Social media agency: Germany, privacy, Facebook, and GDPR
Since the beginning of 2018, Smoking Gun has been covering the increasing lack of trust between consumers and social media— and Facebook in particular— more than ever before. We even published a report on the subject within the context of earned media, which is free to download here. Now a European court ruling has decided that Facebook is indeed breaching privacy rules, and the fallout could be significant.
On Monday 12th February reports hit UK press that a regional court in Berlin has ruled that Facebook’s use of personal data and privacy settings are in direct contravention of German consumer law. It’s big news from a social media agency perspective.
The decision was based on a range of factors, which include:
*Facebook default settings not ‘privacy-friendly’ hidden from users
*Insufficient information offered regarding privacy when new users sign up
*Location services pre-activated
*Settings allowing search engines to link to users’ timelines pre-selected
*Invalid Terms of Service , including those that allow Facebook to transmit data to the US and utilise this for commercial purposes
*Authentic Names policy deemed to be unlawful
So what happens next?
Facebook is, unsurprisingly, preparing to mount an appeal, claiming it is ‘working hard to ensure that our guidelines are clear and easy to understand, and that the services are in full accordance with the law.’
Perhaps what’s most interesting, though, is the fact Facebook has also promised to radically overhaul its privacy settings in the near future, largely due to the impending roll out of the General Data Protection Regulation, a wide-reaching and sweeping set of laws that will govern how data can be used across the EU.
The General Data Protection Regulation, just in case you didn’t pick up on that in the last paragraph. Basically, once this becomes European law— 100 days from today (25th May 2018 to be exact)— it will introduce certain requirements that brands need to get familiar with in order to safely use data for commercial purposes without risking falling on the wrong side of the authorities. The two most important bases for brands to use personal data will be:
*Consent – has the customer or individual elected to allow the company access to their data and agreed for it to be used?
*Legitimate interests – Does the company have an established relationship with the customer or individual, AND would they reasonably expect the specific types of data processing the company engages in to be carried out after their information is collected?
We’ll be looking at the implications and opportunities that come with GDPR in the coming weeks to ensure all our blog readers, clients, and partners are prepared for the big switch, and understand exactly how to make the most of this brave new world.