This post is a slightly more structured version of the report I presented at the end of the first day, with the slides available here. It’s reconstructed from speaking notes and is presented to give virtual attendees a chance to sample my dubious words of wisdom. I should add that I’m very happy to receive comments either on the presentations or indeed on questions that you think we are not addressing, and undertake to incorporate as many of them as I can into my report at the end of day two. So please do add comments and questions to this post!

The use of social media and various technologies by the conference participants (tag idp2009) has been useful, but it also underlines the importance of being critical friends rather than unabashed fans. With the experience of many attendees in the use of social networking sites, as well as the research and regulatory dimensions that others are familiar with, there is a strong responsibility on each person to highlight problems, potential gaps in the legal or political systems, and long-term implications. So far, we have seen this done in particular through questions from the audience. However, we cannot forget (and this was underlined through a show of hands) that we, the conference participants, are more likely to understand (and amend) our privacy settings than the public at large…

If someone had come along from the EU’s fabled Article 29 Working Party, they would most likely have shed a few tears of joy at just how influential its recent recommendation on online social networking (5/2009) has been, particularly the explanation given by Esther Mitjans. It has shaped the terms of our debate today, and while WP documents are not necessarily accurate predictors of further legislative action, it stands for itself as an important part of the debate, though with the note expressed by some questioners in the third session of the day that aspects of it may be unrealistic. There are good links here with Antoni Roig’s discussion of ethical engineering and how this is reflected in the opinion.

James Grimmelmann’s keynote address asked us (or wondered if we should or how we could) save Facebook, based on his forthcoming Iowa Law Review piece. Setting out the possible harms and the available solutions, he was conscious of the way in which users can pose threats to each other, but also of the weaknesses of quick legal solutions.

Two (living but absent) ghosts did affect our deliberations. The first was Boril Lindqvist, the well-meaning Swedish churchgoer who published information (including sensitive personal data) on a parish website, the subject of legal proceedings that went all the way to the European Court of Justice and forms the backdrop to the A29 opinion and the enduring idea that data protection in the EU is ‘different’. Mitjans’ discussion on both limitations and new vulnerabilities reflects the problems that the Court had with Lindqvist’s case and the various calls for reform of the Directive. The second presence is that of Lori Drew, who was charged with a computer misuse offence in the US in respect of her use of MySpace for what is sometimes termed cyberbullying, disobeying terms of use and being accused of unauthorised access on that basis. Just this weekend, we have learned that her conviction has been overturned, and this does indicate that shoehorning every social harm into narrow(er) legal categories is still resisted, but the broader conversation on age verification and on responsible use of social networking sites has been brought to us today, particular by Pablo Perez.

The reason that this conference comes at such a useful time is highlighted by how three news stories in the UK that have been published in the past 24 hours illustrate the academic questions that we have been discussing. These stories were: the disclosure that the new head of intelligence service MI6 (yes, the James Bond one) is the subject of family photos published on Facebook by his wife [an illustration of social risk assessment as presented by Grimmelmann but also of just how pervasive ‘youth’-driven social networks are outside their core constituency!], the announcement that Phorm has lost its agreement with ISP BT to use deep packet inspection to provide contextual advertising [showing the power of privacy activism, usefully compared with the fuss on Facebook Beacon that Grimmelmann relied on so clearly, but also the unresolved issue of monetising that Barbara Navarro was very honest about], and finally the decision of the Press Complaints Commission that the Sunday Express should not have published its controversial story on the ‘Dunblane survivors’ based on publicly available Facebook profiles [the background to which can only be understood after hearing Antoni Roig’s dissection of human dignity as a fundamental right and Franck Dumortier’s analysis of decontextualisation and Facebook].

IP was on our agenda today, too, with Jane Ginsberg and Alain Strowel drawing on the ludicrous nature of some terms of use, but also going deeper into the operation of copyright in ‘web 2.0’ and how different types of use and distribution engage various aspects of the law in the US and EU. It was an important reminder that copyright is a multifaceted concept and that, where issues are unresolved, new web services highlight those issues and bring them to the forefront of legal and public debate. Questions like the definition of an intermediary, or even the narrower category of a ‘host’, do deserve full consideration, and the inconsistent approaches taken even within one jurisdiction makes it difficult to establish what the true rules are.

Some questions, then, as we move into a slightly less ‘legal’ set of presentations in day two. What will we do with these new websites, as they become established – and how will we stay safe? Are social network sites and the corporations that back them too powerful? We have seen useful academic work on search engines, and there is increasing interest in applying such analysis to our new friends in Facebook, MySpace, Twitter…and indeed, we may have reached a point where there is sufficient information and evidence to make some serious decisions on whether changes are needed (or indeed not needed) to relevant legal provisions. In earlier conferences I have attended, ‘wait and see’ has been a strong meme, but my impression of today’s discussions is that some questions, such as the terms of use debate, have reached a point where intervention will either happen and happen properly or be set aside as wholly undesirable or inappropriate. Please do follow our proceedings on day two as we try to answer (some of) these questions!