The use of social media has exploded over the past decade, writes Georgina Perrott, Solicitor at Birketts LLP. Social networks have become an important tool for businesses, offering an increasingly useful way of communicating with customers or simply monitoring their activity.
The ease of posting on social media, the limitless lifespan of each post and its ability to go viral as contrasted with traditional types of media means privacy and data protection are key concerns.
With the implementation of the General Data Protection Regulation (GDPR) approaching, now is a good time to review use of social networks and the associated privacy issues in relation to both members of the public and employees.
Despite being seemingly willing to share personal information on social media, users remain concerned about their privacy and the use of such information.
The conditions for obtaining user consent, where it is required, are stricter under the GDPR. To rely on a user’s consent, it must be specific, informed, unambiguous and freely given; organisations should make it clear what exactly users are consenting to and inform them of their right to withdraw consent at any time.
Where possible, users should have a choice as to how their information is used. Maintaining users’ trust is key, and to that end, security should also be made a priority.
Individuals have enhanced rights under the GDPR. Of these, one of the most relevant to social media is the strengthened ‘right to be forgotten’ which aims to assist an individual to remove personal information from the online environment.
To prevent it becoming a ‘super right’ the right to erasure is qualified by certain exemptions, one of which is freedom of expression. If, for example, an organisation receives a request from an individual for its personal data to be deleted but one of the places where such personal data appears is in a news article protected by freedom of expression, then that article does not have to be deleted.
The strengthening of this right and the need to consider any relevant exemptions will make compliance more complex for organisations.
As well as considering the privacy of members of the public, thought needs to be given to employees and future employees. In June, the Article 29 Working Party published a new opinion on the monitoring of employees which includes commentary on social media vetting during recruitment and in-employment screening.
Whilst the policy does not have direct legal effect it is likely to be relied on by regulators. It states that, merely because information about a candidate is publically available on his or her social media profile, employers should not assume they are allowed to process that data for their own purposes.
A legal ground, such as legitimate interest, is required for such processing. The information must be necessary and relevant to the job in question and candidates must be informed that social media vetting is to take place.
Whether the social media profile is related to business or private purposes is a relevant consideration.
In respect of employees, the screening of employees’ social media profiles should not be taken on a generalised basis.
The use of social media will be impacted by the imminent GDPR and this article highlights some of the areas to review in respect of privacy and data protection ahead of its implementation.
In addition to privacy issues, businesses using social media should consider other relevant legal issues such as managing employees’ use of social media and ownership social media accounts.
• You can call Georgina Perrott on 01223 326635 or email her at georgina-perrott [at] birketts.co.uk
from Business Weekly http://ift.tt/2h1XuvL