, Facebook would be required to inform
their users as to the design of their program and how it works. The author also argues that Facebook is in a
better position than other product sellers because its product can be patched on the fly without the need for
recall.

5) Writ of Habeas Data

A.M. No. 08-1-16-SC

Section 1. Habeas Data. – The writ of habeas data is a remedy available to any person whose right to privacy in
life, liberty or security is violated or threatened by an unlawful act or omission of a public official or employee,
or of a private individual or entity engaged in the gathering, collecting or storing of data or information
regarding the person, family, home and correspondence of the aggrieved party.

Under this writ, a person can compel the release of information, or to update, rectify, suppress or destroy
database, information or files in the control of the respondent

Roxas v. Gloria Macapagagal Arroyo

G.R. No. 189155 (2010)

Petitioner was an American citizen of Filipino descent who volunteered to join members of BAYAN-
Tarlac in conducting a health survey in La Paz, Tarlac. She was apprehended by the military, detained and
tortured for allegedly being a member of the CPP-NPA. She was subsequently released but she continued to
receive calls in a cellphone given to her by the military. Fearing that she was being monitored, she filed a
Petition for the Writs of Amparo and Habeas Data.

The Supreme Court described the writ of Habeas Data in the following way,

“The writ of Habeas Data was conceptualized as a judicial remedy enforcing the right of privacy of
individuals. The writ operates to protect a persons’ right to control information regarding himself, particularly
in the instances where such information is being collected through unlawful means in order to achieve unlawful
ends.”

However, the Supreme Court did not grant the writ because petitioner failed to show an actual or threatened
violation of her right to privacy, life, liberty or security.

II. PRIVACY OF COMMUNICATION

IS FACEBOOK MESSENGERCOVERED UNDER THE PRIVACY OF COMMUNICATION/SHOULD

FACEBOOK BE ABLE TO READ OUR PRIVATE MESSAGES?

A Typology of Privacy
Authors: Bert-jaap Koops, Bryce Clayton Newell, Tjerk Timan, Ivan Skorvanek, Tomislav Chokrevski,
Magsa Galic
Source: U. Pa. J. Int’l L. Vol. 38(2017)

The authors define the Privacy of Communication as mediated communication, in which the
communication is transported from the sender to the receiver through a channel of communication.
Traditionally, the channel of communication is through letters or mail but it has been broadened to include
modern forms of communication such as telephones and email. According to the authors, privacy of
communication protects two aspects of communication, the freedom to communicate and the secrecy of the
contents of a communication.
FACEBOOK CAN BE USED AS A TOOL OF BOTH STATE AND NON-STATE ACTORS TO INFRINGE
ON THE PRIVACY OF INDIVIDUALS

From Facebook to Mugshot: How the Dearth of Social Networking Privacy Rights Revolutionized Online
Government Surveillance
Author: Junichi P. Semitsu
Source: 31 Pace L. Rev 291 (2011)

“While modern wiretapping and other electronic recording devices might be more reminiscent of the
law enforcement techniques depicted in Nineteen Eighty-Four, the government’s ability to tap into social
networking sites comes far closer to matching George Orwell’s “Though Police”

What Orwell did not foresee, however, is that an omniscient “Big Brother” would result through
government inactivity as opposed to a totalitarian takeover.

If that is not convincing enough, perhaps Orwell’s prescience is best illustrated by this fact: Mark
Zuckerberg, the CEO and co-founder of Facebook, was born in 1984.”

Facebook makes it clear that it can share data with the government conditioned on the exercise of
proper procedure. However, Facebook is not just a website, it is a controlled ecosystem that inspires its
inhabitants to share personal information and reveal intimate thoughts and despite the privacy controls, users
lack a reasonable expectation of privacy from unfettered government surveillance. The author also discusses, the
constraints of the Fourth Amendment to criminal investigations by government officials such as the Plain View
Exception, Voluntary Disclosure Doctrine, etc. and how these doctrines apply to Facebook.

CAN THE BILL OF RIGHTS CAN BE ENFORCED AGAINST NON-STATE ACTORS?

Draft Federal Constitution

Article III. Bill of Rights
Section 1. The rights under this article are demandable against the State and non-state actors, and their
enforcement shall be consistent with international standards.

The Bill of Rights in the Draft Federal Constitution makes it clear that such rights are demandable against both
State and non-state actors, as opposed to jurisprudence under the 1987 Constitution in which the Supreme Court
states that the Bill of Rights only apply against the State.