Online privacy: is your data protected?

The recent altercation between the national privacy protection agencies from around the globe (including the UK) and consumers on one side, and two of the leading online organisations highlights the inherent tensions between advances in technology leading to increasingly creative social uses of the web and privacy laws. Google has been under focus about 2 of its leading services, Streetview and Buzz. Meanwhile, Facebook has also faced criticism for the way it handles users’ data and recent changes which it has made to users’ accounts.

Buzz is social networking site launched by Google earlier this year. However, it initially suffered from complaints by users regarding alleged breaches of the Data Protection Act 1998 (“DPA”). Users claimed their personal details had been transferred from their Gmail accounts (Google’s web based email service) to their newly-opened Buzz accounts without their consent.

The privacy commissioners also raised concerns about Google’s Streetview service, which consists of 360 degree views of streets taken from special vehicles, which are made available to users on line.

Meanwhile, Facebook has suffered from criticism for introducing a new feature that allows 3rd parties, including non-Facebook websites, to post personal views of Facebook users without their consent.

Under the DPA, organisations holding personal information about individuals must comply with requirements of the DPA to protect that personal data. Social networking sites and Streetview are obliged to comply with these privacy protection rules.

A key provision of the DPA is that the data subject must consent to their personal data being “processed”, which includes posting that data on websites.

Recent press and national privacy agency coverage of customers concerns in relation to both Street View and Buzz, has led Google to largely defend its privacy practices. However, Google does appear to acknowledge some concerns about the launch of the Buzz site. Facebook is currently reviewing its approach to the privacy issues which have been raised.

The privacy arguments regarding Street View have been discussed since it was first launched in the UK in early 2009. However the approach taken by the Information Commissioner’s Office (“ICO”) is that Street View does not breach the DPA. (Click here for the ICO press release).

The debate acts as a timely reminder that as more and more people use social networking sites, they should consider whether their privacy is being adequately protected by the site administrator or provider.

The ICO has prepared a useful guidance note for the public about protecting their privacy online.

For more information please contact Karen Harrison or Matthew Read.