Did you know that naming someone ‘fan of the week’ could end up costing you €1 million? Me neither! Not until I had a facebook message from one of my page likers that got me looking at how the Data Protection Act could affect page owners!
It all started earlier this year when I developed a new social media habit…
I simply started welcoming people to my facebook page with a message with their name in it. I’d seen other pages doing it, and, after a little thought, decided it would be well-mannered to do the same.
But then I received a message on Facebook asking me if I’d thought about the implications of the Data Protection Act in doing this.
It had crossed my mind in fact, but as I know that when a person likes a page it is made public in their own news stream, I didn’t think it would be a problem … though I have to admit it is not an action I would recommend if the page had any kind of sensitive nature, like a counselling practice or selling lingerie!
But my correspondent had disclosed that he was a lawyer and had spent a lot of time advising on the DPA when it first came out, and I am the kind of person who likes to know I’m doing the right thing … After all I wouldn’t want to be leading you down the wrong path!
So I decided to investigate further in order to report back to you and maybe change my own practices.
I started by questioning my helpful lawyer friend a little further. Although he had mainly worked in relation to health sensitive data he was able to give me some points to think about.
He said that any business with access to personal data has responsibilities under the DPA to use that information in accordance with the principles of the DPA. The obligations vary depending on the nature of the data, for example data about health has a higher burden.
Obviously liking a page on Facebook is not generally likely to expose any sensitive health data but if you have a page that relates to this in any way you might want to be aware of that. Or, of course, anything else that could be considered sensitive; race, religion and sexual orientation are a few more examples of potentially sensitive data.
But what about the majority of page owners? What do we need to look out for? Can we post about those that like us or not?
Well, first things first, you might have a Facebook page but you do not own it! The space you are using belongs to Facebook, but just like renting space for a shop, if someone decided to sue you it would be your responsibility not Facebook’s.
You also need to know that there has already been plenty of controversy over Facebook’s privacy policies and data protection. Last year the German State of Schleswig-Holstein even banned use of the Facebook like button on websites because they believe Facebook builds profiles of both users and non-users with data collected by the Like button. If this is true, which facebook denies, it would violate European data protection laws.
It must be mentioned at this point that as that data (if it is collected) is not collected or used by the page owner we unlikely to be under any threat from that, but this could change. Particularly if a similar ruling comes in throughout Europe, which places the onus on the website owner to remove the like buttons or be fined. Although those like buttons that show the faces of those that have liked your facebook page on your website could lead you into trouble.
One of the biggest problems with figuring out what is and is not ok, is that fact that the Data Protection Act came out in 1998.
Internet use was spreading at this time but sites like Facebook weren’t anticipated even!
But, the EU justice commissioner, Viviane Reding has plans to modernise data protection laws.
In her speech announcing these proposals, she makes it clear that they are not trying to harm businesses and SME’s particularly have less of a burden than businesses with over 250 employees.
However the new proposals will mean that privacy for the individual when using social networking sites, is fully integrated throughout the Data Protection Act.
To give you an example, one of the things proposed is “privacy by default”. This means that instead of having to adjust your settings for privacy, your profile would have this as a matter of course.
Although these proposals were put forward in January, they could take up to 2 years to become law. So as Facebook page owners it seems important to stick to “acting in accordance with the principles of the DPA.”
These principles are set out below.
- Companies may not store data other than for a specific purpose.
- Companies may not pass data along to a third party without consent.
- Personal information may not be stored for longer than necessary and must be kept up to date.
- Personal information may not be sent outside the EU without consent or adequate protection.
- Individuals have the right to request what data is held about them (with exceptions such as data that may prevent a crime).
- Larger organisations with complex data processing must register with the Information Commissioner’s office.
- Company departments must have adequate security in place (both actual and organisational).
- Subjects have the right to have factually incorrect information corrected.
And the most pertinent issue here is that companies may not pass data along to a third party without consent.
Let’s imagine this in the worst case scenario for a moment, and pretend you are in court as for this, what are the arguments your lawyer and the prosecution lawyer could use to decide the case?
Your Facebook page might be compared to an email newsletter, a person who wants a news letter expects to give their name and address to receive that, and they are told exactly what will and will not be done with their email address. They are also offered boxes to tick to allow or deny specific actions.
When people ‘like’ your page they know that, depending on their privacy settings, people that they are friends with on Facebook will see this. They know they will see postings on their newsfeed unless they unsubscribe. And hopefully they are also aware that if they comment on a post or post on the pages timeline, then their friends will see this too, and that, subject to their settings, it may be visible to friends of friends and possibly beyond.
Because of this open sharing of information is inherent in Facebook’s philosophy and structure it could be argued that permission to talk to or about people that have liked your page is implied.
But the prosecution could argue that by posting a ‘thank you’ on the wall which included names, as I was, or highlighting a ‘fan if the week’, that it is the same as sharing their email addresses without implicit permission.
The thing that could swing the jury is that the person you have named could then be easily found and contacted through facebook.
(Although I have to say it really isn’t that easy to find and contact complete strangers through Facebook, particularly if their name is shared by lots of people or if they have adjusted their privacy settings well!)
It’s also worth noting that facebook no longer discloses the names of likers to people viewing the page (unless they happen to also be friends). So it seems they are working harder to protect the identities of likers whilst maintaining their ‘sharing amongst friends’ philosophy. And you should know that this doesn’t just apply to names but also to other identifying data,things like date of birth, passport numbers, ISP addresses and more.
Now I can’t definitively say whether you would win or lose this fight in a court of law, so far there hasn’t been a case like this. But the fact that the fine stands at €1 million means I wouldn’t want any of you to be that test case! And as I wouldn’t want it to be me either (and more importantly I wouldn’t want to upset or offend anyone who has liked my page!) I have stopped thanking people that like my page by name.
For more information or specific advice look up the Information Commissioner’s website or call them.
* * * * * * * * * * * * * * * * * * * * * * *Stop Press* * * * * * * * * * * * * * * * * * * * * *
A Canadian has just filed a suit against Facebook as she views her image being used in sponsored stories as a violation of her privacy.
I’ll keep an eye on this and bring you more news as it develops but in the meantime you can read more about it on webpronews.com http://www.webpronews.com/facebooks-sponsored-stories-get-taken-to-court-2012-04
Over to you – Do you worry about being targeted by marketers on facebook or do you love sharing what you love? Let me know in the comments below!
Oh and PLEASE share this with all the page owners you know – I really wouldn’t want anyone to get caught out (Don’t worry you have my full permission and I promise I won’t sue you for it!)