Table of contents
Digital identity is what identifies us as citizens in the 2.0 world, since it allows for the singularization and association of information to a physical person, in a digital context. The terms digital identity and online reputation are often used interchangeably, but they are not the same.
In this post we explain and differentiate the concepts of digital identity and online reputation. We will also review the rights associated with digital identity, as well as the legal tools that the law offers to control information associated with that digital identity.
Digital identity is the result of the ICT revolution
A study published by the International Telecommunications Union in July 2017 confirms the ICT revolution: 830 million young people have some kind of connection, which is equivalent to more than 80% of the young population in 104 countries.
As a result, almost half of the world population has access to Internet, and probably the majority have a digital identity created online.
Since the concept of digital identity is very recent, we will first try to clarify what it means: what is digital identity?
Physical Identity versus Digital Identity
The identity in the physical world is associated with a series of characteristic features of each person, ranging from the name, age, gender to academic, cultural, and social levels, including tastes and/or preferences.
Examples of elements associated with a person’s identity are name, surname, ID, and in case of companies, the legal company name, the brand and/or tax ID.
The digital identity (or identity 2.0) is characterized by maintaining the same identifying information corresponding to the physical world, but published through the Internet and complemented by other elements, such as the email or the digital signature.
Although these are private elements, they allow authorized users and/or third parties (platform owners) to access personal data that identifies citizens in the physical world.
For example, Signaturit offers the possibility for third parties and/or interested parties to validate the identity of the parties involved in the signing of a document.
>> Related post: What types of eSignatures are defined by the Regulation (EU) No 910/2014?
How is the correspondence between physical identity and digital identity proved?
Through identification mechanisms.
What are identification mechanisms?
Identification mechanisms are those tools that allow to verify that a cyber user corresponds with the physical owner of the personal data.
In this sense, several identification mechanisms have been developed – such as the PIN number, SMS codes and the electronic signature, among others. Their implementation depends on the type of services offered by the company, and/or the level of security desired for user data.
Identification mechanism example: the electronic signature
The electronic signature is an identification mechanism that private companies develop, such as Signaturit.
Signaturit’s electronic signature complies with the requirements of the Regulation (EU) Nº 910/2014, known as eIDAS.
The eIDAS application makes it possible to guarantee the security in data treatment, avoiding possible information leaks (including personal data), the famous identity theft and/or the commission of other types of cyber criminal offenses caused by access to personal information that circulates on the Internet.
In sectors such the banking, insurance and/or the health sector, the use of one mechanism or another will depend on the level of legal security that each company wants to offer and/or on the regulatory requirements applicable to the corresponding sector.
It’s important to mention that the trend in Europe is oriented towards citizens using digital platforms to access and use the services offered by the public administration in the context of a single digital market.
That’s why identification mechanisms are important and their application becomes massive due to security issues and regulatory compliance.
The use and implementation of said mechanisms will depend directly on the users and their capacity to access services online.
Digital Identity versus Online Reputation
All information published on the Internet affects our identity and reputation online.
To differentiate digital identity to online reputation, we can quote Linkedin.
This social network allows each user to describe their digital identity including their academic and professional training. And at the same time, it offers the possibility for third parties to comment on others’ experience through “Recommendations”.
This last action is a clear example of online reputation.
For that, we can say that online reputation arises when other users rate online a natural person (physical) or legal person (company).
This information is indexed (tracked) by search engines and/or published through forums, blogs and/or through social networks, being therefore public and/or visible to third parties and/or other users.
Keeping in mind that the Internet is a phenomenon of global communication that allows to generate viral effects, it’s convenient for each person to control the information that appears about oneself online.
THE IMPORTANCE OF ONLINE REPUTATION
DAS and Traity include the analysis of a tenant’s online reputation in contracting rental insurance.
Thanks to Traity’s algorithms, the insurer DAS offers the landlord in his/her default insurance a study of the future tenant, to know if he/she is trustworthy at the moment of paying the rent.
>> Related post: What laws regulate cybersecurity in the European Union and in Spain?
What rights are associated with digital identity?
Digital identity does not have legal recognition, but the rights associated with the physical identity are extended to the digital identity, and therefore are applicable to it.
These rights are part of a set of legal rights that have been thought of as a result of the recognition of fundamental rights inherent to human beings.
Among those are the right to a person’s dignity, honor, personal privacy and to one’s own image. All of these rights are recognized at an international level in the Universal Declaration of Human Rights (article 12) and in the European Convention on Human Rights (Article 8).
In Spain, these rights are recognized in the Spanish Constitution (articles 10, 18, 20.4 and 96) and in the Spanish Organic Law 1/82 of May 5th regarding the Civil Protection on the right to honor, personal and family privacy, and one’s own image. These rights are also included in the Spanish Organic Law 15/1999 of December 13th, of Protection of Personal Data.
According to the Spanish Organic Law 1/82 of May 5th on Civil Protection, a person faces a violation of the right to honor when:
“the imputation of facts or the manifestation of value judgments through actions or expressions impair in any way the dignity of another person, undermining his/her reputation.”
The aforementioned corporate name seeks to protect the life of a human being from the disturbances that come from third parties and/or public powers, being the same State in charge of its protection through judicial entities.
Case Law related to online reputation of natural people
In accordance with the above, it’s necessary to mention the case law (final judgements issued by judges) that have been issued to date, through which the protection of online reputation has been achieved based on the regulations that protect the honor of a physical person.
As indicated by the Spanish Supreme Court Judgement of February 10, 2011:
“The defendent is condemned to cease the unlawful interference of the actor’s right to honor by eliminating any expressions or photography that violate the actor’s right to honor from the website “Alasbarricadas.org,” as reported in the legal notes of this present resolution, which constitute an unlawful interference of this individual’s right to honor, as does the publishing at the actor’s expense of any form of judgment using the same means of making such information available to the public, especially on an Internet website accessible to the general public, and to compensate the actor with the sum of 6,000 euros as well as any other costs incurred.” (Edit in bold.)”
Another example is the controversial ruling in the Google case on the right to be forgotten, which allowed requiring Google to eliminate the personal data of a natural person that had been indexed by the servers of said company, and that affected the online reputation of the defendant.
The ruling concludes that Google is a provider of Information services with responsibility in Europe, regardless of whether its headquarters are located in the United States.
Therefore, it must comply with the data protection regulation that allows citizens to request the deletion or cancellation of said data. This implies an obligation of the data controller to obey and comply with the data deletion request.
Regarding the above, the following is transcribed:
“Article 2(b) and (d) of Directive 95/46 are to be interpreted as meaning that, first, the activity of a search engine consisting in finding information published or placed on the internet by third parties, indexing it automatically, storing it temporarily and, finally, making it available to internet users according to a particular order of preference must be classified as ‘processing of personal data’ within the meaning of Article 2(b) when that information contains personal data and, second, the operator of the search engine must be regarded as the ‘controller’ in respect of that processing, within the meaning of Article 2(d).”
The rights associated with the online reputation of legal persons
The rights recognized for natural persons have also been recognized for legal persons (companies), and are therefore applicable to their digital identity and online reputation.
For example, the judgement of the Spanish Constitutional Court 139/1995 of September 26th recognized the right to honor for legal people, stating the following:
“It is evident that through the purpose for which each legal private person has been created, a scope of protection of his/her own identity can be established in two different directions: one to protect its identity when carrying out its functions and another to protect the conditions of exercise of its identity, under which would rest the right to honor. While this is so, any legal person can declare its right to honor violated through the disclosure of facts that defames it as an entity or makes it unworthy of others’ consideration.“
Recommendations and legal tools to control the right to honor
Respect for personal rights such as honor, personal privacy, one’s own image and therefore, online reputation, have the same importance and relevance as any other fundamental right.
Therefore, its application and respect are of utmost importance for the Spanish State and for the legal authorities, the latter responsible for guaranteeing respect for the rights of citizens.
Legal tools serve as a guardian of the use of personal data in the digital world.
However, to some extent, controlling the information that circulates on the Internet depends on the actions that citizens implement to control their own personal data.
As we have explained, in a preventative way there are the identification mechanisms, which are a control tool for the digital citizen and/or companies providing services and/or for the same government that provides digital services.
Below are some legal tools that must be taken into account to achieve the effective protection of your rights and/orthe rights of your company, keeping as a reference the Spanish legislation.
However, the protection of a breached right on the Internet can also mean the concurrence of different legislations, jurisdictions and/or legal cultures, which will require, when appropriate, the corresponding legal study.
Natural Person’s Situation |
Recommended Legal Action |
1. If you are facing libel or slander through a blog, platform and/or social network. |
a) Request that the service provider (owner of the website or platform) removes the offending content. |
b) Lodge a criminal complaint against the person issuing the comment or act that constitutes libel or slander. | |
c) In the event that the provider does not delete the contents of the information you can sue civilly, invoking the right to honor. | |
2. If you wish to exercise your right to be forgotten or have your personal data erased. |
a) Express your “right to oblivion” to the provider or database owner, who should subsequently delete all information, including if this is a request made to an overseas company such as Google within Europe. |
b) In the case of not getting a response within 10 days following the submission of the application, it must be reported to the Spanish Data Protection Agency. | |
c) Civil action for damages caused will be issued, in case a demonstrable prejudice has taken place between the date of the application until the effective date of the deletion. | |
3. If you have been a victim of identity theft. |
It is recommended to obtain all the information proving such a situation such as affidavits, audit trails, etc. Once the material evidence is in order, the following must be carried out: |
a) Immediately contact the person in charge of the platform and/or social media network. | |
b) Lodge a criminal complaint with the aforementioned evidence. When issued with a receipt of complaint, send a copy to the platform and/or social network. |
Legal Person’s Situation |
Legal Action |
1. If you have been the victim of slander or suffered injuries to your company’s activity, products and/or services. 2. If your company image or brand has been affected. |
a) Send a written request to the platform in question for the deletion of the comment affecting the honor of the legal entity (or brand) and/or the removal of the offending content. |
b) If the content is not removed, you may demand its removal on legal grounds, citing the right to honor. | |
c) In the event that the subject or the company that performed the comment or act, and this constitutes an act of unfair competition, the company concerned may denounce such a comment or act in front of the National Commission of Markets and Competition in Spain. (Comisión Nacional de los Mercados y la Competencia). | |
3. If there has been an unauthorized use of the brand. |
a) Send a request for the removal of content by written means to those responsible for the platform and/or social media network, indicating that it is an infringement of industrial property rights. |
b) Issue a demand for damages, if the perpetrator can be identified. | |
4. If there has been an incident of identity theft. |
It is recommended to obtain all the information proving such a situation such as affidavits, audit trails, etc. Once the material evidence is in order, the following must be carried out: |
a) Immediately contact the person in charge of the platform and/or social media network. | |
b) Implement a marketing strategy to raise awareness of the situation so customers know what happens. | |
c) Make a criminal complaint for the facts consituting the offense. |
This is a guest post by Ana Martiza Vega Suárez. Ana Maritza is lawyer specialized in new technologies and intellectual property as well as being the founder of Avatic Abogados. @AnaVegaSuarez @AvaticAbogados |