Facebook is indeed taking the world by storm. Apparently growing 6% a week in the UK, and now with 30 million users world wide.  I’m gradually finding myself using it more, not just to play with, but as useful business tool.

But there are more implications to Facebook than meets the eye.

Denise Howell  from ZDNET makes a good starting point to explore some of the legal implications of Facebook, (and in fairness, other social media tools)

Firstly, from an employment law perspective I’d urge you to have a look at George’s series of posts.

Employers using Facebook to for background checking-

More on using facebook et al. in recruiting and hiring (Part II)

Employers Using Facebook for Background Checking, Part III

Sobering stuff, both as an employee and employer.  Any UK or German law bloggers fancy transposing that into something relevant for this side of the pond?  Perhaps someone from Allen and Overy?

Secondly, one of the UK’s leading computer law academics has picked up on the privacy and data protection law implications that Facebook creates. Lilian writes:

My colleague Ian Brown of Blogzilla reports on an interesting post on why Facebook may be violating European privacy law.

The article reveals that creating an “exploit” in FaceBook – ie hacking the privacy of unsuspecting users – is trivially easy. All you have to do is use Advanced Search and you can search across controversial (and in European DP language, “sensitive”) pieces of data such as Religion and Sexuality in apparently unlimited numbers of profiles. This is true even if the user has taken steps to protect the privacy of their data (see below). As Ian comments this is a security failure on FB’s part, which should have been trivially easy to fix in their code.

She goes on

Do we need a legal solution? Is there a case for extension of DP law to cover the setting of defaults on social network sites? Should privacy not be the default, by law (perhaps with some exceptions to preserve functionality, such as name and network) and openness the opt-out, rather than the reverse? Maybe. Maybe all that is needed is an Industry Code of Practice combined with some upping of awareness of the issue. However with the number of people – especially young pre-employment proto-citizens – involved in web 2.0 sites rising by the minute, this really does seem an issue which is not merely knee jerk alarmism and should not be swept under the carpet. First year students may not care now about spilling their sexuality and contacts to the world: they may when they are older, wiser and looking for employment :)

It is good to see that Facebook is registered in the EU safe Harbour, but wonder if anyone from the DP authorities has looked at Facebook’s architecture, because as is noted above, the processing of sensitive data is likely to be in contravention of the Directive. I question the safety of the safe harbor model too, but that would be a long rant…

When the architects of Facebook began to code away in their Harvard Dorm room they may not have even been aware of the EU Data Protection Directive and the nuances of its various national level implementations, and even if they had it would been unlikely that they would have architected the legal principles into the application. There is little market pressure to do so. There are limited guidelines even if you wanted to, and it would have just added complexity to the application and slowed its adoption.

Yet sometimes the law exists to protect us from ourselves. Like seat belts and traffic regulations. As more and more of our lives and socialising move online, then those that build and run the applications need to take greater heed of the law. And the law will need to take greater heed of the online world.

BTW. Harvard is home to some of the best research on internet law, check out the Berkmann Center  It led me Rebbeca’s blog  and then to this video. about facebook.  Make up your own mind…

I sense another chapter brewing.

 

About these ads