Tag Archives: data protection

ICO consulting on possible data protection code of practice for the press

ICO consultation doc data protection

Last week the Information Commissioner’s Office launched a “short public consultation” on proposals for a code of practice for the press in the Data Protection Act.

According to the ICO website this follows a recommendation from Lord Justice Leveson for the ICO to “prepare and issue comprehensive good practice guidelines and advice on appropriate principles and standards to be observed by the press in the processing of personal data”.

The consultation was sent out last week, and closes on Friday 15 March. The ICO website states:

This short public consultation on the likely scope and content of the proposed ICO code of practice is an important first step in ensuring our stakeholders have an opportunity to let us know their views and engage in constructive dialogue to develop a common understanding of how data protection legislation applies to the media. This will be followed by a full public consultation on the code itself.

In the consultation document the ICO adds:

The code will not contain any new legal duties – the purpose of such codes is to promote good practice and observance of the requirements of the Data Protection Act by data controllers. Depending upon decisions by the government about possible reform of the law, this guidance may require further review. However, we accept that it is important to produce guidance now, as recommended by Lord Justice Leveson.

Hatip: International Forum for Responsible Media blog.

Comment: It’s time for social networks to tell us how our data is used

We explain why we consider Address Book Importing (ABI) and friend connection tools dangerous  for journalists; and why we believe it’s time for social networks to be more upfront about how they use our data.

Our research on social networks and Address Book Importing (ABI) published today shows that Facebook has a big problem, which will only get bigger, as it develops its connection-making features.

[See full report: How social networks are using your email address book data – and what it means for journalists]

If you are a member, like 400 million other people worldwide, then that problem could become your problem through no fault of your own. Journalists, in particular, are more vulnerable than most.

Why they do it

Like all social networks, Facebook strives to be seen as indispensable. Facebook wants you to tell it who you are connected to and it has a vested interest in making those connections public.

For Facebook, the more connections it can make between people the better. That’s what drives membership and visits and profits. Many claim that user privacy is the main casualty of a business model that depends on users revealing personal information online.

It is an issue that has come to involve stalking, grooming and identity theft. Facebook argues that instead of imposing regulation on social networks, governments should leave the control of personal information in the hands of the users.

That argument would carry weight if the company’s privacy controls were transparent and easy to use, and its members were given the information they need to make informed decisions.

Threat to journalists

But here’s the crux. Our in-depth look at the practice of ABI reveals that Facebook is failing to provide users with the information they need to properly protect their privacy. From the perspective of a journalist, this means ABI can threaten the privacy of your sources and even your career.

Facebook presents its ‘Find People you Email’ tool as a way for you to check if people you know are also Facebook members. You do this by giving Facebook access to your online contacts file on Gmail or Yahoo for example, or by giving it access to your desktop contacts file.

Facebook says: ‘Upload a contact file and we will tell you which of your contacts are on Facebook.’ Sounds harmless enough and sounds like it will do what you expect. Use the ‘learn more’ option here and Facebook tells you that they may use the imported information to generate ‘suggestions’ for you and your contacts on Facebook (see statement below).

But we’ve pieced together what Facebook doesn’t tell you. Not only does Facebook ‘find people you email’ on Facebook, it downloads all the email addresses in your contacts file whether you want it to or not.

Users aren’t given clear information that this will happen. Then, without giving you any control over the process, it uses the email addresses to generate ‘friend recommendations’ for people you know – and those you don’t.

Then, without telling you and without your control, Facebook generates ‘recommendations’ linking you directly with others in your contact file on any email invites you choose to send. Facebook also holds on to your contacts file – linking you to your file on an on-going basis.

You may have countless reasons why you don’t want to be publicly connected with people in your contacts file. People in that file may be professional contacts, confidential sources, business associates or even the target of a long-running investigation; people from whom you may want to keep a discreet distance for any number of reasons.

If you are not completely aware what ABI means, the potential for disaster is endless. Imagine if you use Facebook’s ABI to check if your mates are on Facebook and you give it access to your desktop address book.

On there are your friends, your sources and your colleagues. Many may not be impressed if, out of the blue, they are ‘recommended’ your husband, your boss and your mate who has tagged you in a dozen Christmas party pictures.

What if the NHS manager you’ve lined up to interview is ‘recommended’ to the health service whistleblower you’ve cultivated? What if your source in an investment bank is ‘recommended’ to your source in the Financial Service Authority? Will any of them trust you again?

Strange recommendations

We grew suspicious about Facebook’s ABI tool precisely because two of us at Journalism.co.uk started to receive bizarre recommendations. Recommendations that could only mean one thing – Facebook had accessed the email addresses of our contacts.

We think the majority of Facebook users and, certainly, the vast majority of journalists, wouldn’t use ABI if they were given the full picture. Patti Laubaugh’s devastating experience with Facebook’s ABI reveals what can happen when you mistakenly mix your professional and private lives on social networks.

As we’ve reported, Reuters is so concerned about the potential for calamity that it is warning its journalists: “Be aware that you may reveal your sources to competitors by using ‘following’ or ‘friending’ functionality on social networks.” But this doesn’t mention the risk of ABI.

We had a useful dialogue with Facebook about our findings but nothing it told us made us any more relaxed with the practice of ABI.

The company defended its practice by stating that people can opt to ‘learn more’ about the Friend Finder tool by accessing this statement:

“We may use the email addresses you upload through this importer to help you connect with friends, including using this information to generate suggestions for you and your contacts on Facebook.”

Time to be more upfront

We think Facebook members are not adequately warned exactly how ABI is used and could be misled by the information provided.

Worse still, users have to click through to yet another window before they learn that they can delete an uploaded contacts file. Facebook knows better than anyone that the more clicks you ask a user to perform the less likely they are to get somewhere you don’t particularly want them to find.

It added:

“We believe that people come to Facebook to find their friends, and so we provide this as part of our efforts to help people find each other, and to share and stay in touch.  We use a variety of different factors to determine whether to suggest that people connect on Facebook and we respect privacy settings of the users when we do.”

But in order to use the privacy settings in an informed way users must be given the whole picture. Like Gus Hosein of Privacy International says in our main report, it’s time for social networks to stop pretending they’re cuddly start-ups and face up to their privacy control responsibilities as world communication systems.

Reuters: Former BNP man fined for leaking members list

Matthew Single, a former British National Party (BNP member, has been fined £200 for breaking data privacy laws after leaking details of the group’s membership online.

Single, who was previously the party’s deputy secuirty head, leaked the information about more than 10,000 BNP members last November, creating a media frenzy – and raising issues about privacy and data protection.

Full story at this link…

Journalism.co.uk’s reports on the leaked BNP list last November:

BNP members list leak gathers pace online – to link or not to link?

Members list still available but journalists and bloggers fear breaking BNP injunction