FACEBOOK, CAMBRIDGE ANALYTICA AND GDPRR’S PURPOSE LIMITATION PRINCIPLE






 Facebook’s PR nightmare following the recent Cambridge Analytica scandal shows no signs of abating. The EU Security Commissioner has just indicated that Brussels is prepared to regulate social media companies if they don’t quickly tackle head-on the mishandling of personal data that the Cambridge Analytica story appears to have exposed.
We have already discussed why the Facebook/Cambridge Analytica story matters in the context of GDPR.  Crucially it has moved the whole issue of data protection to the top of the political and media agenda.  Most of the commentary has centred on the issue of consent. But as we watch the story develop we think it also raises important points about another key data protection rule: the principle of purpose limitation.

WHAT IS PURPOSE LIMITATION?
Article 5(b) of the GDPR reaffirms the principle of the existing rules on purpose limitation. It also introduces a few minor additional safeguards for further processing of data for archiving, scientific, historical or statistical purposes.
The article states that personal data shall be:
“collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall, in accordance with Article 89(1), not be considered to be incompatible with the initial purposes (‘purpose limitation’)”
So a company that handles personal data must be very clear about how it will use that data. GDPR is all about enabling data subjects to make informed choices. Data processors will no longer get away with vague terms and conditions of use or consent that is not explicit.
PURPOSE LIMITATION AND FACEBOOK
A lot has been written about Facebook and potential breaches of data protection laws. Of course so far nothing has been proved against the social media giant. But it’s certainly interesting to consider whether those Facebook users who downloaded the ‘thisismydigitallife’ app that is at the heart of the story knew what purpose their information was going to be used for.
Reports indicate that they understood the quiz was for psychological profiling. But did they realise the information they provided (through answers to the quiz) would be passed on  to another company (Cambridge Analytica) and used for political purposes as is alleged?

GETTING READY FOR GDPR
Any company storing or processing information about EU citizens must be GDPR ready by 25 May 2018. When you obtain data you must do so clearly and explain the purpose for which you are going to process it. Of course it’s not unusual for companies in the possession of data to want to use it subsequently for a secondary reason. And there are ways to do this without falling foul of the regulations.  For example, through pseudonymisation of data.
Big Data Law in London is a specialist team of data protection lawyers. We are currently offering a range of GDPR compliance packages in time for the implementation date. 
 CONTACT BIG DATA LAW
To find out how data protectionsolicitors London  can help you prepare for GDPR call us on 0203 670 5540.
Find out more about how we can assist you by emailing us in complete confidence at info@bigdatalaw.co.uk.




Location: 4 Bloomsbury Square, London WC1A 2RP, UK

Comments

Post a Comment

Popular posts from this blog

GDPR – IT’S NOT ALL ABOUT CONSENT

Image
The General Data Protection Regulation comes into force tomorrow. Despite what you may have heard, GDPR is not only about getting consent to process the personal information of those people your company interacts with. In the last few days, as the implementation date approaches, you may have been forgiven for believing this to be the case. A degree of panic among businesses appears to have set in regarding the consent issue. Stories of unnecessary GDPR consent emails clogging up inboxes have been widely reported. And the Information Commissioner’s website that contains detailed  GDPR compliance guidance  has crashed . Whether this is due to the sheer volume of traffic following relentless media pressure is unclear. At Big Data Law we have been advising on and  writing about GDPR implementation  for some time. Granted, it represents a big change for businesses that handle personal data with heavy fines a possibility. But it’s important not to overreac...
Read more

HOW WILL GDPR AFFECT EMBASSIES AND CONSULATES

Image
With the GDPR coming into force in the UK on 25 May 2018 it is worth highlighting that the regulations have a broad territorial scope. For embassies and consulates in particular, non-compliance with GDPR could have  serious repercussions  not just for the organisation itself but also for the citizens and commercial enterprises that rely on embassy or consular services. WHERE DOES GDPR APPLY? EU EMBASSIES WITHIN THE EU AND ABROAD Article 3 of the GDPR deals with territorial scope. Where will the new rules apply? For a start the GDPR broadens the international reach of EU data protection rules. They will apply to: ·       The processing of personal data in the context of the activities of an establishment of a controller or a processor in the Union, regardless of whether the processing takes place in the Union or not. ·       The processing of personal data of data subjects who are in the Union by a control...
Read more

FACEBOOK, CAMBRIDGE ANALYTICA AND THE IMPACT ON GDPR ENFORCEMENT

Image
Facebook’s Mark Zuckerberg  has broken his silence to comment on the unfolding Cambridge Analytica data scandal. He has announced steps his organisation will take to deal with the fallout that has resulted from Cambridge Analytica’s acquisition of the personal data of up to 50 million Facebook users. As the hashtag #deleteFacebook gains momentum it remains to be seen whether Facebook’s actions will be enough to stem the slide in the company’s share price or to restore the credibility of the social media platform. But as we ready ourselves for GDPR, the Facebook/Cambridge Analytica debacle is sure to have repercussions for any company that holds personal data belonging to EU consumers. 3 REASONS WHY GDPR COMPLIANCE MORE IMPORTANT THAN EVER We believe the Cambridge Analytica story makes GDPR compliance more critical than ever for three reasons: ·       The furore has propelled the subject of data protection to the forefront of the politic...
Read more