ISP liability for the automated processing of personal data for political communication. The GDPR applicability to social networking platforms.

The new General Data Protection Rules EU 2016/279, entered into force on May 25, 2018, has established and codified new duties and responsibilities for the Intermediary Service Providers, including social networking platforms, overtaking and completing the preceding regulation. The research at hand, after a brief excursus which retraces within the European and Italian body of laws the legal basis on which the GDPR today ratify new responsibilities, aims at verifying the GDPR enforceability with regards to social networking platforms. To do this it will start from a defining framework for the term “platform” itself and then analyse the concept and its functions, conveying also relevant essays from media and cultural studies. The objective is to analyse the trembling balance between Social Network Providers’ duties and concerned individuals’ rights with specific regards to political communication strategies on social networks. Within the political propaganda framework, in fact, scandals such as the Cambridge Analytica affair broke out, renewing public opinion’s attention on the risks linked to the automated processing of personal data and on the possibilities of data breach. This essay aims then at verifying the resilience of the tools laid out by the GDPR in the field of personal data protection – with specific attention to profiling activities and digital footprints aggregation through algorithmic codes - when they have to be used to the detriment of the interests of major Web companies such as Facebook, which is not new to a quite unscrupulous employment of its users’ personal data.