“Good regulation in cooperation with providers and internet companies is more important than the expansion of criminal law on this subject”, Van der Hof, professor of Law and the Information Society at Leiden University says.

You came up with the word ‘identity hack’. Was there no word for this type of case?
No, because what is happening to Freek cannot be called bullying. Nor is it a case of identity theft. What has happened here is that Freek has lost control over his identity, for which no legal term exists yet. We know what hacking is of course, but this is a new form of criminal act that has no legal definition yet.

Does this also means that you cannot file a police report if you are the victim of an ‘identity hack’?
That is correct. If something like this happens to you, you can only file a report based on the possibilities the law provides. You could file a report for slander or defamation, a copyright infringement or even possibly a violation of the Declaration on the Right of the Child. We have a stronger legal position to take action against ‘identity hacks’ if this case is proven in a court of law. Besides, any Internet user has to agree to the terms and conditions of the internet service he subscribes to, for instance those of Facebook. Those terms have rules of conduct to which the user has to adhere. Facebook can take action when those terms and conditions are violated.

Do Freek's parents have a strong case?
They do if slander and defamation are proven in court. The facts that the suspect of this ‘identity hack’ is known and is Dutch like Freek help. Yet legal action may not be the best solution in this case. Consider the consequences of a criminal case: legal procedures are lengthy and the police may not give it high priority. More often than not the information posted on the Internet remains online.

What would your solution be?
The answer may lie in European data protection regulation, which makes it easier to remove data – like fake accounts – from the Internet. Unfortunately, due to delays it is not yet clear when this proposal, the General Data Protection Regulation (GDPR), will be adopted.

This proposed regulation centres around the idea that individuals should have more control over their personal data and information. It will provide not only the right to have data removed, but providers and Internet companies will also be required to play an active role in that removal. This provides users with a means to better control and retracts data from the Internet. Good regulation in cooperation with providers and Internet companies is more important than the expansion of criminal law on this subject. After all, those companies store your data.