Technology

What data privacy lessons can business owners take from Facebook’s blunders?

Business Advice | 23 April 2018 | 6 years ago

Companies will be required to take issues of data privacy and consent seriously when GDPR comes into force. When GDPR comes into force, companies of all shapes and sizes will be required to take issues of data privacy and consent seriously or face the consequences. Andrew Stellakis, managing director of Q2Q IT and certified GDPR practitioner, explores what small business owners can learn from Facebook’s recent data mishandlings.

For companies and individuals alike, time is precious. So, when it comes to such menial tasks as reading privacy policies, service agreements, T&Cs and other tedious small print, it would be easy to assume that end users are to blame if they rush through the process and grant consent for their details to be collected only to regret it later.

But that’s not always the case.

Under the GDPR, companies that gather and process personal data will have an increased responsibility to the individuals whose information they hold. They must have consent to collect it in the first place, be transparent about how it’s used and provide the option for data subjects to withdraw consent at any time.

Facebook’s recent revelations about how it intends to gather consent from its users can, therefore, be taken as an example of what not to do.

Facebook’s commitment? to data transparency

On the surface, it seems that the social media giant wants to show that it’s turning over a new leaf after the Cambridge Analytica scandal in which the data of more than 87m Facebook users is believed to have been compromised. In an apparent attempt to rebuild faith in its users, the company has therefore been announcing the various means by which it intends to improve its data processes on its blog with one such post claiming that it’s important to show people in black and white how our products work.

Very true. But Facebook isnt exactly practicing what it’s preaching.

The firm has outlined that in the coming months, it will be asking all users to make choices? about how their data is used including whether they want their Facebook ads to be influenced by third-party data, what profile information they are happy for the company to use and share, and whether or not they want to enable face recognition technology.

In theory, so far so good. But in practice, things are more complicated.

The importance of explicit consent

The ICO’s guidance on the GDPR states that for explicit consent to count, a positive opt-in is required, a clear and specific statement of permission is needed and pre-ticked boxes or any other method of default agreement can’t be used. And this is where Facebook’s attempts at compliance become slightly shady.

Although no boxes are already ticked, there are subtle elements in the newly introduced opt-in? processes that have been raising eyebrows and seemingly blurring the line between GDPR compliance and non-compliance. The opting-in part is simple. There’s a big blue accept and continue? button that when clicked or tapped, lets you carry on as you were.

However, in order to opt-out, there’s a less obvious, white manage data settings? button, that requires you to navigate through to two subsequent pages before you can deny access to your personal data. Whilst not an outright breach of the GDPR, such a convoluted opt-out procedure is certainly not within the spirit of transparency that the legislation is intended to uphold.

What should small business owners be doing differently?

As data protection practices go, Facebook has been setting a brilliant example lately for how not to go about complying with the GDPR. So, what should small business owners take away from these high-profile slip-ups?

Firstly, be open with any individuals whose data you already hold including employees, customers and anyone else about how their data is being used. You should conduct an audit of all the sensitive information you have on your systems and document how this was obtained, how long you intend to keep it and the measures you’ve implemented to protect it.

Secondly, only store the minimum data required. Does Facebook really need access to your biometric data (via facial recognition) or other sensitive information (including your political and religious views) Probably not.

Unless, of course, you also want them to be able to recognise you in your photos, your friends? photos and most worryingly other people’s photos who you may not even know. So, ask yourself the same question when it comes to the data you have on file. This is one case where keeping extra details just in case? isnt the safest option.

Thirdly, when it comes to collecting individuals? information, you should obtain their explicit consent to do so. Crucially, make it clear that they can opt-out of this agreement at any time and be sure to provide a straightforward way for them to do this.

For example, if it’s a mailing list that you’ve signed someone up to, ensure there’s a clear unsubscribe? option to select. don’t follow Facebook’s example of making it easier for individuals to provide consent, but convoluted to revoke or object to giving it in the first place. At best, that’s not in the spirit of the new law, and may even be considered an outright breach.

And finally, ensure the data you hold is properly protected. don’t share it with other people unless you’ve explicitly been granted permission by the individual to do so. Make certain that you have effective security measures in place to safeguard it against a potential breach. And remember the personal data your business uses is only ever borrowed, not yours to use as you please. The GDPR is all about respecting that fact.

Q2Q IT is an IT support specialist, providing monitored systems support and GDPR compliance assistance to SMEs across the North West of England.

Facebook to launch a new game-changing feature in Messenger

Topic

Technology

Related Topics

Exploring the Immersive World of VR Development: Applications and Opportunities
25 September 2023

Exploring the Immersive World of VR Development: Applications and Opportunities

Read More →
How to Effectively Manage Remote Teams in Today’s World
30 August 2023

How to Effectively Manage Remote Teams in Today’s World

Read More →
Why Call Recording is Crucial to Managing Customer Relationships?
8 August 2022

Why Call Recording is Crucial to Managing Customer Relationships?

Read More →
Four Ways to Improve Your Employees’ Digital Experience
18 July 2022

Four Ways to Improve Your Employees’ Digital Experience

Read More →
No Need for Code: The Advantages of Using Website Builders
15 June 2022

No Need for Code: The Advantages of Using Website Builders

Read More →
Top Tech Platforms to Help SMEs Navigate Hybrid Working
21 March 2022

Top Tech Platforms to Help SMEs Navigate Hybrid Working

Read More →

If you enjoy reading our articles,
why not sign up for our newsletter?

We commit to just delivering high-quality material that is specially crafted for our audience.

Join Our Newsletter