Skip to content

Beware of tools that break data protection laws

Wolf in sheep's clothingA strange message arrived in my LinkedIn inbox yesterday. A connection copied me into a round robin message which was designed to request a personal recommendation. Unusually for LinkedIn, I was able to see the list of all the people who had been sent the message.

Even stranger, the email notification I received of the same message included all the email addresses of those same people. This is a clear breach of UK Data Protection Law. You don’t need to be a lawyer or the Information Commissioner to know that it is a violation to publicise people’s personal email addresses without their permission.

Who is breaching data protection rules?

The question is, who is guilty of breaking the rules? The person who sent the message was using a third party tool called Erated (more on that below), which created the messages. The data being shared was from LinkedIn, which is bound by the rules of Data Protection but which is unwittingly having its data shared.

So, if I, as a subject of this breach, wish to complain, who would the defendant be? Even without a complaint, this serious breach of privacy should act as a warning to anyone not to use third party tools like Erated.

What exactly is Erated and how does it work?

In order to see how Erated works, you have to log in using your LinkedIn profile – something I am not going to do. I advise you to be equally wary.

Erated login screen

In the FAQ page, which describes how Erated works, we are told, “If you want to consolidate your reviews from your professional network you have come to the right place. We help you to collect ratings from your connections and make a better profile for your self in couple of clicks.”

This sounds all very attractive except for these warning signs:

  • They bill in dollars, which means they are outside the UK Data Protection jurisdiction
  • The fact that they bill at all is a security worry
  • The poor grammar on the site suggests they are a sub-standard company not to be trusted (in my opinion).

Privacy policy is all about you, not about us

The Erated site has an extensive privacy policy that is as good as most others I see. It talks about using your email address in the proper way. It also says the company will store the email of anyone you invite to the system, just so it can send them an invite.

The suggestion that the company is all about privacy protection is paper thin, though, when you notice there is nothing about them sharing all the email addresses of the people you send messages to, using the system.

If you want to lose connections fast on LinkedIn by pissing them off, Erated is for you.

Please share this article:
Published inDigital Marketing

Be First to Comment

Leave a Reply

Your email address will not be published. Required fields are marked *