Skip to content

Social networks – a legal minefield for data protection

Mark Zuckerberg demonstrating networksTools on social media sites that invite you to upload your list of contacts may be encouraging you to break the UK’s Data Protection Act and the EU’s Privacy and Electronic Communications rules.

This is my personal opinion. I am not accusing any company of doing anything illegal, and in fact nothing I mention in this article is illegal until someone complains to a court of law and that court of law writes a precedent.

I raise this, though, because it is the most important reason, in my view, for all companies to implement a corporate social networking responsibility policy. All companies have a legal responsibility to protect and keep private any personal data they hold about customers. If you were to send your customer list to a third party without the consent of each person on the list, you would be liable to prosecution. So why are social networks allowed to encourage people to just upload their address books willy nilly?

Facebook contact importer

Picture the scene. A member of your staff creates a Facebook page. During the page creation process, they use the contact importer to import a list of contacts to send messages to, promoting the page. Their list of contacts, possibly from their Outlook address book, will include some of your customers. Business contacts.

Now, I’m not saying Facebook is doing anything immoral or unfair with that data, but that makes no difference. There’s a clause in UK law which states it is an offence to pass data to a country that doesn’t have the same data protection as we have, and that includes the USA. Theoretically, you could be breaking the law just by passing your data from your computer to a website based in the USA.

Should we be concerned? Well, I’m sure Facebook’s handling of data is honourable, but what it is using that data for internally needs to be questioned.

Ireland’s Information Commissioner is currently investigating Facebook Ireland, accusing it of profiling people from third party data that users upload. Facebook denies this, saying it only keeps email addresses of invited people so that the person inviting them can be informed when they join. That’s common practice on many websites.

The main point for companies to consider, though, is not whether any website is doing anything right or wrong, but whether you are staying within the law while passing your customers’ data to third parties. All companies should have a policy to say not only what websites staff can use for work, but also what tools on those websites are off limits.

Please share this article:
Published inGeneral Thoughts

Be First to Comment

Leave a Reply

Your email address will not be published. Required fields are marked *