Social media is a vast and expanding network, which allows space for the personal data of users to be compromised for the use of cyber-criminal activity and distortion. Consequently, a need to protect the personal data of social media users has intensified. Social networking now requires intelligence to confront hacking attempts in the forms of phishing scams, spyware, viruses and cloning. The increased use of social networking sites, and the vast amount of personal data that they store, has also called for more data protection.

Social Networking Sites and Data Protection

As social media offerings are developed, a social media user is supplying their personal data to a wide online network, at the risk of their personal data being manipulated. Therefore, a wide range of data protection requirements are necessitated.

The Data Protection Act (DPA) 2018 provides the legal precautions necessary to prevent social media networks from exploiting personal data. The DPA includes an exemption for personal data, which has been used for domestic purposes. The Information Commissioner’s Office (ICO) states that the domestic purposes exemption is necessitated for individuals using social networking sites for personal reasons. Therefore, an individual using Facebook or Twitter for their own personal reasons, does not need to comply with the DPA.

The domestic purposes exemption only relates to individuals, therefore if a business is using social networking sites to promote their business, then they are required to conform to the DPA.

Catfishing: A form of Identity Theft

The personal data uploaded onto social media networks by individuals, has enabled the concept of ‘catfishing’ to occur. Catfishing is the process in which personal data, such as name, age and photographs of an individual are stolen, in order to create another identity. In July 2017 Labour MP Ann Coffey called for a law to criminalise catfishing, as it is the act of stealing personal identity, and thus a form of identity theft. The demand to make catfishing illegal has gained more momentum in recent years, due to the increase in catfishing scandals and personal data available on social media networks. Although no laws have been made against catfishing yet, with the increased focus upon data protection, it seems likely that more calls will be made to make catfishing illegal.

Data Breaches and Social Networking Sites

The rise in cyber-criminal activity in the recent years has demanded the new DPA legislation in 2018 to strengthen the controls over personal data online. In 2013, Twitter experienced a data breach which allowed cyber-hackers access to 250,000 accounts, exposing the names, email addresses and passwords of each of these social media users. This data breach followed a series of security breaches in US technology and social media companies, including the hacking of the Wall Street Journal and New York Times. Furthermore, Apple in 2013 were encouraged to stop using Java to mitigate the risks of cyber-hacking.

Moreover, LinkedIn in 2012 lost the account credentials for 167 million LinkedIn accounts following a data breach. This data breach involved a hacker stealing the encrypted passwords of these accounts, from the networking site, resulting in a process of re-setting all account passwords to occur. The rise in cyber-criminal activity and hacking of social media networking sites, means that it is imperative to understand what personal data you have uploaded onto these sites.

Social Media and Businesses

A vast number of businesses now utilise social media networking sites to promote their business and to communicate with customers, these social media networks tend to be Facebook, LinkedIn and Twitter.

Organisations, through abiding to the DPA and the PECR requirements, can receive consent from social media users, using social plugs in the form of a “like” or “follow.” Thus, organisations enjoy an easier capture of consent through social media, whilst complying with the data protection regulations, but it tends to be through default. Social media users tend to be un aware that a “like” effectively offers their online data to that business.

Consequently, a lot of confusion arises between the business and the online customer, and data protection now states how to use these social plugs legally. Social plugs offer businesses the opportunity to expand their outreach across social media easily, however data protection regulations have been put into place to ensure that these social plugs are not exploited.

The EU-US Privacy Shield has in effect committed social media networks from the US, to comply with the new framework agreement within the GDPR, to protect the personal data of EU citizens. Thus, businesses and their social media audience agree to the terms and conditions set out by the GDPR.

The business industry, as well as society in general, is increasingly becoming dominated by social media networks and the social media culture. Therefore, personal data, which exists on these networking sites in excess, is at risk. Despite the renewal of the DPA 2018, businesses and individuals need to be aware of the risks of cyber-hacks and data breaches.