Customs of Social Media and Data Protection

By July 24, 2019 October 28th, 2019 blog
Social Media and Data Protection

Abbey Pallett, Digital Manager at Manan, discusses customs of social media and data protection in relation to recent changes.

In 2018 we learned that up to 87 million members of Facebook had unknowingly had their data harvested via a quiz article shared on the platform. Their information and that of their friends had then been passed on to Cambridge Analytica – a political consultancy firm who are alleged to have used it to influence the outcomes of the 2016 US presidential election and the UK Brexit Referendum.

In light of these findings, Facebook has made it easy for users to see what data the website holds on them and given shortcuts to privacy setting editing, as well as the ability to download all data held and request it be deleted. If you’ve taken a look yourself, you’ll no doubt be surprised at just how much Facebook knows about you. It includes all data held by third party applications and websites too – so all those times you opted to ‘sign in with Facebook,’ within an app or on a website, you were inadvertently allowing these companies access to your data.

Secure your settings

The Facebook settings menu is now divided by category and fits succinctly on one screen – from here you can tweak your personal, security, privacy and notification information and more. There is even a ‘privacy shortcuts’ option to further shorten the process. So, you can now stop ‘x’ing’ out of data review requests on your socials and take back control over what the web knows about you!

G D (don’t say it) P R!

Anyone with an email address will have recently experienced their inboxes filling up with emails to the tone of ‘please opt in’ or ‘don’t leave us’. Perhaps you even sent them yourselves! In the run-up to the law taking effect on April 25th 2018 there was no getting away from the setting up of sending rights!

Put simply, the new EU General Data Protection Regulation law addresses the data privacy of all individuals within the European Union and concerns how we collect, store and use any data that could personally identify someone. It includes informing people of the processes of how their information is used and stored, who has access to it and when/if it will be deleted within a given timeframe.

It also enshrines affording people the choice to opt in or out of having their details used in any given way whether that be to send them a letter, include them on an email database or use them as a testimonial for your business.

Principal to this is the ‘right to be forgotten’ –  whereby individuals can request that all of their data be completely expunged from a company’s records, a database, a server etc. – and in accordance with GDPR it absolutely must be – unless you want to pay a sum that can stretch into the millions.

Thankfully the law doesn’t apply to transactional relationships i.e. those with existing relationships. Otherwis,e how else would we continue to shop online? However, if you are storing lots of personal data and/or regularly sending out communications it is in your interest to read up on how the law might affect you.

Social media: the specifics

Whether you’re a ‘poster’ or ‘peruser’, navigating the online world of snapping, sharing and status updates whether professionally or personally can be a minefield at the best of times. Do you tag someone in a picture or don’t you? Will they be flattered that you want your and their friends to know that you were together at an event or will they be offended, not like the lighting or not want to be outed as being somewhere when they told a loved one they were busy that night?

The best policy is to always ask when sharing any multimedia or personal information about an individual or even a company. Some companies even have strict brand guidelines when it comes to all types of media. If you wouldn’t want a piece of information that concerns yourself out in the public domain – don’t publish it about another person or entity.

By a similar token, it is ill-advised to equate the sharing of a photo, video or other information with permission to use it. Don’t assume that the content is ‘free to use’ simply because it has been posted or that because you know the clinician/technician/sales rep/business that you can publish by proxy or on their behalf. A quick correspondence to request permission not only allows you to request consent but open ups a line of dialogue that may prove beneficial in the future.

This doesn’t just apply to posts but to social media messaging systems too.

It is important to remember that within a medical capacity it is unethical and illegal to share medical information without the explicit permission of the individual, especially if they could be identified by it. Apply the patient confidentiality and consent test before hitting the ‘post’ button. To protect yourself – take an ‘edit then publish’ approach in all that you post online as given the fire-like spread of digital information these days you can’t always do the reverse! Everybody loves a bit of controversy but not the kind that lands you in court or with a massive fine.

All leading social networks have their own privacy policies and GDPR regulations that govern and protect users of them in all aspects of their respective websites. Social networks or APIs for the display of feeds on your website are known under the new law as a ‘third party’ which you must mention specifically in your own privacy policies if using.

The take home

We take it for granted, but we really are living in an information-rich age, one where especially in our professional lives our information is considered a commodity and we should treat it with respect and for the purpose intended. GDPR is akin to the Telephone Preference Service but with bells on – and rightly so as it benefits all involved.

According to the law nobody need have their information used or held without consent or unnecessarily. So those emails you weren’t much interested in anyway no longer need to clog up your inbox. And on the other side of the coin, you can send tailored communications and content out to those who positively want to be contacted by you which in turn keeps you and your audience happy – but most importantly of all, everyone compliant!



Leave a Reply