Within the Law? The legal challenges of using social media in public security

In our previous blog we outline the key ethical challenges for the use of social media in public security. In this, the second part of that blog, the key legal issues connected with the use of social media for public security are examined and exemplified. {hyperlink ethics blog]

Legal issues arising in connection with police use of social media fall into 3 categories:

  • the position or role of public security agents, not only as enforcers of the law but also as data controllers;
  • the fundamental rights of the citizens; and
  • the involvement of citizens in the provision of public security.

The first category relates to questions to what is the scope of legitimate use of social media data by police officers, how the information shared or collected is legally qualified, and who is responsible for actions or has the right legal position to perform a specific action. For instance, in the case of criminal investigations police have specific legal competences though which they collect information and any data collected in these actions qualifies as police information and renders specific laws applicable.

The second category is related to, for instance, legitimate expectations of citizens when using social media linked to several (fundamental) rights of citizens, such as the right to privacy and data protection, freedom of expression, and the freedom of association. These rights are supposed to be free from interference of state actors, such as the police or other law enforcement agencies. In legal terms, fundamental rights case law points out that for the interference with a fundamental right several aspects have to be met. The interference has to be based on law, it has to be necessary in a democratic society, and it has to be proportionate in relation to the goal of the interference. So, unlimited monitoring of social media platforms is not allowed, but there needs to be a focus on specific users or (types of) content. In addition, several general principles apply when personal data is processed: legitimate purposes (including weighing proportionality and subsidiarity), right of data subjects and obligations of data controllers/processors (a.o. General Data Protection Regulation, Right to be Forgotten, Privacy by Design, Council Framework Decision 2008/977/JHA. The processing of personal data needs to be legitimate, in line with the above. Moreover, data subjects have, for instance, the right to be informed about their data being processed and even have a right to access these data.

The third category of issues is the involvement of citizens in public security by means of social media. When citizens are involved, two legal issues come to the fore. The first is the extent to which citizens are allowed to engage in public security planning, in particular when it concerns investigating criminal behaviour or tracing criminals. The online context may allow for further going activity by citizens towards investigating crime or monitoring individual ‘suspects’. This kind of activity blurs with the exclusive competences of the police. The second issue is the risk of citizens taking the law into their own hands. Like the issue above, a major point of attention here is the lack of safeguards. Moreover, there is a risk of citizens who take action in order to fight crime turning towards anti-social behaviour themselves. This behaviour can be a form of privacy infringement when specific people are closely monitored on their online activities, but it may also turn towards forms of online harassment or naming and shaming practices. For instance, a group of citizens can intensively follow and analyze all social media activity of a person and therewith infringe upon privacy. If the monitored person is assumed guilty of any criminal act, other citizens can post accusations online with reference to the social media profiles of this person. Here, citizens take the law in their own hands, and there is a lack of an independent judgment.

To complicate things further, online forms of certain behaviour are not always straightforward criminal acts, because of the lack of a physical impact to victims. As a result, even if the online behaviour is criminalized, the information with which law enforcement agencies have to deal or act upon is sometimes difficult to classify in a legal status. If information classifies as police information, other legal requirements and safeguards are at stake when it concerns ordinary information.

In addition, a conflict may arise between different fundamental rights. For instance, online harassment or planning of mass gatherings may seem to be protected under the freedom of speech and freedom of assembly, while conflicting with fundamental rights of others, such as victims of harassment.

And, finally, across the EU, there are slight differences in the legal frameworks. This is challenging to achieve a common approach towards social media involvement for public security purposes, but can also be right out problematic, since online media often includes cross-border usage. This makes that different jurisdictions can be involved at the same time.

These issues and more will be discussed by a range of stakeholders at the project workshops we are running as part of the MEDI@4SEC project. If there’s an issue you think we should tackle, join our ongoing conversation: tweet us at @media4sec using the hashtag #media4sec and join our LinkedIn group to comment on this and other articles and discussions. You can download a copy of the full report on the ethical and legal dimensions of social media use in public security from our publications page.


Arnold Roosendaal

Senior Advisor
Privacy Company

Leave a Reply

Your email address will not be published. Required fields are marked *