The principles and procedures of personal data protection used in combating disinformation

Daniel-Mihail Șandru, The principles and procedures of personal data protection used in combating disinformation, p. 179-192 în vol.
Mihaela Daciana Natea (ed.),Disinformation Crossing Borders. The Multilayered Disinformation Concerning the War in Ukraine,Ed. L’Harmattan, 2022

Articolul a fost publicat in traducere: Daniel-Mihail Șandru, Principiile și procedurile protecției datelor cu caracter personal utilizate în combaterea dezinformării, Pandectele române, nr. 6/2022, p. 31-52 PROQUEST, EBSCO, Pandectele romane

The principles and procedures of personal data protection used in combating disinformation

Summary

The article addresses the issue of disinformation and fake news from the perspective of the usefulness of the procedures and principles regulated in the matter of personal data protection. The main regulation is the General Data Protection Regulation (GDPR), and we will research public communications from two current crisis areas: the health crisis and the military crisis. From the aforementioned regulation, we will base our research on three key elements: principles, rights of data subjects, technical and organizational measures (procedures). Can GDPR provide support against fake news? The study demonstrates that under ideal conditions, complying with the GDPR or applying its rules can lead to the removal of fake news from the source, from the main data controller or can lead to the identification of the incorrect message by the user.

Keywords:

Fake news, personal data protection, technical and organizational measures, principles, GDPR.

Introduction[1]

Disinformation (fake news) is not a new phenomenon, but it is increased by the ways of transmitting information, the emergence of social networks, technological progress in general[2]. As technology is complex, the countermeasures are multimodal and automated[3]. Fake news is not a legal institution, but a communication that official and scientific sources consider to be altered. Distorted communication[4] is carried out with the intention of creating a false message, which can cause damage, direct or indirect to natural persons, and in this way, misinformation can be the object of the action brought before the courts. Can data protection regulations provide practical support in combating disinformation?[5] We used the expressions “fighting disinformation” or “against fake news” to emphasize that the solution is not to eliminate content considered fake news. This solution could also lead to new exaggerations, which from a legal point of view are violations of the right, mainly of the right to free expression. Moreover, in a study for the European Parliament[6], it is emphasized that the solution is not the removal or blocking, but de-prioritization and labelling, measures that are in accordance with the jurisprudence of the European Court of Human Rights (ECtHR) and the Court of Justice of the European Union (CJEU). We will analyse this hypothesis from the perspective of journalism because many communications refer to data subjects. Journalism represents the main way of large-scale communication, which comes from a trusted entity, so fake news from journalistic information is much more penetrating than information produced by individuals, by users of social networks. At the competition of journalism there is an intermediate category of communicators, i.e. influencers[7]. We are interested in communications of facts, not judgments or opinions. To begin with, we will explore a wide range of fundamental rights that come into contact in the relationship between fake news and the protection of personal data: freedom of expression, the right to information, the right to private life, the right to data protection. We will analyse the possibility for which data protection regulations are a means to combat disinformation, and not an end in itself, to protect personal data, or, in any case, this end is secondary. We will separate the analysis into principles, rights of the persons concerned, procedures – technical and organizational measures – all these studied in the context of removing fake news. Finally, we will investigate whether particularly within the communication process, data protection procedures could be used on the Internet, within social networks. The study proposes for this applied research to have a degree of usefulness for data controllers, in a broad sense, journalists, but through the adopted methodology we also considered the target person. In the context of current communication crises, we will analyse with examples from the military crisis, namely the conflict in Ukraine[8].

Possible collision of fundamental rights: freedom of expression, right to information, right to privacy, right to data protection.

Fundamental rights are not in a rigid hierarchy. The General Data Protection Regulation (GDPR)[9] is the main regulation on the matter. This regulation is cited, used as a legal basis in a series of European Union documents that are drawn up in order to combat disinformation[10]. Even if it creates a real system of rules regarding the right to privacy and data protection, the GDPR remains the essential, fundamental rule for the three categories studied in this article: principles, rights of data subjects and procedures. “The regulation respects all the fundamental rights and freedoms and principles recognized in the charter as enshrined in the treaties” (consid. 4) and encompasses a detailed enumeration of the fundamental rights that could influence this fundamental right, of a recent origin, the protection the data. Freedom of expression, especially in the media, in journalism is essential for a democratic society. The jurisprudence of the European Court of Human Rights and the Court of Justice of the European Union exemplifies this role. Recently, in the case of Biancardi v. Italy[11], the ECtHR gave priority to the right to private life, considering that the freedom of expression was exercised abusively. The ECtHR ruled on a request to de-index an article that referred to the criminal investigation of an altercation in a restaurant. The indication of the names of the persons in the article was likely to lead to the conclusion of the violation of the freedom of expression or the right to information, even in the conditions in which the persons in question were not public figures. The published information was not false in any way, the truth had not been altered, but the publication of the information was not proportionate, the private life of individuals was affected. A Romanian court also applied art. 10 of the Convention for the Protection of Human Rights and Fundamental Freedoms (hereinafter ECHR or “European Convention”) ordered the deletion of the article from the Internet and the granting of moral damages[12]. In the same way, we disclosed the application of the right to information in the context of Romanian legislation and the GDPR[13]. Journalists’ right to information may be limited by the application of the GDPR, but at the same time, as we will see, the GDPR establishes standards for the protection of human rights, in particular the right to data protection and privacy.

General Data Protection Regulation (GDPR) – auxiliary tool in the fight against fake news

The GDPR is essential for the application of art. 8 of the Charter of Fundamental Rights of the European Union (CFREU) and art. 16 of the Treaty on the Functioning of the European Union (TFEU). The main goal is the coherent functioning of the internal market and, as a subsidiary, the protection of fundamental rights. The CDFUE is an autonomous document from the European Convention and its purpose is different. Fake news is part of this topic of fundamental rights: right to information and freedom of expression. Fake news represents a limitation of these rights, for which, even if it originates from private data controllers, the European Union must find proportional, legal, transparent solutions[14]. The general data protection regulation is secondary legislation, implementing the principles of the treaties. It can be invoked and applied for the protection of the fundamental rights distinctly provided for in the treaties, namely data protection and the right to private life, in the alternative. There are other rights that can be protected by applying the GDPR, and these are the ones that are directly related to fake news, mainly those that are mentioned in art. 11 CDFUE, freedom of expression and information.

GDPR principles applied in the field of communication

The GDPR regulates in art. 5 a series of principles – proportionality, legality, transparency[15], fairness[16], accuracy, purpose limitations, storage limitations, integrity, and confidentiality[17] – principles to be demonstrated by the data controller, in line with the principle of responsibility[18].

The principle of transparency in the processing of personal data is a source to establish the link between the facts and the author/participants. The lack of their nomination in articles and published materials may be necessary for various reasons: to ensure confidentiality and protect the source, to respect private life, to observe the legal regime of data protection. But, once faced with a challenge to the veracity, the author of the information will have to be able to indicate the persons, if not to the public, at least to the competent authorities[19]. According to the Guidelines on transparency under Regulation 2016/679/EU elaborated by the Working Group for art. 29 (GL29)[20], “transparency is a general obligation under the GDPR, which applies to three central areas:

(1) providing information to data subjects in relation to fair data processing;

(2) how data controllers communicate with data subjects about their rights under the GDPR; and

(3) the way in which data controllers facilitate the exercise by data subjects of their rights”.

These Guidelines also refer to art. 85 GDPR and to the obligation of the member states to legislate adequately in order to reconcile data protection with freedom of expression and information (point 69). Compliance with the elements of the principle of transparency in the GDPR can also lead to the avoidance of misunderstandings, which can trigger misinformation. For example, the requirement for the information to be “intelligible” means that it should be understood by an average member of the intended audience. Intelligibility is closely related to the requirement to use clear and simple language (point 9). “The readily accessible element means that the data subject should not have to search for the information; it should immediately see where and how this information can be accessed, this information can be provided to the data subject directly or via a link addressed to him, the place where it is found or can appear can be clearly indicated in response to a natural language question – for example, in a layered online privacy statement/notice, in an FAQ section, via pop-up context windows that is activated when a the data subject fills in an online form or in an interactive digital context through a chatbot-type interface, etc” (point 11). Regarding the requirement of clarity, the Guidelines consider that “information should be provided in the simplest possible way, avoiding complex syntactic and linguistic structures. Information should be specific and definitive; they should not be formulated in abstract or ambivalent terms or leave room for different interpretations”. These examples, of the elements of the principle of transparency, are necessary for any text, any information, not only for documents concerning the relationship between the data controller and the data subject. The principle of transparency is clearly mentioned in the Commission’s documents: “the revised Code of Practice should include new, tailored commitments addressing the use of messaging platforms for the dissemination of political and issue-based ads, in full respect of the GDPR and EU requirements for privacy in electronic communications services. The above-mentioned requirement that when sponsored political content is shared between users, it should continue to be labelled as paid-for content, should also apply to the extent possible to sponsored political content shared over messaging platforms. To this end, signatories should develop solutions which are compatible with the encryption technology often used by messaging platforms, without any weakening of the encryption”[21].

The principle of accuracy of data processing is also useful in combating fake news. The use of reliable, scientific, or journalistic sources, the correct citation of these sources can eliminate ambiguities and sometimes fake news. Posting information, followed by photos that refer to other people, possibly namesakes when copied from the web or simply with the intention of deceiving, can confuse the reader[22]. From the studied cases of ignoring data verification, it can easily be observed that most of them come from private sources. Individuals usually post images, text, or video with fake content on social networks. These have a generally limited audience, but some are picked up by publications either interested in the manipulative content[23], pointing to posts on social networks as the “source”, or disinterested in veracity, looking only for sensational news.

Data controller procedures – element of the protection of the natural person

Data subjects’ rights are a first element in combating false information on the Internet. The data processing of data subjects is carried out by ensuring minimal rights: informing the data subject (art. 12-14 GDPR), their right of access (art. 15)[24], the right to rectification (art. 16), the right to deletion (art. 17), the right to restrict processing (art. 18-19). The last three rights listed above are directly related to breaking news. The persons affected by this news can request the rectification, deletion, or restriction of the processing in order to be able to file an action in court.

A second element would be pseudonymization (art. 5 par. 1 point 5) and anonymization of data. These methods protect natural persons from possible inconveniences or repercussions.

A third element refers to the application of the actual technical and organizational measures. The data protection rules can guarantee that an information has been verified, since the principles (legality, accuracy, purpose) but also the methods of data processing (disclosure, dissemination, collection, storage, etc.) are respected – mentioned in art. 4 para. 1, point 2). Currently, even the press agencies communicate about the news verified and detected as fake news[25].

A fourth element is profiling, automated decision systems and artificial intelligence. In principle, this is prohibited by European regulation. The French data protection authority (Commission nationale de l’informatique et des libertés – CNIL) has sanctioned the creation of profiles for the purpose of using them in lobbying activities[26]. Profiling of this type could also be used in the publication of certain information, articles, posts on social networks affecting certain natural persons. Profiling is done for the purpose of monetizing personal data, targeted[27] advertising or even profiled information[28]. Artificial intelligence, facial recognition or the use of any other systems that automatically decide on a person’s behaviour, actions, must be justified and documented because they represent risks to the rights and freedoms of natural persons.

Spreading fake news on social networks

Virtual communities, social networks have an important role in the field of fake news. A first problem are the users. Studies show that most users do not read the content carefully, they stop superficially at the title and images. It is the fertile ground for the retransmission of false information, especially if that information is within the perimeter of the user’s profiled concerns[29]. From a legal point of view, there is the question of blocking[30] or removing the content, as extreme measures or of deprioritization or labelling. These measures can be imposed by regulation, but implementation can only be done by social network providers. A second problem is social network providers. A measure that can lead to the fair distribution of messages is the establishment of content moderation, especially for hate speech but also for other forms of violation of human rights, dignity, private life, or personal data. A third problem is professional users, such as influencers or page administrators. The processing of data on social networks is carried out in different ways, and these data controllers have the responsibility of informing the data subjects[31] because through them, social networks can profile regular users. A fourth problem is ghost or fake accounts on social networks. This issue is discussed both by the authorities in the European Union and by social networks that announce the elimination of fictitious or cloned accounts[32].

Conclusions

The publication of information is sometimes the disclosure of personal data. In this communication sequence, the methods, principles, techniques in the field of data protection can intervene, as they are regulated by the GDPR. European Regulation can play a role in combating fake news where personal data is processed. Verified and accurate communications also comply with data protection principles, and procedures can complement ensuring the legality of processing. The GDPR becomes an auxiliary instrument to guarantee other rights, such as the right to information and the fight against fake news. This tool can itself be proceduralized: verification, citation and use of sources, confrontation of information, legality of information, application of techniques for verification of sources coming from natural and legal persons who do not have responsibility for the information.

Bibliography

Studies published in journals:

Manny Cohen, Fake news and manipulated data, the new GDPR, and the future of information, Business Information Review, 2017, Vol. 34(2) 81–85;
Sarah Eskens, Natali Helberger, Judith Moeller, Challenged by news personalisation: five perspectives on the right to receive information, Journal of Media Law, Vol. 9, 2/2017;
Maksym Gabielkov, Arthi Ramachandran, Augustin Chaintreau, Arnaud Legout, Social Clicks: What and Who Gets Read on Twitter?, ACM SIGMETRICS / IFIP Performance 2016, Jun 2016, Antibes Juan-les-Pins, France. https://hal.inria.fr/hal-01281190/document ;
Alexandru Georgescu, Irina Alexe, Daniel-Mihail Șandru, Ciocnirea valorilor: legea română privind liberul acces la informațiile de interes public și protecția datelor personale [The clash of values: the Romanian law on free access to information of public interest and the protection of personal data], Revista română pentru protecția și securitatea datelor cu caracter personal (RRPSDCP), nr. 2/2020, p. 24-33.
Julie Posetti, Alice Matthews, A short guide to the history of ’fake news’ and disinformation. A learning module for journalists and journalism educators, ICFJ – Interntional Centre for Jurnalists, 2018, available at https://icfj.org;
Andrea Renda, The legal framework to address “fake news”: possible policy actions at the EU level, European Parliament, 2018;
Vivek K. Singh, Isha Ghosh, Darshan Sonagara, Detecting fake news stories via multimodal analysis, JASIST, Vol. 72, 1/ 2021;
Adriana Maria Șandru, Daniel-Mihail Șandru, Dreptul umanitar și protecția datelor personale [Humanitarian law and personal data protection], Pandectele române, nr. 6/2018;
Adriana-Maria Șandru, Daniel-Mihail Șandru, Consecințele lui „îmi place”: cauza Fashion ID, C-40/17, continuitate și noutate în interpretarea conceptului de operator în dreptul Uniunii Europene [The consequences of “I like”: the case Fashion ID, C-40/17, continuity and novelty in interpreting the concept of controller in European Union law], Pandectele române, nr. 5/2021;
Daniel-Mihail Șandru, Răspunderea administratorului unei pagini găzduite pe o rețea socială. Calitatea de operator în sensul reglementărilor privind protecția datelor [Liability of the Administrator of a Page Hosted by a Social Network. Quality of Controller within the Meaning of the Regulations on Personal Data Protection], Dreptul, nr. 7/2019;
Daniel-Mihail Șandru, Ierarhizarea valorilor și drepturilor fundamentale în activitatea jurnalistică [The hierarchy of fundamental values and rights in the journalistic activity], Revista Dreptul, nr. 4/2020;
Daniel-Mihail Șandru, Principiul transparenţei în protecţia datelor cu caracter personal [Transparency principle in the data protection law], Pandectele române, nr. 4/2018;
Daniel-Mihail Șandru, The fairness principle in personal data processing, Law Review, 1/2020;
Daniel-Mihail Șandru, Principiile integrităţii şi confidenţialităţii în protecţia datelor personale [Principles of integrity and privacy in the protection of personal data], în Supliment Revista de drept public, 2018;
Daniel-Mihail Șandru, Principiile protecţiei datelor – de la teorie la practică [Principles of data protection – from theory to practice], Curierul Judiciar, nr. 6/2018;
Daniel Mihail Șandru, Dreptul de acces al persoanei vizate în jurisprudenţa relevantă [The right of access of the data subject in the relevant case-law], Revista română de drept al afacerilor, nr. 4/2017;
Daniel-Mihail Şandru, Imposibila coexistenţă între protecţia datelor şi comunităţile virtuale? Ce urmează? [Impossible coexistence between data protection and virtual communities? What’s next?], Pandectele Române, nr. 1/2018;
Edson C. Tandoc Jr., Zheng Wei Lim & Richard Ling, Defining “Fake News”, Digital Journalism, Vol. 6, Iss. 2/2018;
Tal Z. Zarsky, Privacy and Manipulation in the Digital Age, Theoretical Inquiries in Law, vol. 20, 1/2019.

Studies published in Coordinated volumes:

Tee Wee Jing, Raja Kumar Murugesan, Protecting Data Privacy and Prevent Fake News and Deepfakes in Social Media via Blockchain Technology, in Mohammed Anbar, Nibras Abdullah, Selvakumar Manickam (coord.), Advances in Cyber Security, Springer, 2021.

Books, studies

European Parliament, The fight against disinformation and the right to freedom of expression, 2021, available at https://www.europarl.europa.eu/RegData/etudes/STUD/2021/695445/IPOL_STU(2021)695445_EN.pdf
ENISA, Strengthening network & information security & protecting against online disinformation (“fake news”), 2018.
OECD, Disentangling untruths online: creators, spreaders and how to stop them, 2022.

Laws

Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Regulation on data protection) was published in Official Journal of the European Union L 119, 4.5.2016;
The Strengthened Code of Practice on Disinformation 2022;
Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions, European Commission Guidance on Strengthening the Code of Practice on Disinformation, COM/2021/262 final;
Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions, Combaterea dezinformării online: o abordare europeană, Bruxelles, 26.4.2018, COM(2018) 236 final.
Article 29 Working Group, Transparency Guidelines under Regulation 2016/679, 17/RO, GL260 rev.01, adopted on 29 November 2017, as last revised and adopted on 11 April 2018, available at address https://www.dataprotection.ro/servlet/ViewDocument?id=1601.

Daniel-Mihail ȘANDRU

Daniel-Mihail Şandru co-ordinator of the Center for European Legal Studies, Institute for Legal Research “Andrei Radulescu”, The Romanian Academy (csde.ro); doctoral supervisor; profesor of EU law and international commercial arbitration; Ad hoc Judge at European Court of Human Rights; Arbitrator at the Court of International Commercial Arbitration (Bucharest). Web: www.mihaisandru.ro.

Email: mihai.sandru@csde.ro

[1] [The author would like to thank Mr. Marius Cătălin Mitrea for the support offered in translating the article in English.]

[2] Julie Posetti, Alice Matthews, A short guide to the history of “fake news” and disinformation. A learning module for journalists and journalism educators, ICFJ – Interntional Centre for Jurnalists, 2018. Available at https://icfj.org.

[3] Although there have been several attempts to identify fake news, most of these efforts have focused on a single modality (e.g., only text-based, or only visual features). However, news articles are increasingly framed as multimodal news, and therefore a multimodal approach combining textual and visual analysis of online news is proposed to automatically detect fake news. Vivek K. Singh, Isha Ghosh, Darshan Sonagara, Detecting fake news stories via multimodal analysis, JASIST, Vol. 72, 1/ 2021, p. 3-17.

[4] The research of some scientific articles led to the creation of typologies of what is meant by fake news: satire news, parody news, constructed news, manipulation, advertising, and propaganda. These definitions are based on two dimensions: levels of facticity and deception. See: Edson C. Tandoc Jr., Zheng Wei Lim & Richard Ling, “Defining “Fake News”, Digital Journalism, Vol. 6, Iss. 2/2018, p. 137-153.

[5] Fake news can have a dangerous impact on data protection and data security. This matter will be discussed separately, in an article about the relationship between fake news and personal data. ENISA, Strengthening network & information security & protecting against online disinformation (“fake news”), 2018.

[6] European Parliament, The fight against disinformation and the right to freedom of expression, 2021, available at: https://www.europarl.europa.eu/RegData/etudes/STUD/2021/695445/IPOL_STU(2021)695445_EN.pdf.

[7] Cătălina Goanță, Sofia Ranchordás (Eds), The Regulation of Social Media Influencers, Elgar Law Publishing, 2020.

[8] The data processed in such a context is also studied within humanitarian law: see, in detail: Adriana Maria Șandru, Daniel-Mihail Șandru, “Humanitarian law and the protection of personal data”, Pandectele Române, no. 6/2018, p. 58-66.

[9] Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Regulation on data protection) was published in Official Journal of the European Union L 119, 4.5.2016, p. 1–88.

[10] The Strengthened Code of Practice on Disinformation 2022, available with other information at https://digital-strategy.ec.europa.eu/en/policies/code-practice-disinformation; Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions, European Commission Guidance on Strengthening the Code of Practice on Disinformation, COM/2021/262 final; Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions, Tackling online disinformation: a European approach, Brussels, 26.4.2018, COM (2018) 236 final. For a summary see: Andrea Renda, The legal framework to address “fake news”: possible policy actions at the EU level, European Parliament, 2018.

[11] ECHR, decision of November 25, 2021, application no. 77419/16.

[12] Argeș Court, Civil Section, Decision no. 1908/2016, available in rolii.ro. In detail: Daniel-Mihail Șandru, “Hierarchization of values and fundamental rights in journalistic activity”, Dreptul Magazine, no. 4/2020, p. 74-85, available at https://ssrn.com/abstract=3525611.

[13] In detail: Alexandru Georgescu, Irina Alexe, Daniel-Mihail Șandru, “Clash of values: the Romanian law on free access to information of public interest and the protection of personal data”, Romanian Journal for the Protection and Security of Personal Data (RRPSDCP), no. 2/2020, p. 24-33.

[14] See the recommendations from the study: ”The fight against disinformation and the right to freedom of expression”, 2021, p. 11-12. In particular, we mention the fact that the authors of the study believe that art. 22 GDPR should be amended: „The principles of data protection should be revised to prepare the regime for the economy dominated by artificial intelligence (AI). The ‘data protection by default’ principle should be applied as it is currently breached by most online consent forms.”

[15] Daniel-Mihail Șandru, “The principle of transparency in the protection of personal data”, Pandectele Române, no. 4/2018, p. 59-69.

[16] Daniel-Mihail Șandru, “The fairness principle in personal data processing”, Law Review, 1/2020, p. 60-69.

[17] Daniel-Mihail Șandru, “The principles of integrity and confidentiality in the protection of personal data”, in Supplement Public Law Review, 2018, p. 39-46.

[18] Daniel-Mihail Șandru, “Principles of data protection – from theory to practice [Principles of data protection – from theory to practice]”, Curierul Judiciar, no. 6/2018, p. 364-366.

[19] For example, in a presidential ordinance procedure, the court emphasized the role of the principle of proportionality: „proportionality of the measures is one of the important criteria that must be taken into account by the court when pronouncing the solution in the matter of the provisional protection of personal rights, the judge’s intervention will be limited to the measures strictly necessary to put an end to the illegal action. The use of subjective statements (…), which exceed the limit of an exposition or explanation of facts, is not likely to serve a public interest, but through such statements, the good professional reputation and image of the applicant in the business environment could be seriously injured.” District Court 3 Bucharest, Civil Sentence no. 7116/2020, available at http://rolii.ro/hotarari/5f938757e49009a804000183.

[20] Article 29 Working Group, Transparency Guidelines under Regulation 2016/679, 17/RO, GL260 rev.01, adopted on 29 November 2017, as last revised and adopted on 11 April 2018, available at address https://www.dataprotection.ro/servlet/ViewDocument?id=1601.

[21] European Commission Guidance on Strengthening the Code of Practice on Disinformation.

[22] The social media posting of a photo that belonged to another person with a comment about the regime in Ukraine was debunked by careful research of the photo. Also, some facts can be verified with the help of the authorities. It was claimed on a social network that a young Russian man had been killed in Germany, but the authorities indicated that there was no such event. Sometimes the principle of accuracy is applied to some deepfakes. See: DW, Fact checks: Fake news thrives amid Russia-Ukraine war, https://www.dw.com/en/fact-check-fake-news-thrives-amid-russia-ukraine-war/a-61477502 ; on the role of privacy protection in relation to deepfakes: Tee Wee Jing, Raja Kumar Murugesan, “Protecting Data Privacy and Prevent Fake News and Deepfakes in Social Media via Blockchain Technology”, in vol. Mohammed Anbar, Nibras Abdullah, Selvakumar Manickam (coord.), Advances in Cyber Security, Springer, 2021.

[23] Also see: Manny Cohen, “Fake news and manipulated data, the new GDPR, and the future of information”, Business Information Review, 2017, Vol. 34(2) 81–85; Tal Z. Zarsky, “Privacy and Manipulation in the Digital Age”, Theoretical Inquiries in Law, vol. 20, 1/2019, p. 157.

[24] Daniel Mihail Șandru, “The right of access of the concerned person in the relevant jurisprudence”, Romanian Journal of business law, no. 4/2017, p. 21-26.

[25] See, e.g., Reuters Fact Check, Fact Check-Photo of man with Nazi tattoos does not show Ukrainian prisoner of war, 30.06.2022, https://www.reuters.com/article/factcheck-nazi-tattoos-idUSL1N2YH27Q.

[26] See the Press release: Fichier de lobbying: sanction de 400 000 euros à l’encontre de la société MONSANTO, 28 juillet 2021, available at https://www.cnil.fr/fr/fichier-de-lobbying- sanction-of-400-000-euros-lencontre-de-la-societe-monsanto.

[27] OECD, Disentangling untruths online: creators, spreaders and how to stop them, 2022.

[28] Sarah Eskens, Natali Helberger, Judith Moeller, “Challenged by news personalisation: five perspectives on the right to receive information”, Journal of Media Law, Vol. 9, 2/2017, p. 259-284.

[29] See: Maksym Gabielkov, Arthi Ramachandran, Augustin Chaintreau, Arnaud Legout, Social Clicks: “What and Who Gets Read on Twitter?”, ACM SIGMETRICS / IFIP Performance 2016, Jun 2016, Antibes Juan-les-Pins, France, https://hal.inria.fr/hal-01281190/document ; Daniel-Mihail Şandru, ,”Impossible coexistence between data protection and virtual communities? What’s next?”, Pandectele Române, no. 1/2018, p. 17-25.

[30] What happened to the https://aktual24.ro website, which was blocked without any prior information and without any reason. See a summary: Iulia Bunea, The website Aktual24.ro, blocked in Romania, along with other Russian sites for fake news. ActiveWatch: the decision is not only lacking in factual substantiation, but also suggests a gross lack of professionalism, https://www.paginademedia.ro/stiri-media/aktual24-blocat-fake-news-20625336, 03.04.2022.

[31] Debates on the application of GDPR principles by social networks are ongoing. The principle of limiting data storage, their transfer to the United States, transparency of data processing, etc. are concerned. See: Daniel-Mihail Şandru, “Liability of the administrator of a page hosted on a social network. The quality of data controller in the sense of the data protection regulations”, Dreptul, no. 7/2019, p. 160-174; Adriana-Maria Șandru, Daniel-Mihail Șandru, “Consequences of the likes: the Fashion ID case, C-40/17, continuity and novelty in the interpretation of the data controller concept in European Union law”, Pandectele Române, no. 5/2021, p. 119-124.

[32] See e.g. The Strengthened Code of Practice on Disinformation 2022.