Legal implications … this time it’s all about the data

Vanessa Barnett, Internet lawyer

28 November 2007

The main bit of law …

The Data Protection Act says all “personal data” must be processed in a “fair and lawful” manner

(In a nutshell) “fair and lawful” means that any personal data uploaded by users must only be used for the disclosed purposes it was uploaded for, held legally, held for no longer than necessary and there must be controlled access to that personal data

The “disclosed purpose” is KEY

When a user signs up to Facebook the privacy policy discloses how their personal data will be used

It’s all driven by Facebook’s Principles:– “You should have control over your personal

information”– “You should have access the information others

want to share”

Facebook tells users …

“… third party developers who have created and operate Platform Applications ("Platform Developers") may also have access to your personal information (excluding your contact information) if you permit Platform Applications to access your data. You may opt-out of any sharing of certain or all information through Platform Applications on the Privacy Settings page. ”

http://www.facebook.com/policy.php

Facebook tells developers …Treat users' privacy with the same respect we do. If you directly collect personally identifiable information from users, you must post a privacy policy detailing what you'll do with that infoBe honest and accurate about what your application does and how it uses information from Facebook usersOnly show information from Facebook Platform to a user if you retrieved it on behalf of that particular userTo assist with performance cache user information only for up to 24 hours

It really all boils down to this …

tell users what data you are going to collect

tell users how you will use their data

ESPECIALLY IF YOUR USE IS WIDER THAN THEIR GENERAL EXPECTATIONS FROM THE FACEBOOK PRIVACY POLICY

then REALLY IMPORTANTLY stick to what you’ve told them!

And if you don’t, beware!

Risk being investigated by the Information Commissioner which can be VERY damaging for PR (e.g. HM Revenue & Customs recently!)

RISKS HIGHER WITH LARGE USER BASES/HIGH PROFILE APPLICATIONS

And the Information Commissioner has got some teeth: COURT ORDERS, FINES AND JAIL TIME

A quick word about spam electronic marketing

It’s not a Platform Developers holy grail

users must OPT IN for electronic marketing

Thank you

If you would like a copy of this presentation please email vanessa.barnett@blplaw.com