For each of those two special cases you cite, there is probably more adequate legislation than IT crime law that should be put to work:
- data protection laws or privacy laws would normally create larger obligations on providers of social network services not to be unnecessarily sloppy with security. They would also effectively put an end to mass-hacking of social web personal pages for the purpose of using personal information in a way which was not approved by the private person.
But it is a big difference if the law incentivises Twitter to make it difficult to misappropriate my account because I should be in control over my data/my identity and makes any collection or use of the data illicit if not done with my permission, or if the law penalises people who are acting immorally against Twitter. IT crime laws do the latter - the EU GDRP for instance attempts to do the former, although the text is rather watered down.
On spamming problem, there are really two types of legislation that deal with that problem that are already outside of IT crime laws: the laws on direct marketing and in particular unsolicited marketing (in the EU, we have defined which types of electronic advertisements by e-mail or similar (if I remember) are permissible and therefore, by exclusion, exempted other types of electronic advertisements from being legit). In theory, one could probably have specific spamming enterprises investigated at least by consumer authorities in Europe.
But also, the personal data protection laws would still apply, and as in the case above.
For each of those two special cases you cite, there is probably more adequate legislation than IT crime law that should be put to work:
- data protection laws or privacy laws would normally create larger obligations on providers of social network services not to be unnecessarily sloppy with security. They would also effectively put an end to mass-hacking of social web personal pages for the purpose of using personal information in a way which was not approved by the private person.
But it is a big difference if the law incentivises Twitter to make it difficult to misappropriate my account because I should be in control over my data/my identity and makes any collection or use of the data illicit if not done with my permission, or if the law penalises people who are acting immorally against Twitter. IT crime laws do the latter - the EU GDRP for instance attempts to do the former, although the text is rather watered down.
On spamming problem, there are really two types of legislation that deal with that problem that are already outside of IT crime laws: the laws on direct marketing and in particular unsolicited marketing (in the EU, we have defined which types of electronic advertisements by e-mail or similar (if I remember) are permissible and therefore, by exclusion, exempted other types of electronic advertisements from being legit). In theory, one could probably have specific spamming enterprises investigated at least by consumer authorities in Europe.
But also, the personal data protection laws would still apply, and as in the case above.